Malware

About “Malware.AI.508671080” infection

Malware Removal

The Malware.AI.508671080 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.508671080 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Malware.AI.508671080?



File Info:

name: 713019FA714A1A67CC68.mlw
path: /opt/CAPEv2/storage/binaries/4ebf2b529dc6f303db593d76392500197c0096ae3b5c8a84cbf3a19200c89e8a
crc32: 198AF177
md5: 713019fa714a1a67cc689744566ed998
sha1: 0173d4b18e76a4cf0795e7cf5a0cb60a3384b85d
sha256: 4ebf2b529dc6f303db593d76392500197c0096ae3b5c8a84cbf3a19200c89e8a
sha512: a30ccbaf4f957cfdac9043797201712073684deeb41b3bc23d19979aaf69e6acf9ad3f7097bbdf71b544a2858077173009e300d5b4d137283de0da495321f6c7
ssdeep: 49152:9R2vxkv31BiCb7A7NZ6jDPZa7o38M0oMqaA5+Semv+9wbMl1:9R+xkvlbPANZ6ao+7qa++Srv+9xz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T172B523215D00849BF030DA3C72DFA0724E367F76AF919C5BB171798E06DAC62672A71E
sha3_384: c097ddc7d41b56737704eb8a36d864f572c85a742dd047c43039138eeb23f4de1f73cfe5d345a0c47e55cf0a21994e48
ep_bytes: 68567689d0e8fe0400008d6e07ece98a
timestamp: 2011-05-11 15:12:58


Version Info:

FileVersion: 1.0.0.0
FileDescription: www.wankuwg.com
ProductName: DNF玩酷
ProductVersion: 1.0.0.0
CompanyName: www.wankuwg.com
LegalCopyright: www.wankuwg.com
Comments: www.wankuwg.com
Translation: 0x0804 0x04b0

Malware.AI.508671080 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.liRX
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.PWSIME.2
FireEyeGeneric.mg.713019fa714a1a67
McAfeeArtemis!713019FA714A
CylanceUnsafe
ZillyaBackdoor.BlackHole.Win32.7092
K7AntiVirusAdware ( 004b942f1 )
K7GWAdware ( 004b942f1 )
Cybereasonmalicious.a714a1
BitDefenderThetaGen:NN.ZexaF.34182.qE0@a8VhKKeb
CyrenW32/SuspPack.BQ.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/FlyStudio.Packed.A potentially unwanted
Paloaltogeneric.ml
ClamAVWin.Trojan.Agent-476317
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Heur.PWSIME.2
TencentWin32.Backdoor.Blackhole.bqwm
EmsisoftGen:Heur.PWSIME.2 (B)
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
McAfee-GW-EditionBehavesLike.Win32.Backdoor.vc
SophosGeneric PUA AB (PUA)
IkarusTrojan.Win32.PSW
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1212363
KingsoftWin32.Troj.Generic.(kcloud)
MicrosoftTrojan:Win32/Dynamer!dtc
ZoneAlarmUDS:DangerousObject.Multi.Generic
GDataGen:Heur.PWSIME.2
CynetMalicious (score: 100)
ALYacGen:Heur.PWSIME.2
MAXmalware (ai score=80)
VBA32BScope.Trojan.Downloader
MalwarebytesMalware.AI.508671080
PandaTrj/CI.A
APEXMalicious
RisingMalware.Undefined!8.C (TFE:5:O1RTmup4cpR)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.ELG!tr.pws
AVGWin32:GenMalicious-GWW [Trj]
AvastWin32:GenMalicious-GWW [Trj]
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Malware.AI.508671080?

Malware.AI.508671080 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment