Malware.AI.3806132980 (file analysis)

The Malware.AI.3806132980 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.3806132980 virus can do?

The binary contains an unknown PE section name indicative of packing
The executable is compressed using UPX
Authenticode signature is invalid

How to determine Malware.AI.3806132980?


File Info:
name: 167E15D80E619BED9360.mlw
path: /opt/CAPEv2/storage/binaries/83088da8734e9564203e8ff5ccd58936452578b39b50ee1086d430c71c4426d3
crc32: 368F452B
md5: 167e15d80e619bed9360456b0a7eee19
sha1: f8e205e21a5a2ac1057984662891dbe20db7f7a4
sha256: 83088da8734e9564203e8ff5ccd58936452578b39b50ee1086d430c71c4426d3
sha512: 22e911eea00bf3b0a74aa22774004dc9bd55ff1dba4335ad755fe659507c6e63baa4bdd00c0e1b71df47ddd84b897d3992ad8e690c8dc6ac42d273a86c973217
ssdeep: 24576:PSK509mYsJXvwG1xeKiATfTTrokYgokXqY7RC0Ws:KK509mP5eUTLT8kYgokXqY7RC0W
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10355E504BFD585BBD8B229310896D7C66272E9A47F32870BA94C333E39653A11E451FB
sha3_384: 9576e75a180dce3f91ef05863efff0fcacbafada5688e0d7ceaa0a4e4b807da565f1581d1a34a45efbe59a8cfbac4a33
ep_bytes: 60be004068008dbe00d0d7ff57eb0b90
timestamp: 2013-04-10 12:59:00

Version Info:
Comments: Created with Setup Factory
CompanyName: Indigo Rose Corporation
FileDescription: Setup Application
FileVersion: 9.1.1.0
InternalName: suf_rt
LegalCopyright: Runtime Engine Copyright © 2013 Indigo Rose Corporation (www.indigorose.com)
LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation
OriginalFilename: suf_rt.exe
ProductName: Setup Factory Runtime
ProductVersion: 9.1.1.0
Translation: 0x0409 0x04b0

Malware.AI.3806132980 also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Trojan.GenericKD.68893156
FireEye	Generic.mg.167e15d80e619bed
McAfee	Artemis!167E15D80E61
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
Cyren	W32/Backdoor.J.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
APEX	Malicious
Cynet	Malicious (score: 100)
BitDefender	Trojan.GenericKD.68893156
Avast	Win32:Malware-gen
Emsisoft	Trojan.GenericKD.68893156 (B)
F-Secure	Trojan.TR/Crypt.ULPM.Gen
VIPRE	Trojan.GenericKD.68893156
McAfee-GW-Edition	BehavesLike.Win32.Generic.tt
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Suspicious PE
GData	Trojan.GenericKD.68893156
Avira	TR/Crypt.ULPM.Gen
Antiy-AVL	Trojan/Win32.Wacatac
Xcitium	Packed.Win32.MUPX.Gen@24tbus
Arcabit	Trojan.Generic.D41B39E4
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
ALYac	Trojan.GenericKD.68893156
MAX	malware (ai score=83)
Malwarebytes	Malware.AI.3806132980
TrendMicro-HouseCall	TROJ_GEN.R002H0CHS23
Ikarus	Trojan.Crypt
MaxSecure	Trojan.Malware.74131644.susgen
Fortinet	W32/ULPM.16C0!tr
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_70% (W)

How to remove Malware.AI.3806132980?

Malware.AI.3806132980 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X