Malware

About “Malware.AI.3966874512” infection

Malware Removal

The Malware.AI.3966874512 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3966874512 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to interact with an Alternate Data Stream (ADS)

How to determine Malware.AI.3966874512?



File Info:

name: 31CF042E91DE7492C86E.mlw
path: /opt/CAPEv2/storage/binaries/c885f09b10feb88d7d176fe1a01ed8b480deb42324d2bb825e96fe1408e2a35f
crc32: 60CDCF43
md5: 31cf042e91de7492c86e1ad02dc9eaec
sha1: d43ed3d0bc9e1bdbefc5890edf5249c910eb893c
sha256: c885f09b10feb88d7d176fe1a01ed8b480deb42324d2bb825e96fe1408e2a35f
sha512: b5f7281155912d1dd3a35cdf1700574df33cacf73b506523af0856274f6cb2f7d798ffbb0ea33ffe398b1746808b265ef5ac977ef3cad94ff483c0cbb6ee544a
ssdeep: 6144:lkPB/17sCQqzV48bahd2aBSpwlrJiAyV:cB/19/Uhd2aIp8rJiAyV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13F449E41B38CC21AD6DF4B7990A05996DBF0DA57D1DFAB932C44A5F43C03398B92D2A3
sha3_384: d3a0a7eaaedf873b81ee87f3681e0ef85e98a53c8704a579cb5900d02eb651933fab5acc472ab7bff21602a6461da2ae
ep_bytes: ff25002040004142434445464748494a
timestamp: 2016-11-28 08:56:39


Version Info:

Comments: CCleaner
CompanyName: Piriform Ltd
FileDescription: CCleaner
FileVersion: 5, 20, 00, 5668
InternalName: ccleaner
LegalCopyright: Copyright © 2005-2016 Piriform Ltd
OriginalFilename: ccleaner.exe
ProductName: CCleaner
ProductVersion: 5, 20, 00, 5668
Translation: 0x0409 0x04b0

Malware.AI.3966874512 also known as:

MicroWorld-eScanGen:Variant.Zusy.96890
FireEyeGen:Variant.Zusy.96890
ALYacGen:Variant.Zusy.96890
CylanceUnsafe
SangforTrojan.Win32.Downeks.uppyg
K7AntiVirusTrojan ( 0056fb841 )
AlibabaTrojan:Win32/Generic.667cc34a
K7GWTrojan ( 0056fb841 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZemsilF.34786.pm0@aWHGNCci
SymantecTrojan.Downeks
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Agent.ARP
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Downeks-6394303-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.96890
NANO-AntivirusTrojan.Win32.Agent.ejdirp
AvastWin32:Malware-gen
RisingTrojan.Agent!8.B1E (CLOUD)
Ad-AwareGen:Variant.Zusy.96890
EmsisoftGen:Variant.Zusy.96890 (B)
VIPREGen:Variant.Zusy.96890
TrendMicroTROJ_FRS.0NA103C320
McAfee-GW-EditionGeneric Trojan.jp
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
IkarusTrojan.SuspectCRC
GDataGen:Variant.Zusy.96890
JiangminTrojan.Generic.eavfh
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1235753
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.3E79
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Skeeyah.A!rfn
CynetMalicious (score: 99)
AhnLab-V3Malware/Win32.Generic.C753228
Acronissuspicious
McAfeeGeneric Trojan.jp
MalwarebytesMalware.AI.3966874512
TrendMicro-HouseCallTROJ_FRS.0NA103C320
TencentMalware.Win32.Gencirc.11fbccd8
YandexTrojan.Agent!Ih93VzUehhk
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.10533025.susgen
FortinetGenerik.HDRJHYK!tr
AVGWin32:Malware-gen
Cybereasonmalicious.e91de7
PandaTrj/CI.A

How to remove Malware.AI.3966874512?

Malware.AI.3966874512 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment