Malware

Malware.AI.3836804396 removal guide

Malware Removal

The Malware.AI.3836804396 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3836804396 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Behavior consistent with a dropper attempting to download the next stage.
  • Attempts to modify proxy settings
  • Creates a copy of itself

How to determine Malware.AI.3836804396?



File Info:

name: CA04638AED566165CD6D.mlw
path: /opt/CAPEv2/storage/binaries/531b6e38cbdd0203cdc482a98f4350f6cdba710dd18161ec644325c6bda599a0
crc32: 3EAEC6EE
md5: ca04638aed566165cd6d25836e9552e3
sha1: f0f7559a61d685ab85f6adfdd1521acfe086bcf8
sha256: 531b6e38cbdd0203cdc482a98f4350f6cdba710dd18161ec644325c6bda599a0
sha512: 5ea52c801c1df51920d17ef8028aa5cc90d25264017dc79d8c60a1f146d0ac82393172e1f36b3684759cfad289b6af529f1a5d49488ff0f7ab216601b42e7b30
ssdeep: 1536:EM6SwevDna5jc+WBOFoImPqoLHYc3zOFuiEPcv4AtehQ9G1GGJD:m1Ya5zgPqok+wE0Rr9K
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FF042AC6ED29C428D919E2B7A59FC3B59227FE0452431586E3E8F831A62235770733DB
sha3_384: 25c8bbc3c04616c3f7715922f374379a556a43dd1ea14af3bb6fe6d6d36db08dca825c35097fab8be4770ef302dfc151
ep_bytes: 558bec83ec28c745e000940100c745f0
timestamp: 2014-06-05 14:41:52


Version Info:

CompanyName: Recovery Corporation
FileDescription: Recovery Help Center Service
FileVersion: 5.0
InternalName: HELPSVC.EXE
LegalCopyright: © Recovery Corporation. All rights reserved.
OriginalFilename: HELPSVC.EXE
ProductName: Recovery System
ProductVersion: 5.0
Translation: 0x0409 0x04b0

Malware.AI.3836804396 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Japik.6
FireEyeGeneric.mg.ca04638aed566165
CAT-QuickHealTrojanPWS.Zbot.Gen
McAfeePacked-AM!CA04638AED56
ZillyaWorm.Aspxor.Win32.665
K7AntiVirusTrojan-Downloader ( 0040f8ca1 )
K7GWTrojan-Downloader ( 0040f8ca1 )
Cybereasonmalicious.aed566
BaiduWin32.Trojan.Kryptik.hf
CyrenW32/Trojan.GZWQ-3573
SymantecPacked.Generic.459
ESET-NOD32a variant of Win32/Kryptik.CDQZ
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Aspxor-44
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.Japik.6
NANO-AntivirusTrojan.Win32.Aspxor.dagefm
SUPERAntiSpywareTrojan.Agent/Gen-FakeDoc
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b6ce44
Ad-AwareGen:Heur.Japik.6
TACHYONWorm/W32.Aspxor.177152
SophosML/PE-A + Troj/Wonton-DK
ComodoTrojWare.Win32.TrojanDownloader.Dofoil.AQY@5axwy5
DrWebBackDoor.Kuluoz.4
VIPRETrojan.Win32.Kuluoz.at (v)
TrendMicroBKDR_KULUOZ.SM02
McAfee-GW-EditionPacked-AM!CA04638AED56
EmsisoftGen:Heur.Japik.6 (B)
IkarusNet-Worm.Win32.Aspxor
GDataGen:Heur.Japik.6
JiangminWorm/Aspxor.fu
AviraHEUR/AGEN.1130371
Antiy-AVLTrojan/Generic.ASMalwS.A3C9EA
MicrosoftRansom:Win32/CerberCrypt.PB!MTB
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Kuluoz.177152
VBA32BScope.Malware-Cryptor.Hlux
ALYacGen:Heur.Japik.6
MAXmalware (ai score=80)
MalwarebytesMalware.AI.3836804396
TrendMicro-HouseCallBKDR_KULUOZ.SM02
RisingMalware.FakeXLS/ICON!1.9C3D (CLASSIC)
YandexWorm.Aspxor!eLK1IXIRSi0
SentinelOneStatic AI – Malicious PE
FortinetW32/Androm.DLD!tr
BitDefenderThetaGen:NN.ZexaF.34294.kq0@aW52Vzni
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Malware.AI.3836804396?

Malware.AI.3836804396 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment