Malware

Malware.AI.621744724 (file analysis)

Malware Removal

The Malware.AI.621744724 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.621744724 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Malware.AI.621744724?



File Info:

name: 280702080824881F578B.mlw
path: /opt/CAPEv2/storage/binaries/e43cbf743c74fb469a543a06dafdfa932d471c5575dbe48545d6427a8c32746d
crc32: 30D08D3B
md5: 280702080824881f578b5be1c8694b35
sha1: c69514a4aef5d359c9cc7fa321cacb4772e2883b
sha256: e43cbf743c74fb469a543a06dafdfa932d471c5575dbe48545d6427a8c32746d
sha512: 6f7aff339badb82b31b813a2300e7b9d2fd7c99bdd3bceff80c5b3b842bc0f409f71067b41f7b1674d89d33556b3b228899fcef19c3aa2c071c7b2f020b38e82
ssdeep: 768:yq88yDsz80CtdvO2NyifygrFLGsBFG2WZd4UxwUq9IPsS6w/OBnq7hLBOM5L:yq4DoOIcyYP7BojZd4URqiPd6O97jdL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BA43D101F4F35B35E23949FD78A9324BB7367A935F1C518ECE990CC08C5AB65046E2A7
sha3_384: 75d11a490acd7f463f2007970960056ced412c412d68935889f52907f513d3a6083bccc02e0cd820f0acdd81cb0a9706
ep_bytes: 558bec83c4f0b838424000e814f4ffff
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: ICQ, LLC.
FileDescription: ICQ
FileVersion: 7.8.0.6800
InternalName: ICQ
LegalCopyright: Copyright (c) 1998-2010 ICQ, LLC.
LegalTrademarks: 
OriginalFilename: ICQ.exe
ProductName: ICQ
ProductVersion: 7.8.0.6800
DistId: 30015
Translation: 0x0409 0x04b0

Malware.AI.621744724 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Yakes.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Generic.KDV.766855
FireEyeGeneric.mg.280702080824881f
CAT-QuickHealTrojanPWS.Zbot.Y
ALYacTrojan.Generic.KDV.766855
CylanceUnsafe
VIPRETrojan.Win32.Ransomware.B (v)
SangforHacktool.Win32.Obfuscator.ACD
K7AntiVirusTrojan ( 0040f2c31 )
AlibabaVirTool:Win32/Obfuscator.17ccd980
K7GWTrojan ( 0040f2c31 )
Cybereasonmalicious.808248
VirITTrojan.Win32.Winlock.KYM
CyrenW32/Trojan.XZMK-0473
SymantecPacked.Generic.392
ESET-NOD32a variant of Win32/Injector.XXB
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Generic.KDV.766855
NANO-AntivirusTrojan.Win32.Yakes.bkqepl
TencentWin32.Trojan.Generic.Hoyh
Ad-AwareTrojan.Generic.KDV.766855
SophosML/PE-A + Mal/EncPk-AGD
ComodoTrojWare.Win32.Kryptik.NEWA@4rfpbi
DrWebTrojan.Winlock.7396
ZillyaTrojan.Yakes.Win32.8435
TrendMicroTROJ_RANSOM.SMO6
McAfee-GW-EditionPWS-Zbot.gen.aow
EmsisoftTrojan.Generic.KDV.766855 (B)
IkarusTrojan.Win32.Yakes
JiangminTrojan.Generic.dxdxu
WebrootW32.Trojan.Gen
AviraTR/Zusy.2559875
Antiy-AVLTrojan/Generic.ASMalwS.17EAB4
KingsoftWin32.Troj.Yakes.(kcloud)
MicrosoftVirTool:Win32/CeeInject
ViRobotTrojan.Win32.A.Yakes.57856.R
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.Generic.KDV.766855
CynetMalicious (score: 99)
AhnLab-V3Spyware/Win32.Zbot.R41152
McAfeePWS-Zbot.gen.aow
MAXmalware (ai score=100)
VBA32Malware-Cryptor.Inject.gen
MalwarebytesMalware.AI.621744724
PandaTrj/Velphi.b
TrendMicro-HouseCallTROJ_RANSOM.SMO6
RisingTrojan.Bulta!8.35D (CLOUD)
YandexTrojan.Injector!Cxu65INN34U
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.4867995.susgen
FortinetW32/Injector.WCT!tr
BitDefenderThetaAI:Packer.99E0493619
AVGWin32:Crypt-OAW [Trj]
AvastWin32:Crypt-OAW [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.621744724?

Malware.AI.621744724 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment