Malware

About “Malware.AI.3967965994” infection

Malware Removal

The Malware.AI.3967965994 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3967965994 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with ASPack
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Deletes executed files from disk
  • Anomalous binary characteristics

How to determine Malware.AI.3967965994?



File Info:

name: 280939656A4864FC6AE6.mlw
path: /opt/CAPEv2/storage/binaries/711f61df35b1e3e7e14fac09ee50394eccdccd95708e5792c1dc80cebc8e1a29
crc32: 8666E4DF
md5: 280939656a4864fc6ae630d05651e7f9
sha1: bb2730528639f4fb8742aa6c61787e828521eb0b
sha256: 711f61df35b1e3e7e14fac09ee50394eccdccd95708e5792c1dc80cebc8e1a29
sha512: d3b8631acaee145c17e10dd6b6758790bfc89fa1ba84c3b7538f8eb9bfdfd3d468fe9df61b46b2e62e9a4b7dc9db59c6da67f60adc4dfae0d1cb0480ec89b542
ssdeep: 1536:x4R1Z6HCuVxHnQqoSxY+tG5ipCY9LMhttpVmU9x+NC1WzJalvJ3oo+XK2HQdw6Ku:xTpHx++U5xYlgqU6U4t+YdXK2r6Ky+G
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DD930281C8D360B0C9E6207415A61C89E76EDE23616947A772FCC828E73D5EBC7DC497
sha3_384: aa8d3527739da209cb61fbcd9b66b6b29a7d835628e3ceb7e56a6df3b018cb1598a4d0ca04b5a407f0be03711dfdba87
ep_bytes: 60e803000000e9eb045d4555c3e80100
timestamp: 2004-08-04 06:01:37


Version Info:

0: [No Data]

Malware.AI.3967965994 also known as:

LionicTrojan.Win32.Refroso.4!c
DrWebTrojan.MulDrop2.39589
MicroWorld-eScanTrojan.GenericKD.42822131
FireEyeGeneric.mg.280939656a4864fc
ALYacTrojan.GenericKD.42822131
CylanceUnsafe
ZillyaTrojan.Refroso.Win32.20983
SangforSuspicious.Win32.Evo.atgen
AlibabaBackdoor:Win32/Bifrose.47545eeb
Cybereasonmalicious.56a486
VirITBackdoor.Win32.Bifrose.DRN
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Bifrose.NEL
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Refroso-7875
KasperskyTrojan.Win32.Refroso.cufy
BitDefenderTrojan.GenericKD.42822131
NANO-AntivirusTrojan.Win32.Bifrose.bjyor
AvastWin32:Trojan-gen
TencentWin32.Trojan.Refroso.Jqil
Ad-AwareTrojan.GenericKD.42822131
EmsisoftTrojan.GenericKD.42822131 (B)
ComodoMalware@#17qr8t2e8gt7j
VIPRETrojan.GenericKD.42822131
McAfee-GW-EditionBehavesLike.Win32.Dropper.nc
Trapminemalicious.high.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
GDataTrojan.GenericKD.42822131
JiangminTrojan/Refroso.ifq
WebrootW32.Malware.Gen
GoogleDetected
AviraTR/Dropper.Gen
MAXmalware (ai score=98)
Antiy-AVLTrojan/Generic.ASMalwS.C
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Refroso.C158665
McAfeeArtemis!280939656A48
VBA32BScope.Trojan.MTA.01302
MalwarebytesMalware.AI.3967965994
RisingBackdoor.Bifrose!8.B24 (CLOUD)
YandexBackdoor.Bifrose!ndNBRRj+n/8
IkarusBackdoor.Win32.Bifrose
MaxSecureTrojan.Malware.4246116.susgen
FortinetW32/ModCab.A!tr
AVGWin32:Trojan-gen
PandaGeneric Malware

How to remove Malware.AI.3967965994?

Malware.AI.3967965994 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment