Categories: Malware

Malware.AI.3859507896 (file analysis)

The Malware.AI.3859507896 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Malware.AI.3859507896 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Presents an Authenticode digital signature
Dynamic (imported) function loading detected
Unconventionial language used in binary resources: Icelandic
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Network activity detected but not expressed in API logs

Related domains:

wpad.local-net

repository.certum.pl

How to determine Malware.AI.3859507896?


File Info:
name: EF1F0E96D0FCC7C17AD0.mlwpath: /opt/CAPEv2/storage/binaries/f6a508b8334b8754e38691830c592fc5582a74467bdc426f29cc62ae709601b1crc32: 93D3475Amd5: ef1f0e96d0fcc7c17ad085bf321ada14sha1: 9ea3d44d6009f33e320fb57d635446a30537a544sha256: f6a508b8334b8754e38691830c592fc5582a74467bdc426f29cc62ae709601b1sha512: ea145d40b2e4e6618572402820ae554ef32f172e6e24c950c14139c954e5582c0d58baa416b3e774027af3ece11bf60fc92dc4ff42ab943d1445aa52ddfa9487ssdeep: 24576:QbzHC9meT9GtoRClJ6LLnVzfR6rOcbTQJy:IziYeT9Gto4CXVDiOcbPtype: PE32+ executable (console) x86-64, for MS Windowstlsh: T1E6554A619ADC1CA9D4E280F9C6624906F1F2B8564751F3E712AC1F2E2E0FAD1C73E761sha3_384: 57c753f1012b6334dca0666130123af7d9ea5a291c64738b469fb926f45c4c6448cb70ce77d1ebfab3479df9e48c49f2ep_bytes: 4883ec28e8bf0500004883c428e976fetimestamp: 2019-01-29 11:17:10
Version Info:
CompanyName: ChildExploit.FileDescription: ChildExploitFileVersion: 1.0.2.8InternalName: childexploit.exeLegalCopyright: ChildExploit. 2019OriginalFilename: childexploit.exeProductName: ChildExploitProductVersion: 1.0.2.8Translation: 0x040f 0x04b0

Malware.AI.3859507896 also known as:

Lionic	Riskware.Win64.CoinMiner.1!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Application.BitCoinMiner.IdleBuddy.2
FireEye	Generic.mg.ef1f0e96d0fcc7c1
ALYac	Gen:Variant.Application.BitCoinMiner.IdleBuddy.2
Cylance	Unsafe
Zillya	Adware.OpenSUpdater.Win64.5760
Sangfor	Trojan.Win32.Save.a
Alibaba	RiskWare:Win64/CoinMiner.c6925525
CrowdStrike	win/malicious_confidence_100% (D)
Cyren	W64/OpenSUpdater.I.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win64/Adware.OpenSUpdater.A
APEX	Malicious
Kaspersky	not-a-virus:HEUR:RiskTool.Win64.CoinMiner.gen
BitDefender	Gen:Variant.Application.BitCoinMiner.IdleBuddy.2
NANO-Antivirus	Riskware.Win64.BitCoinMiner.icgduz
Avast	Win64:AdwareX-gen [Adw]
Tencent	Win32.Trojan.Falsesign.Alit
Ad-Aware	Gen:Variant.Application.BitCoinMiner.IdleBuddy.2
Emsisoft	Gen:Variant.Application.BitCoinMiner.IdleBuddy.2 (B)
Comodo	ApplicUnwnt@#2wiloxuu7t3cm
VIPRE	Win64.Adware.OpenSUpdater
McAfee-GW-Edition	Artemis!PUP
Sophos	Generic PUA JO (PUA)
Ikarus	AdWare.Opensupdater
GData	Gen:Variant.Application.BitCoinMiner.IdleBuddy.2
Webroot	W32.Malware.Gen
Avira	HEUR/AGEN.1108436
Microsoft	PUADlManager:Win32/OpenDownloadManager
Cynet	Malicious (score: 100)
AhnLab-V3	PUP/Win64.RL_Generic.R365081
Acronis	suspicious
McAfee	Artemis!EF1F0E96D0FC
MAX	malware (ai score=71)
Malwarebytes	Malware.AI.3859507896
TrendMicro-HouseCall	TROJ_GEN.R002H0CJJ21
Yandex	PUA.OpenSUpdater!Tha4BFGHKpo
SentinelOne	Static AI – Malicious PE
Fortinet	Riskware/CoinMiner
AVG	Win64:AdwareX-gen [Adw]
Cybereason	malicious.6d0fcc
Panda	Trj/CI.A
MaxSecure	Trojan.Malware.103309302.susgen