Malware

Malware.AI.3961558966 malicious file

Malware Removal

The Malware.AI.3961558966 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3961558966 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Loads a driver
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Attempts to modify Internet Explorer’s start page
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Queries information on disks, possibly for anti-virtualization
  • Attempts to stop active services
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings

How to determine Malware.AI.3961558966?



File Info:

name: C149BAB14BF1311D1671.mlw
path: /opt/CAPEv2/storage/binaries/6c78b211e38578eafc90ab7450a5993ef418d4d99dad84e464ead9da95defe2e
crc32: 165BA609
md5: c149bab14bf1311d1671f88834e6f768
sha1: 6fac467e3a216761b68c025546a1f379fe079e8b
sha256: 6c78b211e38578eafc90ab7450a5993ef418d4d99dad84e464ead9da95defe2e
sha512: 43c16bb775713f48b8787d4b5bf3131305355227c525c245c212373af8889d64a0bbb99ea8c8cfc3c15638bf98521e87c4b128ade3eb8244057e5524a454d750
ssdeep: 49152:6sUGJaK2iwi0F7/1CndypmgOOi6YJVPNwR8KdodmbEAwuk:fVoKGD/WrgO36+wR8KdoMKuk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T136C533C1BA04C6B9D265607ECDA6E1F0572A7C14C682262332FA7F1B703B4D36A75C9D
sha3_384: f48d9b3acb810caece0da6b713f7afa5d8579af93a9c863c23c616209e7b18523eb410f382ea72e365c20865e179c096
ep_bytes: 60be00c06a008dbe0050d5ff5789e58d
timestamp: 2021-12-13 16:53:48


Version Info:

0: [No Data]

Malware.AI.3961558966 also known as:

LionicAdware.Win32.Agent.2!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.564628
FireEyeGeneric.mg.c149bab14bf1311d
ALYacGen:Variant.Graftor.564628
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusAdware ( 005071f51 )
AlibabaAdWare:Win32/FlyStudio.1241bf48
K7GWAdware ( 005071f51 )
CrowdStrikewin/grayware_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34182.JoIfaGwuPleb
CyrenW32/S-17fbb472!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
TrendMicro-HouseCallTROJ_GEN.R002C0DAT22
Paloaltogeneric.ml
CynetMalicious (score: 100)
Kasperskynot-a-virus:AdWare.Win32.Agent.gen
BitDefenderGen:Variant.Graftor.564628
AvastFileRepMalware
TencentMalware.Win32.Gencirc.10cfcfff
SophosMal/Behav-004
ComodoPacked.Win32.MUPX.Gen@24tbus
DrWebTrojan.StartPage1.60792
ZillyaAdware.Agent.Win32.171330
TrendMicroTROJ_GEN.R002C0DAT22
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
EmsisoftGen:Variant.Graftor.564628 (B)
APEXMalicious
eGambitUnsafe.AI_Score_100%
AviraRKIT/Agent.lbwqw
Antiy-AVLTrojan/Generic.ASCommon.FA
GridinsoftRansom.Win32.Miner.sa
MicrosoftTrojan:Win32/Startpage!rfn
ZoneAlarmnot-a-virus:AdWare.Win32.Agent.gen
GDataWin32.Trojan.PSE.5LSHNI
AhnLab-V3Malware/Win32.Generic.C2724786
McAfeeGenericRXAA-AA!C149BAB14BF1
MAXmalware (ai score=88)
VBA32Trojan.Tiggre
MalwarebytesMalware.AI.3961558966
RisingRootkit.Agent!8.F5 (CLOUD)
YandexTrojan.GenAsa!M7pOXDmhdTA
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.65CA!tr
AVGFileRepMalware
Cybereasonmalicious.14bf13
PandaTrj/GdSda.A

How to remove Malware.AI.3961558966?

Malware.AI.3961558966 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment