Malware

Malware.AI.615689952 removal guide

Malware Removal

The Malware.AI.615689952 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.615689952 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid

How to determine Malware.AI.615689952?



File Info:

name: 78226260A797163EB9ED.mlw
path: /opt/CAPEv2/storage/binaries/f7e1341c2ede2500542fe4ee65e0b95dc48684b6d97403e94137d482b31a795a
crc32: E7AF92A4
md5: 78226260a797163eb9edda1a997e83d7
sha1: f13c8321c9fe28e4314107c9abe867537dd47229
sha256: f7e1341c2ede2500542fe4ee65e0b95dc48684b6d97403e94137d482b31a795a
sha512: 21663377be8269837ca9bbc3b47879e3956110967593d2e0dfc43e25268a5a48418be99763a30c83f7cf2308e08f78841e5c3d7f899e1e3c7124eebfcdccae9c
ssdeep: 6144:ufFOFtnhFOIKXQRmjRBqyeMrOumKTOeoFOFMiwPKFOI:xTKXkmjRPeMr5mKTj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T167642A1D17A484C0CEDB0FF998A350D916F1AF1265C3D36E38CF699A2A92E416D3D237
sha3_384: cd156e4dad37a1f39531dbe6007a36f0217356c2b9a22c02b63d42afcf0ba2de266871519a7d355bae3b6adb3694f9ad
ep_bytes: ff250020400000000000000000000000
timestamp: 2020-05-26 20:24:09


Version Info:

Translation: 0x0000 0x04b0
Comments: Serial Port Communication Tool
CompanyName: adel.dev
FileDescription: COMx
FileVersion: 0.0.0.1
InternalName: COMx.exe
LegalCopyright: Copyright © adel.dev 2019
OriginalFilename: COMx.exe
ProductName: COMx
ProductVersion: 0.0.0.1
Assembly Version: 0.0.0.1

Malware.AI.615689952 also known as:

LionicTrojan.Win32.Bulz.4!c
MicroWorld-eScanGen:Variant.Lazy.112982
FireEyeGeneric.mg.78226260a797163e
ALYacGen:Variant.Lazy.112982
CylanceUnsafe
SangforTrojan.Win32.Wacatac.B
CrowdStrikewin/malicious_confidence_60% (W)
BitDefenderThetaGen:NN.ZemsilF.34212.uy0@aayLpKi
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.VMProtect.ACR
TrendMicro-HouseCallTROJ_GEN.R002C0PB622
Paloaltogeneric.ml
BitDefenderGen:Variant.Lazy.112982
AvastWin32:Trojan-gen
Ad-AwareGen:Variant.Lazy.112982
EmsisoftGen:Variant.Lazy.112982 (B)
TrendMicroTROJ_GEN.R002C0PB622
McAfee-GW-EditionGenericRXNO-JJ!78226260A797
SophosMal/Generic-S
IkarusPUA.VMProtect
GDataGen:Variant.Lazy.112982
GridinsoftRansom.Win32.Wacatac.sa
ArcabitTrojan.Lazy.D1B956
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Gen.RL_Reputation.C4276077
McAfeeGenericRXNO-JJ!78226260A797
MAXmalware (ai score=82)
MalwarebytesMalware.AI.615689952
APEXMalicious
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:4srlw65Un+KmMVGVTdNRBg)
SentinelOneStatic AI – Malicious PE
FortinetPossibleThreat.PALLAS.H
AVGWin32:Trojan-gen
Cybereasonmalicious.0a7971
PandaTrj/Orbond.A
MaxSecureTrojan.Malware.110645469.susgen

How to remove Malware.AI.615689952?

Malware.AI.615689952 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment