Malware

Malware.AI.3930208150 removal instruction

Malware Removal

The Malware.AI.3930208150 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3930208150 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (4 unique times)
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Deletes executed files from disk
  • Anomalous binary characteristics

How to determine Malware.AI.3930208150?



File Info:

name: A87F13A29179A3779AEC.mlw
path: /opt/CAPEv2/storage/binaries/11c29de00c2494439d81d0625679b9cac01661b88368bdaf7d93f3579dd1a8e0
crc32: 3FB52C24
md5: a87f13a29179a3779aec997485cde08b
sha1: 08ad1f93cd8bfd442ca2386e4740154f066124d5
sha256: 11c29de00c2494439d81d0625679b9cac01661b88368bdaf7d93f3579dd1a8e0
sha512: acef8436ed56ad3db363678995071ef161bdbb432a83de9be13c5721e3bb6972441477aa25da970cc4da033307e732934b504a6a9d2cf780de6f406f3c6a8fea
ssdeep: 768:5WT1yTEEr5jSldavDEJ/rDojlrEcvUPcnB83DC1szr8PoDn0a/Zu:YAlwJjDojlAclnB8zC1szr8wTXu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15033F181A34D420BD69D0F324AF16519E2301D61C39799B8AF90B6FFDCE4E713D2666C
sha3_384: 6f74809cdcefd1e9b65a33603a80e2bc4633585d82526c9552775e8bc39847ca201e32180a7793a3874d43f7476a660e
ep_bytes: b8005042005064ff3500000000648925
timestamp: 2014-10-23 06:30:44


Version Info:

CompanyName: OpgdNUhdfe
FileDescription: PldgfgGYGDfef
FileVersion: 1.0.0.1
InternalName: WjidhfyJIDJFe
LegalCopyright: Copyright 2014 QnotrLwide
OriginalFilename: SudhUdjer
ProductName: PoldHIdyfre
ProductVersion: 1.0.0.1
Translation: 0x0409 0x04b0

Malware.AI.3930208150 also known as:

BkavW32.AIDetect.malware2
tehtrisGeneric.Malware
MicroWorld-eScanGen:Heur.Ranpax.1
FireEyeGeneric.mg.a87f13a29179a377
CAT-QuickHealTrojan.Urelas.A3
McAfeeGenericRXAA-AA!A87F13A29179
CylanceUnsafe
ZillyaBackdoor.CPEX.Win32.29606
SangforSuspicious.Win32.Save.a
K7AntiVirusBackdoor ( 0053e8561 )
K7GWTrojan ( 0049284c1 )
Cybereasonmalicious.29179a
BaiduWin32.Trojan.Urelas.b
VirITTrojan.Win32.Generic.EEB
CyrenW32/Threat-HLLIP-based!Maximus
SymantecDownloader
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Urelas.AB
APEXMalicious
ClamAVWin.Trojan.Agent-1211402
KasperskyBackdoor.Win32.Plite.bhug
BitDefenderGen:Heur.Ranpax.1
NANO-AntivirusTrojan.Win32.Urelas.dhauzr
SUPERAntiSpywareTrojan.Agent/Gen-Beaugrit
AvastWin32:Trojan-gen
RisingTrojan.Urelas!1.BB31 (CLASSIC)
Ad-AwareGen:Heur.Ranpax.1
SophosML/PE-A + Troj/Urelas-Q
ComodoTrojWare.Win32.Urelas.AAC@5gp3ia
DrWebBackDoor.Andromeda.540
VIPREGen:Heur.Ranpax.1
TrendMicroTROJ_KILLAV.SM2
McAfee-GW-EditionPWS-FDJS!551AB5736D0A
Trapminesuspicious.low.ml.score
EmsisoftGen:Heur.Ranpax.1 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.BI4UUG
JiangminBackdoor.Generic.znk
AviraBDS/Backdoor.Gen7
Antiy-AVLTrojan/Generic.ASMalwS.3305
ArcabitTrojan.Ranpax.1
ViRobotDropper.Agent.52747
ZoneAlarmBackdoor.Win32.Plite.bhug
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Urelas.R122096
BitDefenderThetaAI:Packer.00DAB7A61F
ALYacGen:Heur.Ranpax.1
MAXmalware (ai score=81)
VBA32SScope.Backdoor.Urelas.3114
MalwarebytesMalware.AI.3930208150
TrendMicro-HouseCallTROJ_KILLAV.SM2
TencentTrojan.Win32.Urelas.16000161
YandexTrojan.Urelas!ybL7woGIuC8
IkarusTrojan.Win32.Urelas
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Generic.AC.34E7DE!tr
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Malware.AI.3930208150?

Malware.AI.3930208150 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment