Malware

About “Malware.AI.641566338” infection

Malware Removal

The Malware.AI.641566338 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.641566338 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Expresses interest in specific running processes
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • The following process appear to have been packed with Themida: 90D6AAFAD34F0304D06A.mlw
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics

How to determine Malware.AI.641566338?



File Info:

name: 90D6AAFAD34F0304D06A.mlw
path: /opt/CAPEv2/storage/binaries/c876a8272bf437ec99d0826ba6010aab27beaf125d59db043ad9c1732a53d907
crc32: E690D2D7
md5: 90d6aafad34f0304d06a10f637ebe74c
sha1: 807e080e6f87be7c4e795f4f907542118b365044
sha256: c876a8272bf437ec99d0826ba6010aab27beaf125d59db043ad9c1732a53d907
sha512: e2e28e0ed86e20e56fad1df196ad314aa2f11752d4f3967f6030737ac9460820d0d851062997b5cf6608e69257a798bd69fd2db0bfc5e5127a05e0d7cabea848
ssdeep: 98304:bQJjNoop2Prx7xaV23fDXHJlKdOYGFCQv:bQJjNo7xaczplYOYSCQv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FCF53306AE613EE5DC550DF8CD999E20160E5E26B57712903D8F73BECB392101E2CDAE
sha3_384: e7e6601a88f612984012271c9611bb3efbe2050a5c552a7a1ab350f37dd0ba1d873e6bbbc5d64a1fa708eb62dc3375ae
ep_bytes: ff74240cff74240cff74240cb858d0d1
timestamp: 2022-01-22 16:33:20


Version Info:

0: [No Data]

Malware.AI.641566338 also known as:

BkavW32.AIDetect.malware1
LionicRiskware.Win32.TorTool.1!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Mikey.116560
FireEyeGeneric.mg.90d6aafad34f0304
McAfeeArtemis!90D6AAFAD34F
CylanceUnsafe
SangforHacktool.Win32.TorTool.ftf
K7AntiVirusRiskware ( 0040eff71 )
AlibabaNetTool:Win32/TorTool.4b2ebd6b
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.ad34f0
BitDefenderThetaAI:Packer.EC7B60DA1F
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallTROJ_GEN.R002H0CB622
AvastWin32:Malware-gen
Kasperskynot-a-virus:NetTool.Win32.TorTool.ftf
BitDefenderGen:Variant.Mikey.116560
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
Ad-AwareGen:Variant.Mikey.116560
EmsisoftGen:Variant.Mikey.116560 (B)
McAfee-GW-EditionBehavesLike.Win32.PUP.wc
SophosGeneric PUA IA (PUA)
Paloaltogeneric.ml
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Generic.ASMalwS.3524F1F
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftHackTool:Win32/Aicat.A!ml
GDataGen:Variant.Mikey.116560
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.RL_Wacatac.R361900
Acronissuspicious
ALYacGen:Variant.Mikey.116560
MAXmalware (ai score=89)
MalwarebytesMalware.AI.641566338
APEXMalicious
RisingMalware.Heuristic!ET#96% (RDMK:cmRtazoFWDrR0Z7PbaM7Lsu4UX7+)
SentinelOneStatic AI – Malicious PE
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Malware.AI.641566338?

Malware.AI.641566338 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment