Adware Reports malware removal guides and threat research Updated security instructions for Windows users
Home/Malware
Threat report

Malware.AI.3935247341 malicious file

Published Sep 7, 2023 Malware category 3 min read
Report context

What to verify before removal

This report keeps Malware.AI.3935247341 malicious file in the active library because the detection has enough technical context to support a careful second-opinion scan and cleanup decision.

Start by comparing the local file name with 12AE4B219B50F2161917.mlw, then review the behavior notes for persistence entries, dropped files, unusual processes, and browser or network changes. This helps separate a matching detection from a different file that only shares a similar alert name.

Observed file
12AE4B219B50F2161917.mlw
  • Compare the suspicious file name with 12AE4B219B50F2161917.mlw.
  • Confirm the detection name matches Malware.AI.3935247341 malicious file before removing related files.
  • Review the report for persistence entries, dropped files, unusual processes, and browser or network changes so the cleanup is based on observed behavior, not only the label.
  • Run a full scan, quarantine confirmed detections, and restart before signing back in to sensitive accounts.

The Malware.AI.3935247341 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Malware.AI.3935247341 virus can do?

  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Deletes executed files from disk

How to determine Malware.AI.3935247341?



File Info:

name: 12AE4B219B50F2161917.mlw
path: /opt/CAPEv2/storage/binaries/8340f92bc9d365fa019620342e8e3fea00f757d8c400139c6b2bbfc34f00b6c8
crc32: EC70335C
md5: 12ae4b219b50f2161917b3084308d46a
sha1: 4aa0c800bbadf35f9fa006a0d2addee36abca4a5
sha256: 8340f92bc9d365fa019620342e8e3fea00f757d8c400139c6b2bbfc34f00b6c8
sha512: 95843206300a4aa6e629a4c53988bd41cf44d7d477bcde921702e3b7022e2b243e4fd4d8d63d4e6ebede4ffbb67140d525b7ee27dadddb4e01cc44708e771f57
ssdeep: 12288:DMr8y909fDUd/pFxrO7zm4QZho3yP1cexmHXdvQf1cC:3yWaFFeQ2ocfdQfyC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FDD41222ABC88277D9B12B7068FB53C31B327D915D794B3B27C6A9450D72A809C7473B
sha3_384: f8a2b795ddf29fb9e9c2fa22d2309b3a1c79b35811b2a8a9284e988312b9bc3aafae2f8370bb50e672676bd0a938be48
ep_bytes: e8f0060000e9000000006a5868b87240
timestamp: 2022-05-24 22:49:06


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 11.00.17763.1 (WinBuild.160101.0800)
InternalName: Wextract                
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.17763.1
Translation: 0x0409 0x04b0

Malware.AI.3935247341 also known as:

Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Convagent.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.Generic.33926833
ClamAV Win.Packed.Lazy-9958163-0
FireEye Trojan.Generic.33926833
CAT-QuickHeal Trojan.Generic.TRFH984
ALYac Trojan.Generic.33926833
Malwarebytes Malware.AI.3935247341
Zillya Trojan.Stealer.Win32.108086
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005aad751 )
Alibaba TrojanDownloader:Win32/Stealer.a80b833a
K7GW Trojan ( 005aad751 )
CrowdStrike win/malicious_confidence_100% (W)
VirIT Trojan.Win32.GenusT.DMQI
Cyren W32/Kryptik.JKR.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 multiple detections
APEX Malicious
Cynet Malicious (score: 99)
Kaspersky UDS:Trojan-Spy.MSIL.Stealer.gen
BitDefender Trojan.Generic.33926833
NANO-Antivirus Trojan.Win32.Disabler.juzlmz
SUPERAntiSpyware Trojan.Agent/Gen-Downloader
Avast Win32:PWSX-gen [Trj]
Tencent Win32.Trojan-Spy.Stealer.Hajl
Emsisoft Trojan.Generic.33926833 (B)
F-Secure Trojan.TR/AD.RedLineSteal.deobc
DrWeb Trojan.PWS.RedLineNET.7
VIPRE Trojan.Generic.33926833
TrendMicro TrojanSpy.Win32.REDLINE.YXDFIZ
McAfee-GW-Edition BehavesLike.Win32.Generic.jc
Trapmine malicious.moderate.ml.score
Sophos Troj/PlugX-EC
SentinelOne Static AI – Malicious SFX
GData Win32.Trojan-Downloader.Amadey.D
Jiangmin TrojanDownloader.Deyma.apn
Avira TR/AD.RedLineSteal.deobc
Antiy-AVL Trojan[Backdoor]/Win32.Convagent
Arcabit Trojan.Generic.D205AEB1
ZoneAlarm HEUR:Trojan-Spy.MSIL.Stealer.gen
Microsoft Trojan:MSIL/RedLineStealer.EM!MTB
Google Detected
Acronis suspicious
McAfee Artemis!12AE4B219B50
MAX malware (ai score=82)
Cylance unsafe
Panda Trj/CI.A
TrendMicro-HouseCall TrojanSpy.Win32.REDLINE.YXDFIZ
Rising Backdoor.Agent!8.C5D (TFE:1:IUVQ5chhTSM)
Yandex TrojanSpy.RedLine!Dj/5Wp91h1Q
Ikarus Trojan.Agent
Fortinet MSIL/RedLine.A!tr
AVG Win32:PWSX-gen [Trj]
Cybereason malicious.0bbadf
DeepInstinct MALICIOUS

How to remove Malware.AI.3935247341?

Recommended second-opinion scan

Verify the infection before changing system settings

Use GridinSoft Anti-Malware to run a full scan, review detected persistence entries, and quarantine confirmed threats before restarting Windows.

Download GridinSoft Anti-Malware
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.