Malware

Malware.AI.611991280 (file analysis)

Malware Removal

The Malware.AI.611991280 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.611991280 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to create or modify a Browser Helper Object
  • Attempts to modify proxy settings
  • Accessed credential storage registry keys
  • Harvests information related to installed mail clients
  • Attempts to interact with an Alternate Data Stream (ADS)

How to determine Malware.AI.611991280?



File Info:

name: 12920FF5231BE22520A7.mlw
path: /opt/CAPEv2/storage/binaries/4bb86665483e32cd120dd8560084b917eefa7a4fb17f3b31286f0580b52cd7f9
crc32: D18D9F4D
md5: 12920ff5231be22520a76065048819f8
sha1: 620601344ca28eb531f7432d3405bef726569d1c
sha256: 4bb86665483e32cd120dd8560084b917eefa7a4fb17f3b31286f0580b52cd7f9
sha512: e6c15c5084c11b016b9a73643f27389c73914361e0874fa7fab170cd8b59d30485acee2d88f27d9cee8e7032f6ecfbd9dc0606875c88a48e1d81fed8614a62f3
ssdeep: 12288:9koqrtYayXBTNeJKodVj+YOrmXUZSEt9:qo4tYGJvbCTeUZSEt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16575DFE82371E872F46750744A57CBF319A93D2250102E8F7A966F7DAF3C7A4872520B
sha3_384: c4b3498eb2e69d3625ec8583f5b20ecbda01ee29efd44206b42d36e50094e5b254fedfe90f12f0e0867bb23fbf2c57c4
ep_bytes: e878500000e978feffff8bff558bec81
timestamp: 2011-04-01 12:44:40


Version Info:

CompanyName: Sun Microsystems, Inc.
FileDescription: Java(TM) Update Sheduler
FileVersion: 3, 1, 1, 1
InternalName: Java(TM) Update Sheduler
LegalCopyright: Copyright (C) 2001
LegalTrademarks: Java(TM) Update Sheduler
OriginalFilename: javacc.exe
ProductName: Java(TM) Update Sheduler
ProductVersion: 3, 1, 1, 1
Translation: 0x0409 0x04b0

Malware.AI.611991280 also known as:

BkavW32.AIDetect.malware1
MicroWorld-eScanGen:Variant.Bulz.49408
FireEyeGeneric.mg.12920ff5231be225
McAfeeGenericRXGG-YV!12920FF5231B
CylanceUnsafe
VIPREGen:Variant.Bulz.49408
Cybereasonmalicious.5231be
SymantecBackdoor.Tinybaron
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.BDTE
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Backdoor.Win32.CosmicDuke.gen
BitDefenderGen:Variant.Bulz.49408
NANO-AntivirusTrojan.Win32.CosmicDuke.dfujbz
AvastWin32:Trojan-gen
Ad-AwareGen:Variant.Bulz.49408
EmsisoftGen:Variant.Bulz.49408 (B)
DrWebWin32.HLLW.Zebra.18
ZillyaBackdoor.CosmicDuke.Win32.18
McAfee-GW-EditionGenericRXGG-YV!12920FF5231B
Trapminemalicious.high.ml.score
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Bulz.49408
JiangminBackdoor.CosmicDuke.ba
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.3D30
ArcabitTrojan.Bulz.DC100
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
BitDefenderThetaGen:NN.ZexaF.34592.Hr3@ayCLIzmc
ALYacGen:Variant.Bulz.49408
MAXmalware (ai score=87)
VBA32Trojan.CLR.24407
MalwarebytesMalware.AI.611991280
YandexTrojan.Injector!TfHXJBoPGnc
FortinetW32/Kryptik.EOSK!tr
AVGWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Malware.AI.611991280?

Malware.AI.611991280 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment