Malware

Malware.AI.60269637 (file analysis)

Malware Removal

The Malware.AI.60269637 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.60269637 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid

How to determine Malware.AI.60269637?



File Info:

name: 9059E679039B7FC7613D.mlw
path: /opt/CAPEv2/storage/binaries/1c26e2909a640235c46134c251afa1dba255bc5439a9fb5bd0146d0fbb44ff92
crc32: 23A17C45
md5: 9059e679039b7fc7613d95eb92c36a98
sha1: 570bccd7d091a24c4db88c0a098b849d008b8eb8
sha256: 1c26e2909a640235c46134c251afa1dba255bc5439a9fb5bd0146d0fbb44ff92
sha512: 6b36598c569b4fa5239115f449e3d2b08084302286c066a00a02383e9171f9f1a1eae89f0ead89af4104649c05f4762720f2fc665dd651fdd96ef1723b92998b
ssdeep: 768:4GJr0RNiB4fPYHsHiT9GpbKi2ZxUy1PcPW/M9zh:4U0RNiBGPYBT9Gpui2ZxUCPTEzh
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E0E24B4967E88227EDAF5F356E71CA411935E3879420CB5E4CDAA0990E737C4CF01BAB
sha3_384: 80f0870dff723e1240b7fe3e7ebd878c236bf07be22d2780fd8ec7b919f4b20cb779e174670b2a2d0a5f9823663d2402
ep_bytes: ff250020400000000000000000000000
timestamp: 2014-08-26 18:50:45


Version Info:

Translation: 0x0000 0x04b0
CompanyName: Microsoft
FileDescription: Windows Explorer
FileVersion: 1.1.0.121
InternalName: netscp.exe
LegalCopyright: Copyright © Microsft 2008
OriginalFilename: netscp.exe
ProductName: Microsoft
ProductVersion: 1.1.0.121
Assembly Version: 1.1.0.1

Malware.AI.60269637 also known as:

LionicTrojan.MSIL.Tnzbt.m!c
MicroWorld-eScanIL:Trojan.MSILZilla.9494
FireEyeIL:Trojan.MSILZilla.9494
McAfeeTrojan-FFJT!9059E679039B
CylanceUnsafe
SangforBackdoor.Msil.Tnzbt.Vz55
K7AntiVirusUnwanted-Program ( 700000121 )
AlibabaBackdoor:MSIL/Tnzbt.c280ffc9
K7GWUnwanted-Program ( 700000121 )
Cybereasonmalicious.9039b7
VirITTrojan.Win32.KillFiles.ZWU
SymantecTrojan.Tzeebot
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Spy.TzeeBot.C
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Agent-1304380
KasperskyBackdoor.MSIL.Tnzbt.q
BitDefenderIL:Trojan.MSILZilla.9494
AvastMSIL:Agent-CIU [Trj]
TencentWin32.Trojan.Falsesign.Hqld
Ad-AwareIL:Trojan.MSILZilla.9494
SophosTroj/MSIL-BBV
DrWebTrojan.KillFiles.17492
VIPREIL:Trojan.MSILZilla.9494
TrendMicroTROJ_GEN.R002C0OGP22
McAfee-GW-EditionTrojan-FFJT!9059E679039B
EmsisoftIL:Trojan.MSILZilla.9494 (B)
GDataIL:Trojan.MSILZilla.9494
JiangminBackdoor.MSIL.etoz
AviraTR/Spy.TzeeBot.zxehc
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASMalwS.3F60
ArcabitIL:Trojan.MSILZilla.D2516
ZoneAlarmBackdoor.MSIL.Tnzbt.q
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.FakeMS.R127229
VBA32Backdoor.MSIL.Tnzbt
ALYacIL:Trojan.MSILZilla.9494
MalwarebytesMalware.AI.60269637
TrendMicro-HouseCallTROJ_GEN.R002C0OGP22
RisingBackdoor.Tnzbt!8.80DD (CLOUD)
YandexBackdoor.Tnzbt!sIivehxd14E
SentinelOneStatic AI – Suspicious PE
FortinetPossibleThreat
AVGMSIL:Agent-CIU [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Malware.AI.60269637?

Malware.AI.60269637 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment