Malware

Malware.AI.539103102 removal guide

Malware Removal

The Malware.AI.539103102 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.539103102 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Network activity detected but not expressed in API logs

Related domains:

wpad.local-net

How to determine Malware.AI.539103102?



File Info:

name: 64C71F3739B8DF51BBCB.mlw
path: /opt/CAPEv2/storage/binaries/4161f0f1c81f7889a7a1a24a2d7e14e280c79f26b10d8c60808dee8963d9adbf
crc32: E789A1AB
md5: 64c71f3739b8df51bbcb22ce205f73a8
sha1: 79dd23bdcd8ada3348c67842f00ab7732aca12b8
sha256: 4161f0f1c81f7889a7a1a24a2d7e14e280c79f26b10d8c60808dee8963d9adbf
sha512: a1462832a20a8e80220995a4ee559954cc7449c659f4b793609851bf71082bcac04d7f55c4ab74eec4c6528ff89baad77756e48a6b6104227bdaaccf14743062
ssdeep: 6144:wtaptaT34IPmGHCha3BgJudHoS+k0iKOW:wtaikIPmaCjJsQk05OW
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T114B4AD37714F92F7C311597859F094B53AA82E1CCCF070A6E5E3BA8A273EDE259C1648
sha3_384: 4333e4815517e549d1a6608866cb9f75e907d0cdb63a1183834af4b89784c5a355201027a34b325bf653d8ce673a5e32
ep_bytes: 53565755488d354adbfcff488dbedb3f
timestamp: 2019-07-30 08:52:08


Version Info:

FileVersion: 9.10.21
ProductVersion: 9.10.21
ProductName: NULLspoofer by 4u4play.com
OriginalFilename: NULLspoofer by 4u4play.com
InternalName: NULLspoofer by 4u4play.com
FileDescription: NULLspoofer by 4u4play.com
CompanyName: NULLspoofer by 4u4play.com
LegalTrademarks: NULLspoofer by 4u4play.com
LegalCopyright: NULLspoofer by 4u4play.com
PrivateBuild: NULLspoofer by 4u4play.com
SpecialBuild: NULLspoofer by 4u4play.com
Comments: NULLspoofer by 4u4play.com
Translation: 0x0000 0x04e4

Malware.AI.539103102 also known as:

MicroWorld-eScanDropped:Trojan.GenericKD.46961227
FireEyeGeneric.mg.64c71f3739b8df51
McAfeeRDN/Generic Dropper
K7AntiVirusUnwanted-Program ( 0057208b1 )
K7GWUnwanted-Program ( 0057208b1 )
Cybereasonmalicious.dcd8ad
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win64/HWIDChanger.B potentially unsafe
TrendMicro-HouseCallTROJ_GEN.R002C0WKQ21
Paloaltogeneric.ml
ClamAVWin.Malware.Dapato-9857138-0
KasperskyTrojan-Dropper.Win32.Dapato.qxea
BitDefenderDropped:Trojan.GenericKD.46961227
AvastWin64:Malware-gen
Ad-AwareDropped:Trojan.GenericKD.46961227
SophosMal/Generic-S
DrWebTrojan.PWS.Stealer.27269
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0WKQ21
McAfee-GW-EditionRDN/Generic Dropper
SentinelOneStatic AI – Malicious PE
EmsisoftDropped:Trojan.GenericKD.46961227 (B)
APEXMalicious
GDataDropped:Trojan.GenericKD.46961227
JiangminTrojanDropper.Dapato.acjc
Antiy-AVLTrojan/Generic.ASBOL.C5E3
GridinsoftRansom.Win64.Sabsik.sa
ArcabitTrojan.Generic.D2CC924B
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win64.Generic.C4342194
VBA32TrojanPSW.Stealer
ALYacDropped:Trojan.GenericKD.46961227
MAXmalware (ai score=87)
MalwarebytesMalware.AI.539103102
YandexTrojan.DR.Dapato!RHrso1bLIWI
MaxSecureTrojan.Malware.300983.susgen
FortinetAdware/HWIDChanger
AVGWin64:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Malware.AI.539103102?

Malware.AI.539103102 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment