Malware.AI.545010929 (file analysis)

The Malware.AI.545010929 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Malware.AI.545010929 virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Reads data out of its own binary image
Drops a binary and executes it
A scripting utility was executed
Uses Windows utilities for basic functionality
Detects Sandboxie through the presence of a library
Detects Avast Antivirus through the presence of a library
Executed a process and injected code into it, probably while unpacking
Checks for the presence of known windows from debuggers and forensic tools
Network activity contains more than one unique useragent.
Creates a hidden or system file

Related domains:

g-localdevice.biz

t.gogamec.com

How to determine Malware.AI.545010929?


File Info:
crc32: 5B78B8CE
md5: 2541305332777d0c51a0c5aadc1cd3b6
name: 2541305332777D0C51A0C5AADC1CD3B6.mlw
sha1: ed9e377dd008b934190c4ee7a49bf5c06deca08a
sha256: 35f03b44c0190b69074be8014c9e74552968c9ab7b693fe3f9077f70a80babbb
sha512: b8a33cfee81310cece3830d058aad69cbb6c02bf3a833d67dfc605e3f8f610af086d9c468f56c7eb3668f1edb0ac4f617d61526a29cf6d763877f29e5972b95e
ssdeep: 196608:x3bwYFVBGcvXTa/BNWKeefZCWRyXlaBpgG+oeo3LK:x3bnGmTaZQIZCWAVwphX2
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright (c) 1999-2018 Igor Pavlov
InternalName: 7zS.sfx
FileVersion: 19.00
CompanyName: Igor Pavlov
ProductName: 7-Zip
ProductVersion: 19.00
FileDescription: 7z Setup SFX
OriginalFilename: 7zS.sfx.exe
Translation: 0x0409 0x04b0

Malware.AI.545010929 also known as:

K7AntiVirus	Trojan-Downloader ( 0058a4761 )
Lionic	Trojan.MSIL.Mokes.m!c
DrWeb	Trojan.DownLoader43.63052
Cynet	Malicious (score: 100)
CAT-QuickHeal	Backdoor.MSIL
ALYac	Gen:Variant.Jaik.45861
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanDownloader:Win32/Mixer.19af3745
K7GW	Trojan-Downloader ( 0058a4761 )
Cybereason	malicious.332777
Cyren	W32/Agent.DPR.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
Avast	Win32:MalwareX-gen [Trj]
ClamAV	Win.Dropper.Pswtool-9857487-0
Kaspersky	Backdoor.MSIL.Mokes.bi
BitDefender	Gen:Variant.Jaik.45861
MicroWorld-eScan	Gen:Variant.Jaik.45861
Tencent	Msil.Backdoor.Mokes.Hphx
Ad-Aware	Gen:Variant.Jaik.45861
Sophos	Mal/Generic-R
BitDefenderTheta	Gen:NN.ZexaF.34294.Eu0@aCi994oO
TrendMicro	TROJ_GEN.R002C0DKE21
McAfee-GW-Edition	Generic trojan.qy
FireEye	Gen:Variant.Jaik.45861
Emsisoft	Gen:Variant.Jaik.45861 (B)
Jiangmin	Trojan.Zapchast.tt
Avira	TR/Redcap.wfljp
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASMalwS.34CD6A4
Kingsoft	Win32.Heur.KVMH008.a.(kcloud)
Microsoft	Trojan:Win32/Mokes.MA!MTB
GData	Gen:Variant.Jaik.45861
McAfee	Artemis!254130533277
MAX	malware (ai score=86)
VBA32	Trojan.Sabsik.FL
Malwarebytes	Malware.AI.545010929
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DKE21
Rising	Trojan.Starter!1.D93D (CLASSIC:xSkAJ7FNTGInj46JgtYk3w)
Ikarus	Trojan-Downloader.Win32.Agent
Fortinet	W32/Agent_AGen.G!tr.dldr
AVG	Win32:MalwareX-gen [Trj]
Paloalto	generic.ml

How to remove Malware.AI.545010929?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Malware.AI.545010929 (file analysis)