Malware

Malware.AI.495985194 (file analysis)

Malware Removal

The Malware.AI.495985194 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.495985194 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk

How to determine Malware.AI.495985194?



File Info:

name: 1519CD9650652C56F6E2.mlw
path: /opt/CAPEv2/storage/binaries/f1e2867081ed305432479cc927b38ad1fcf60de14955bc9b52b92e473d6f7013
crc32: 6FC2D5DF
md5: 1519cd9650652c56f6e221e401003d27
sha1: 71c411ac85e7d3f8e86996bb5b4f995a6c744c74
sha256: f1e2867081ed305432479cc927b38ad1fcf60de14955bc9b52b92e473d6f7013
sha512: 5732203980e809eb2d092db0d03d09b5aea1703093fe6da213e63b3cff3a53b75ef2041e9341b3c971a8c1981c86272ecf0525aef3152ddc72397cde89c01c4b
ssdeep: 49152:DkhF2FnF6uJuMo1Z0OoAmdN9jCg0xa6vMqwO/:4hGF6yu1j9eYg0xa6UqwO/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C395F0563E0894B7C3970F77095287B8DA113ED8AFE0922E615837CEF6B838F5A05709
sha3_384: a4766954e5b93e9aff03125de916f8598706f28c0d786cc250d693089c936887a29363d198a6e4b467b7f2d450538021
ep_bytes: 60be15b049008dbeeb5ff6ff5783cdff
timestamp: 2009-02-24 21:58:23


Version Info:

FileDescription: smPlugin
FileVersion: 1.0.0.0
LegalCopyright: www.ncyt.com.cn
Translation: 0x0804 0x04b0

Malware.AI.495985194 also known as:

LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanTrojan.GenericKD.48166332
FireEyeGeneric.mg.1519cd9650652c56
McAfeeArtemis!1519CD965065
MalwarebytesMalware.AI.495985194
SangforRiskware.Win32.Uwamson.A
VirITTrojan.Win32.Cryptic.CID
APEXMalicious
BitDefenderTrojan.GenericKD.48166332
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.48166332
EmsisoftTrojan.GenericKD.48166332 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
MAXmalware (ai score=87)
GDataTrojan.GenericKD.48166332
VBA32Trojan.Revizer
ALYacTrojan.GenericKD.48166332
TrendMicro-HouseCallTROJ_GEN.R06CH0CAU22
FortinetMalicious_Behavior.SB
AVGWin32:Malware-gen
Cybereasonmalicious.c85e7d

How to remove Malware.AI.495985194?

Malware.AI.495985194 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment