Malware

What is “Malware.AI.3928777606”?

Malware Removal

The Malware.AI.3928777606 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3928777606 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to modify desktop wallpaper
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • A potential decoy document was displayed to the user
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Harvests cookies for information gathering

How to determine Malware.AI.3928777606?



File Info:

name: E77E802270A1E8214B5C.mlw
path: /opt/CAPEv2/storage/binaries/c69aad1a6c453b906c9a49334239886da07c1fb3ef0da52211190d1d9410a185
crc32: F7A11249
md5: e77e802270a1e8214b5cc85db1186b66
sha1: ae0e5200389e3ad03fd30590d45ce9b7f992816f
sha256: c69aad1a6c453b906c9a49334239886da07c1fb3ef0da52211190d1d9410a185
sha512: 83c190e192eb5280fc64722b7c26ef7287f7e9d6f38fee90a2b9878c894eb46d812de9e2fa6c34667f323fc719c6b270bfbc68ddad289251827b0981ade77d20
ssdeep: 6144:Q1db49+rEg024fpLZazEjvE/rbay19tSt4bO2BaDmeBJe59kIImLDkdf4Z:QjkArEN249AyE/rbaMct4bO2/VZLDgfy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T102740249FAB97CD1CBDB1C30981A8DAAC3AEAEB92614531CF240FC37391811365957DB
sha3_384: 6ce0ee0e1331eff50971ea997a46bff72985b117487149a43f4aac726de4fadf96e3a69bf9b35237b30db2fae5e8a030
ep_bytes: 60be007047008dbe00a0f8ff57eb0b90
timestamp: 2010-04-16 07:47:33


Version Info:

FileDescription: 
FileVersion: 3, 3, 6, 1
CompiledScript: AutoIt v3 Script: 3, 3, 6, 1
Translation: 0x0809 0x04b0

Malware.AI.3928777606 also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanAIT:Trojan.GenericTKA.432
FireEyeAIT:Trojan.GenericTKA.432
ALYacAIT:Trojan.GenericTKA.432
CrowdStrikewin/malicious_confidence_60% (D)
ESET-NOD32a variant of Win32/Injector.Autoit.DAA
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.AutoIt.gen
BitDefenderAIT:Trojan.GenericTKA.432
AvastAutoIt:Agent-AEF [Trj]
Ad-AwareAIT:Trojan.GenericTKA.432
DrWebTrojan.DownLoader5.25202
ZillyaBackdoor.Bifrose.Win32.89424
TrendMicroMal_Utoti6
EmsisoftAIT:Trojan.GenericTKA.432 (B)
IkarusTrojan.Win32.Injector
GDataAIT:Trojan.GenericTKA.432 (3x)
AviraTR/Dropper.Gen
ArcabitAIT:Trojan.GenericTKA.432
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
MAXmalware (ai score=87)
VBA32Trojan.Autoit.Wirus
MalwarebytesMalware.AI.3928777606
FortinetW32/Fynloski.AM!tr
BitDefenderThetaAI:Packer.319375E219
AVGAutoIt:Agent-AEF [Trj]
Cybereasonmalicious.270a1e
PandaGeneric Malware
MaxSecureWin.MxResIcn.Heur.Gen

How to remove Malware.AI.3928777606?

Malware.AI.3928777606 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment