Malware

Malware.AI.3859507896 (file analysis)

Malware Removal

The Malware.AI.3859507896 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3859507896 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • Unconventionial language used in binary resources: Icelandic
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Network activity detected but not expressed in API logs

Related domains:

wpad.local-net
repository.certum.pl

How to determine Malware.AI.3859507896?



File Info:

name: EF1F0E96D0FCC7C17AD0.mlw
path: /opt/CAPEv2/storage/binaries/f6a508b8334b8754e38691830c592fc5582a74467bdc426f29cc62ae709601b1
crc32: 93D3475A
md5: ef1f0e96d0fcc7c17ad085bf321ada14
sha1: 9ea3d44d6009f33e320fb57d635446a30537a544
sha256: f6a508b8334b8754e38691830c592fc5582a74467bdc426f29cc62ae709601b1
sha512: ea145d40b2e4e6618572402820ae554ef32f172e6e24c950c14139c954e5582c0d58baa416b3e774027af3ece11bf60fc92dc4ff42ab943d1445aa52ddfa9487
ssdeep: 24576:QbzHC9meT9GtoRClJ6LLnVzfR6rOcbTQJy:IziYeT9Gto4CXVDiOcbP
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T1E6554A619ADC1CA9D4E280F9C6624906F1F2B8564751F3E712AC1F2E2E0FAD1C73E761
sha3_384: 57c753f1012b6334dca0666130123af7d9ea5a291c64738b469fb926f45c4c6448cb70ce77d1ebfab3479df9e48c49f2
ep_bytes: 4883ec28e8bf0500004883c428e976fe
timestamp: 2019-01-29 11:17:10


Version Info:

CompanyName: ChildExploit.
FileDescription: ChildExploit
FileVersion: 1.0.2.8
InternalName: childexploit.exe
LegalCopyright: ChildExploit. 2019
OriginalFilename: childexploit.exe
ProductName: ChildExploit
ProductVersion: 1.0.2.8
Translation: 0x040f 0x04b0

Malware.AI.3859507896 also known as:

LionicRiskware.Win64.CoinMiner.1!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Application.BitCoinMiner.IdleBuddy.2
FireEyeGeneric.mg.ef1f0e96d0fcc7c1
ALYacGen:Variant.Application.BitCoinMiner.IdleBuddy.2
CylanceUnsafe
ZillyaAdware.OpenSUpdater.Win64.5760
SangforTrojan.Win32.Save.a
AlibabaRiskWare:Win64/CoinMiner.c6925525
CrowdStrikewin/malicious_confidence_100% (D)
CyrenW64/OpenSUpdater.I.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win64/Adware.OpenSUpdater.A
APEXMalicious
Kasperskynot-a-virus:HEUR:RiskTool.Win64.CoinMiner.gen
BitDefenderGen:Variant.Application.BitCoinMiner.IdleBuddy.2
NANO-AntivirusRiskware.Win64.BitCoinMiner.icgduz
AvastWin64:AdwareX-gen [Adw]
TencentWin32.Trojan.Falsesign.Alit
Ad-AwareGen:Variant.Application.BitCoinMiner.IdleBuddy.2
EmsisoftGen:Variant.Application.BitCoinMiner.IdleBuddy.2 (B)
ComodoApplicUnwnt@#2wiloxuu7t3cm
VIPREWin64.Adware.OpenSUpdater
McAfee-GW-EditionArtemis!PUP
SophosGeneric PUA JO (PUA)
IkarusAdWare.Opensupdater
GDataGen:Variant.Application.BitCoinMiner.IdleBuddy.2
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1108436
MicrosoftPUADlManager:Win32/OpenDownloadManager
CynetMalicious (score: 100)
AhnLab-V3PUP/Win64.RL_Generic.R365081
Acronissuspicious
McAfeeArtemis!EF1F0E96D0FC
MAXmalware (ai score=71)
MalwarebytesMalware.AI.3859507896
TrendMicro-HouseCallTROJ_GEN.R002H0CJJ21
YandexPUA.OpenSUpdater!Tha4BFGHKpo
SentinelOneStatic AI – Malicious PE
FortinetRiskware/CoinMiner
AVGWin64:AdwareX-gen [Adw]
Cybereasonmalicious.6d0fcc
PandaTrj/CI.A
MaxSecureTrojan.Malware.103309302.susgen

How to remove Malware.AI.3859507896?

Malware.AI.3859507896 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment