About “Malware.AI.676159407” infection

The Malware.AI.676159407 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.676159407 virus can do?

Dynamic (imported) function loading detected
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Malware.AI.676159407?


File Info:
name: 0A2F9708ED7E672EDA5A.mlw
path: /opt/CAPEv2/storage/binaries/285a0811e7920e95efa1ab2a077155597953e178c40885fd77df1e7d4d7aae10
crc32: 55BB0F7A
md5: 0a2f9708ed7e672eda5ad656f7fa9e24
sha1: 013f7b55bae8dc961147f2468c6cc309b8cc062d
sha256: 285a0811e7920e95efa1ab2a077155597953e178c40885fd77df1e7d4d7aae10
sha512: 89c79ba9b277997daffe128023e08df0e65212b15dcb1ff1ffe6b6b904302efff2334053b907fe7c855c8ceb41ca1bfcdc768e06ec3771f278a651a8949016a7
ssdeep: 24576:QrOLLZYIrS6PtvbuhZUTdMh6h01bpeg4jOh9XkrnXqmwuYfWQ5doDTNop8B:SOLLZE6PBbF0WD/T6eYfW+dOB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16B95CF70E01C49CEF57668B9652794C428F07D5AA191B32F71AAFA7A74F1301082FF6E
sha3_384: 5958c9cd0df4751dcd2da11117d2d52406cf6884de4b4f3a3c519f1c200edf9a7182bd80502b423a8f10b913e0ed3fd4
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-10-13 11:01:46

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 开源矿工 https://github.com/ntminer/NtMiner
FileDescription: NTMinerDaemon
FileVersion: 2.8.6
InternalName: NTMinerDaemon.exe
LegalCopyright: Copyright ©  NTMiner
LegalTrademarks: 
OriginalFilename: NTMinerDaemon.exe
ProductName: NTMinerDaemon
ProductVersion: 2.8.6
Assembly Version: 2.8.6.4

Malware.AI.676159407 also known as:

Lionic	Trojan.MSIL.NTMiner.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	IL:Trojan.MSILZilla.4981
FireEye	IL:Trojan.MSILZilla.4981
CAT-QuickHeal	Trojan.MsilFC.S23219379
McAfee	GenericRXPV-ET!0A2F9708ED7E
Cylance	Unsafe
Alibaba	Trojan:MSIL/NTMiner.f914a665
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Kaspersky	HEUR:Trojan.MSIL.NTMiner.gen
BitDefender	IL:Trojan.MSILZilla.4981
Avast	Win32:MiscX-gen [PUP]
Tencent	Msil.Trojan.Ntminer.Eot
Ad-Aware	IL:Trojan.MSILZilla.4981
Emsisoft	IL:Trojan.MSILZilla.4981 (B)
F-Secure	Heuristic.HEUR/AGEN.1145877
TrendMicro	TROJ_GEN.R035C0PL721
McAfee-GW-Edition	GenericRXPV-ET!0A2F9708ED7E
Sophos	Mal/Generic-S
SentinelOne	Static AI – Suspicious PE
GData	IL:Trojan.MSILZilla.4981
Avira	HEUR/AGEN.1145877
MAX	malware (ai score=81)
Gridinsoft	Ransom.Win32.Gen.sa
Arcabit	IL:Trojan.MSILZilla.D1375
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Redcap.C4780135
VBA32	Trojan.MSIL.gen.m
ALYac	IL:Trojan.MSILZilla.4981
Malwarebytes	Malware.AI.676159407
TrendMicro-HouseCall	TROJ_GEN.R035C0PL721
Fortinet	PossibleThreat
AVG	Win32:MiscX-gen [PUP]
Panda	Trj/GdSda.A
MaxSecure	Trojan.Malware.300983.susgen

How to remove Malware.AI.676159407?

Malware.AI.676159407 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X