Malware

Malware.AI.3957471892 removal guide

Malware Removal

The Malware.AI.3957471892 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3957471892 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Queries information on disks, possibly for anti-virtualization
  • Network activity contains more than one unique useragent.
  • Attempts to modify proxy settings

How to determine Malware.AI.3957471892?



File Info:

name: 5FAE4DAA71C7C49756AA.mlw
path: /opt/CAPEv2/storage/binaries/5f00fa1ba69e178b9580b9c2fab9db17491064e2af147ac9051f4ce2b465c620
crc32: 6C88F915
md5: 5fae4daa71c7c49756aa6dc3c24afc97
sha1: 4e91f6dfbd7e98c1fbc6f255f7107ad31842822a
sha256: 5f00fa1ba69e178b9580b9c2fab9db17491064e2af147ac9051f4ce2b465c620
sha512: c293bbf17b581513c2dbe34a8e8c581587e9d94426270a7ae6aef69cdc9d4cf473ef3bc295265755aaa589772708b3f2f0f20aefa639c6d2b22eae63f169bc07
ssdeep: 49152:TACtYUH2s0tMu8nNSV++Hy+UYFyNHJO3vgcGchp/Xh:jYUHxfnNSV+9WJZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T147B5BF22BB81C032F1A20171A27D5BB7597DB635172980DBF3C45E6D2DB04D2B63AB1B
sha3_384: e309d6fc2be9ee316bb4b5f7274af7e4c84ac9cf58958883850db40fc145da0e9fb2d7a834a2b24320624bbc37e8bde6
ep_bytes: e8fb020000e98efeffff558bec56ff75
timestamp: 2020-12-30 03:41:11


Version Info:

CompanyName: 高速下载器
FileDescription: 高速下载器
FileVersion: 1.6.6.21106
InternalName: 高速下载器
LegalCopyright: Copyright (C) 2018
OriginalFilename: Install.exe
ProductName: 高速下载器
ProductVersion: 1,6,6,21106
Translation: 0x0804 0x04b0

Malware.AI.3957471892 also known as:

BkavW32.AIDetect.malware1
LionicAdware.Win32.Agent.2!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Malware.Heur.2.!copidmbe!.lE0@bC1x4qoj
FireEyeGeneric.mg.5fae4daa71c7c497
CAT-QuickHealPUA.CoinminerRI.S11834308
ALYacGen:Malware.Heur.2.!copidmbe!.lE0@bC1x4qoj
CylanceUnsafe
ZillyaAdware.Burden.Win32.1806
SangforVirus_Suspicious.Win32.Sality.bh
K7AntiVirusAdware ( 005631911 )
K7GWAdware ( 005631911 )
BitDefenderThetaGen:NN.ZexaF.34084.lE0@aC1x4qoj
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Softcnapp.BC potentially unwanted
TrendMicro-HouseCallPE_SALITY.ER
Paloaltogeneric.ml
Kasperskynot-a-virus:HEUR:AdWare.Win32.Agent.gen
BitDefenderGen:Malware.Heur.2.!copidmbe!.lE0@bC1x4qoj
NANO-AntivirusVirus.Win32.Virut-Gen.bwpxnc
AvastWin32:Sality [Inf]
TencentWin32.Adware.Agent.Tafu
Ad-AwareGen:Malware.Heur.2.!copidmbe!.lE0@bC1x4qoj
EmsisoftGen:Malware.Heur.2.!copidmbe!.lE0@bC1x4qoj (B)
VIPREVirus.Win32.Sality.atbh (v)
TrendMicroPE_SALITY.ER
McAfee-GW-EditionBehavesLike.Win32.Generic.vh
SophosMal/Generic-S
JiangminAdware.Agent.alsi
AviraTR/Patched.Ren.Gen
Antiy-AVLTrojan/Generic.ASMalwS.31CA374
MicrosoftPUAAdvertising:Win32/KuaiZip
ViRobotAdware.Softcnapp.2285056
GDataGen:Malware.Heur.2.!copidmbe!.lE0@bC1x4qoj
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.RL_Softcnapp.R343072
Acronissuspicious
McAfeeGenericRXLZ-KJ!5FAE4DAA71C7
MAXmalware (ai score=80)
VBA32BScope.Adware.Puwaders
MalwarebytesMalware.AI.3957471892
APEXMalicious
RisingAdware.Downloader!1.BBEC (CLASSIC)
YandexTrojan.GenAsa!l1DYnaA9AWE
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetAdware/Softcnapp.BF
AVGWin32:Sality [Inf]
PandaTrj/CI.A

How to remove Malware.AI.3957471892?

Malware.AI.3957471892 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment