Malware

Malware.AI.3951515298 removal

Malware Removal

The Malware.AI.3951515298 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3951515298 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Suspicious wmic.exe use was detected

How to determine Malware.AI.3951515298?



File Info:

name: 7F1B4E3A8B63091EEC8B.mlw
path: /opt/CAPEv2/storage/binaries/5be7d4c7430195c5d075b961391c39263117e8179dd1b58796f914148195fca1
crc32: 1BC58157
md5: 7f1b4e3a8b63091eec8b384f69c4d637
sha1: 5734455719231716ea838ca5793e5c795c5362df
sha256: 5be7d4c7430195c5d075b961391c39263117e8179dd1b58796f914148195fca1
sha512: f81d89851a99e3ce9c284d343ed077c68f9208522d094f6bbbf57622951cea48d9ce0486cbd4bf09dd407c0f53232177dd3489dcca1ebb4d8c597f7c1bbc647a
ssdeep: 24576:t4npYeTjIDBP8reVvYxGYezDFIBKGWIkTG1xxaGFJsIJBV1Ls2wBP:IYeT0DBAk6tAbIkTUxxaGhJBV1Ls2wB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18E35AD81AA8150F9D4D241B500A67E76DA30671D03E58DD3D7B41BBC9B21FD2BEB838B
sha3_384: 15e4c3e0f6cebdc6d0c7d45d7a1bafd1bff6d0f48ca23fade9a225578358e5d69861c3894e005d7cf44b44d3e7c07aa5
ep_bytes: 68140c0000680000000068d0b94f00e8
timestamp: 2021-09-20 18:13:46


Version Info:

CompanyName: Cheathappens
ProductName: One Deck Dungeon
ProductVersion: 69286
FileVersion: 1.0003
InternalName: 09-20-2021
Translation: 0x0000 0x04b0

Malware.AI.3951515298 also known as:

LionicTrojan.Win32.Convagent.l!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.47059104
FireEyeGeneric.mg.7f1b4e3a8b63091e
ALYacTrojan.GenericKD.47059104
CylanceUnsafe
ZillyaTrojan.Convagent.Win32.6550
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
BitDefenderThetaGen:NN.ZexaF.34062.dv0@a4rVcNai
CyrenW32/S-9ee84c42!Eldorado
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallTROJ_GEN.R067C0WJ721
Paloaltogeneric.ml
ClamAVWin.Malware.Gamehack-6847638-0
KasperskyVHO:Trojan-Spy.Win32.Convagent.gen
BitDefenderTrojan.GenericKD.47059104
AvastWin32:Malware-gen
RisingPUF.GameHack!1.B348 (CLASSIC)
Ad-AwareTrojan.GenericKD.47059104
SophosCheathappens (PUA)
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
EmsisoftTrojan.GenericKD.47059104 (B)
IkarusTrojan.Ulise
GDataWin32.Trojan.BSE.5GTALU
eGambitUnsafe.AI_Score_98%
AviraHEUR/AGEN.1140752
ViRobotTrojan.Win32.Z.Agent.1097728.HO
MicrosoftPWS:Win32/Zbot!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4714455
McAfeeArtemis!7F1B4E3A8B63
MAXmalware (ai score=88)
VBA32BScope.Adware.Presenoker
MalwarebytesMalware.AI.3951515298
APEXMalicious
YandexTrojan.GenAsa!CQOg7CTppJA
SentinelOneStatic AI – Malicious PE
FortinetW32/Ulise.5704!tr
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Malware.AI.3951515298?

Malware.AI.3951515298 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment