Malware

Malware.AI.655984447 removal tips

Malware Removal

The Malware.AI.655984447 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.655984447 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

Related domains:

wpad.local-net

How to determine Malware.AI.655984447?



File Info:

name: 3920DEFBBD287D634799.mlw
path: /opt/CAPEv2/storage/binaries/37b7a426366e22e2e416c6e330d3a491226c185a062d176a1b7d1bce262de0f0
crc32: 4777823A
md5: 3920defbbd287d6347995a990e1d72da
sha1: 9908c0288f78447465f08ce05238314b98be8387
sha256: 37b7a426366e22e2e416c6e330d3a491226c185a062d176a1b7d1bce262de0f0
sha512: 16ff3b537e7f304c6d59ffe4fa051d954ae47f4f27698c57a51e7a5dfd7bc6a90086adb98a27032b24653c90a4e25d666a8bcb635443279363129802f700d86c
ssdeep: 6144:7w8HR+tR9bQP7EmUcs7EwbeFf1BMWfegwQp365nzmegUR5yxwNn5uT:UEyR9bngwbehjM6L8XtR5RNn5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1477423939FCA2E62D94218BDDB713F1DA3444CE0393B57852B59401C3D6CBA87A2A393
sha3_384: 48aa36d655ec55bdf93a3af56401e79e7b2adb35d43e7152dd17b32a5ffcf0542ea78ce91fdd9f6ba80a2b54c7638c57
ep_bytes: 60be004045008dbe00d0faffc7870c97
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: Rogisinaroc
FileDescription: 
FileVersion: 2.3.30.98
InternalName: LukirCinaho
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: LukirCinaho.exe
ProductName: Celi Latir 33
ProductVersion: 2.3.39.96

Malware.AI.655984447 also known as:

BkavW32.AIDetect.malware1
LionicAdware.Win32.Generic.l8C8
Elasticmalicious (high confidence)
MicroWorld-eScanAdware.DealPly.1.Gen
FireEyeGeneric.mg.3920defbbd287d63
CAT-QuickHealAdware.Dealply.C8
McAfeeArtemis!3920DEFBBD28
CylanceUnsafe
ZillyaAdware.DealPly.Win32.254940
SangforTrojan.Win32.Save.a
K7AntiVirusAdware ( 005223711 )
AlibabaAdWare:Win32/DealPly.a3b79d46
K7GWAdware ( 005223711 )
CrowdStrikewin/malicious_confidence_100% (D)
CyrenW32/DealPly.BJ.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/DealPly.KM.gen potentially unwanted
APEXMalicious
ClamAVWin.Dropper.Nanocore-9810750-0
Kasperskynot-a-virus:HEUR:AdWare.Win32.Generic
BitDefenderAdware.DealPly.1.Gen
NANO-AntivirusRiskware.Win32.DealPly.fgxawd
AvastWin32:Adware-gen [Adw]
TencentWin32.Adware.Generic.Ljae
Ad-AwareAdware.DealPly.1.Gen
EmsisoftAdware.DealPly.1.Gen (B)
ComodoApplicUnwnt@#3gnbuepj59cr8
DrWebAdware.DealPly.260
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
SophosDealPly Updater (PUA)
SentinelOneStatic AI – Malicious PE
GDataWin32.Application.DealPly.AL
JiangminAdWare.Generic.rflz
WebrootW32.Adware.Gen
AviraHEUR/AGEN.1126529
Antiy-AVLTrojan/Generic.ASMalwS.1E37837
MicrosoftTrojan:Win32/Occamy.C37
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.DealPly.C1926159
Acronissuspicious
BitDefenderThetaGen:NN.ZelphiF.34294.wmKfamOv9Oei
MAXmalware (ai score=99)
VBA32Adware.DealPly
MalwarebytesMalware.AI.655984447
RisingAdware.DealPly!1.AA42 (CLASSIC)
IkarusPUA.DealPly
eGambitUnsafe.AI_Score_99%
FortinetAdware/DealFly
AVGWin32:Adware-gen [Adw]
MaxSecureTrojan.Malware.300983.susgen

How to remove Malware.AI.655984447?

Malware.AI.655984447 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment