Malware

What is “Malware.AI.606210640”?

Malware Removal

The Malware.AI.606210640 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.606210640 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Starts servers listening on 127.0.0.1:40674
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Serbian
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs Tor on the infected machine
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Malware.AI.606210640?



File Info:

crc32: 091D8114
md5: a122cc81c6d6006a4cb230ff183fdf7a
name: A122CC81C6D6006A4CB230FF183FDF7A.mlw
sha1: 94c408157eb255a09a4e7ffdb8555acfef420a55
sha256: 33ca1d2ce8dd5ebf53eaf2ae42afaaecc73ad57a44d0dc5abb3491b13d542653
sha512: 22c3c6e155739640ef1c91f58a5424461fb459892e51a1daeed9478762184c74fbc27c8f3c525afbe48f9230a1f42494484aaf1b0d9a75106d8bc007f06b8cef
ssdeep: 24576:3hj9zZrNLDa5fbS+QY6wI28+G5NnTBm+r59+aNwy:3hj9zZrNLDGfG+QyI28+G72aNl
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0409 0x04b0
LegalCopyright: Copyright xa9 QPlay 2015-2017
InternalName: QPlay13
FileVersion: 1.00.0433
CompanyName: FLASh
ProductName: QPlay
ProductVersion: 1.00.0433
FileDescription: vacuum valves, chambers and accessories. GNB is the manufacturer of the world's largest and most dependable vacuum valves, providing ...
OriginalFilename: QPlay13.exe

Malware.AI.606210640 also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 00508c3c1 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.10480
CynetMalicious (score: 100)
CAT-QuickHealRansom.Troldesh.A3
ALYacGen:Variant.Johnnie.130
CylanceUnsafe
ZillyaTrojan.Fsysna.Win32.13786
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Fsysna.d441cc9c
K7GWTrojan ( 00508c3c1 )
Cybereasonmalicious.1c6d60
CyrenW32/Fsysna.LYLY-6665
SymantecRansom.Kovter
ESET-NOD32Win32/Filecoder.Shade.B
ZonerTrojan.Win32.55180
APEXMalicious
AvastWin32:Rootkit-gen [Rtk]
ClamAVWin.Malware.Fsysna-6949797-0
KasperskyTrojan.Win32.Fsysna.ehio
BitDefenderGen:Variant.Johnnie.130
NANO-AntivirusTrojan.Win32.Fsysna.eopenn
ViRobotTrojan.Win32.Z.Fsysna.975944.A
MicroWorld-eScanGen:Variant.Johnnie.130
TencentMalware.Win32.Gencirc.10bbb522
Ad-AwareGen:Variant.Johnnie.130
SophosMal/Generic-S + Mal/Generic-L
ComodoMalware@#2e1wak7ibsduu
BitDefenderThetaGen:NN.ZevbaF.34628.7m3@aOavucgG
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_CRYPSHED.F117CH
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
FireEyeGeneric.mg.a122cc81c6d6006a
EmsisoftTrojan-Ransom.Shade (A)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Fsysna.gtg
WebrootW32.Trojan.Gen
AviraTR/ATRAPS.fzead
eGambitUnsafe.AI_Score_100%
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftRansom:Win32/Troldesh.A
ArcabitTrojan.Johnnie.130
AegisLabTrojan.Win32.Fsysna.to4J
ZoneAlarmTrojan.Win32.Fsysna.ehio
GDataWin32.Trojan.Agent.OAB5CK
TACHYONTrojan/W32.VB-Fsysna.975944
AhnLab-V3Trojan/Win32.Agent.R197272
McAfeeGeneric.abb
MAXmalware (ai score=100)
VBA32Trojan.Fsysna
MalwarebytesMalware.AI.606210640
PandaTrj/WLT.C
TrendMicro-HouseCallRansom_CRYPSHED.F117CH
RisingTrojan.Win32.generic.ea (CLOUD)
IkarusTrojan.Win32.Filecoder
FortinetW32/Fsysna.ED!tr
AVGWin32:Rootkit-gen [Rtk]
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Shade.HwMA8GsA

How to remove Malware.AI.606210640?

Malware.AI.606210640 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment