Malware

Malware.AI.3972492053 malicious file

Malware Removal

The Malware.AI.3972492053 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3972492053 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Korean
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Malware.AI.3972492053?



File Info:

name: 19DBE7FA5AA0B982D4D6.mlw
path: /opt/CAPEv2/storage/binaries/02d41c8e97fa9a46e8c743aae98e43a0c4dc933f598d3331c4a1c53cc3b7f67f
crc32: 026F9949
md5: 19dbe7fa5aa0b982d4d676b8a95e6986
sha1: b2a267c2ed68e8cf3c010b448c637c5528a53405
sha256: 02d41c8e97fa9a46e8c743aae98e43a0c4dc933f598d3331c4a1c53cc3b7f67f
sha512: f022e276d6571aabb726b3afe9eae8cd0c76f1abc3cd405bde9eef9075151f589e934cd81ec15363caa1da510a37cebd78a0007d849b8335908738552dc7990e
ssdeep: 24576:uoYPoSeVOBTv3W8eEe4zwqb8Fadbg81nr52hQIk+mh:uomleV4Tvm8eErwO84dbgi52+Ic
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18245331E9245F064F4D23B79E67B6498B47FB2660D1038BC5D29C2BA263A5E5C4E3B03
sha3_384: 92e208ed6dbc3b9321c012989c214a52428de8dda4a342bd78b8b1a02be7b28a23cffd7c7b475fe44a787fe17368fdb9
ep_bytes: 60be00004b008dbe0010f5ff57eb0b90
timestamp: 2020-05-30 22:59:46


Version Info:

CompanyName: Zepetto Co.
FileDescription: PBLauncher
FileVersion: 1.1.0.0
InternalName: PBLauncher.exe
LegalCopyright: (c) Zepetto. All rights reserved.
OriginalFilename: PBLauncher.exe
ProductName: PBLauncher
ProductVersion: 1.1.0.0
Translation: 0x0412 0x03b5

Malware.AI.3972492053 also known as:

LionicAdware.Win32.Convagent.2!c
Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Variant.Barys.312133
McAfeeArtemis!19DBE7FA5AA0
CylanceUnsafe
VIPREGen:Variant.Barys.312133
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
K7GWUnwanted-Program ( 004c3bfc1 )
K7AntiVirusUnwanted-Program ( 004c3bfc1 )
CyrenW32/ABRisk.OVPJ-0503
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/DllInject.BN potentially unsafe
TrendMicro-HouseCallTROJ_GEN.R002C0PE922
Paloaltogeneric.ml
ClamAVWin.Tool.Johnnie-6793850-0
Kasperskynot-a-virus:VHO:AdWare.Win32.Convagent.gen
BitDefenderGen:Variant.Barys.312133
CynetMalicious (score: 100)
AvastFileRepMetagen [Trj]
Ad-AwareGen:Variant.Barys.312133
EmsisoftGen:Variant.Barys.312133 (B)
DrWebTrojan.Siggen15.46710
ZillyaTrojan.DllInject.Win32.15766
TrendMicroTROJ_GEN.R002C0PE922
McAfee-GW-EditionBehavesLike.Win32.Trojan.tc
FireEyeGeneric.mg.19dbe7fa5aa0b982
SophosGeneric PUA LC (PUA)
APEXMalicious
GDataGen:Variant.Barys.312133
AviraHEUR/AGEN.1231060
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASMalwS.6C82
ArcabitTrojan.Barys.D4C345
ZoneAlarmnot-a-virus:VHO:AdWare.Win32.Convagent.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Malware/Win.ID.R451696
VBA32TScope.Trojan.VB
ALYacGen:Variant.Barys.312133
MalwarebytesMalware.AI.3972492053
IkarusTrojan.Win32.VB
RisingAdware.Convagent!8.131CC (CLOUD)
YandexTrojan.GenAsa!lMLmCxBo/ek
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/DllInject
AVGFileRepMetagen [Trj]
Cybereasonmalicious.a5aa0b

How to remove Malware.AI.3972492053?

Malware.AI.3972492053 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment