Malware

Should I remove “Malware.AI.3804366512”?

Malware Removal

The Malware.AI.3804366512 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3804366512 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Malware.AI.3804366512?



File Info:

name: 4E7716BCA3C593F4E12A.mlw
path: /opt/CAPEv2/storage/binaries/7adde0579ed875a7ccd8ff865548e41a02b7a673bba2c6073a7abc4403695072
crc32: 20844959
md5: 4e7716bca3c593f4e12a6bbe7bccf615
sha1: 232968b79586fc210e43fc215f3255884ae987ec
sha256: 7adde0579ed875a7ccd8ff865548e41a02b7a673bba2c6073a7abc4403695072
sha512: 8ed8077e166903adf37a85267ffec79c8995b0cebe74a0b145ae02440b1f792d8e09282d834576c1d55a799b2a689ac4661edc9fdd5f9269ebc04e77aa90d053
ssdeep: 3072:CGzsrBSoe5g+GwJs8K9YUoIrJaRuSZ/JlQPj/PYv2wM0B2vmkHgHAGFAhTHl4oQZ:CGwr/P9YErMRuSZ/JlQLHYv2PvzGAMAY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D8F3831636C0F23EC815CAF43D6E4394A47AAD3625D29813F6C26F26B6B1DA7D230717
sha3_384: 4d37549d42909461e6b72ba0da0ddc212af376bb00d9151f6e08b36970b1ae3f6a5e18aae22af5c6aa61a1bab13183f7
ep_bytes: 6810404000e8f0ffffff000000000000
timestamp: 2001-12-25 07:13:51


Version Info:

Translation: 0x0409 0x04b0
ProductName: CMBXvGXFhgx
FileVersion: 1.00
ProductVersion: 1.00
InternalName: NHUqOSMoHufeRq
OriginalFilename: NHUqOSMoHufeRq.exe

Malware.AI.3804366512 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.1548
FireEyeGeneric.mg.4e7716bca3c593f4
CAT-QuickHealTrojan.Vobfus.gen
McAfeeVBObfus.bc
MalwarebytesMalware.AI.3804366512
VIPREWorm.Win32.VBNA.awpl (v)
SangforTrojan.Win32.Save.a
K7AntiVirusEmailWorm ( 0054d10f1 )
BitDefenderGen:Variant.Barys.1548
K7GWEmailWorm ( 0054d10f1 )
Cybereasonmalicious.ca3c59
BitDefenderThetaAI:Packer.1A6E858F1F
VirITWorm.Win32.Generic.AZUA
CyrenW32/Vobfus.Z.gen!Eldorado
SymantecW32.Changeup!gen15
ESET-NOD32Win32/AutoRun.VB.AMD
BaiduWin32.Trojan.Inject.n
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.VB-1491
KasperskyWorm.Win32.Vobfus.efex
NANO-AntivirusTrojan.Win32.Diple.covkye
RisingTrojan.Win32.Generic.16C41048 (C64:YzY0OvAzNk+/0lvH)
Ad-AwareGen:Variant.Barys.1548
EmsisoftGen:Variant.Barys.1548 (B)
ComodoTrojWare.Win32.Diple.EMIB@4pez3w
DrWebTrojan.VbCrypt.60
TrendMicroWORM_VOBFUS.SMAC
McAfee-GW-EditionBehavesLike.Win32.VBObfus.cm
SophosML/PE-A + Mal/SillyFDC-T
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Barys.1548
eGambitUnsafe.AI_Score_96%
AviraTR/Spy.Agent.163847
MAXmalware (ai score=85)
Antiy-AVLWorm/Win32.WBNA.gen
ArcabitTrojan.Barys.D60C
SUPERAntiSpywareTrojan.Agent/Gen-Vobfus
MicrosoftWorm:Win32/Vobfus.gen!S
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Diple.R63860
Acronissuspicious
VBA32BScope.Trojan.VB.Diple.01583
ALYacGen:Variant.Barys.1548
TACHYONWorm/W32.Vobfus.163840.B
CylanceUnsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SMAC
TencentTrojan.Win32.Koobface.p
YandexTrojan.GenAsa!3+0rkNP74OI
IkarusWorm.Win32.WBNA
FortinetW32/CoinMiner.F
AVGWin32:Vitro [Inf]
AvastWin32:Vitro [Inf]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.3804366512?

Malware.AI.3804366512 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment