Malware.AI.68425497 (file analysis)

The Malware.AI.68425497 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.68425497 virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Presents an Authenticode digital signature
CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine Malware.AI.68425497?


File Info:
name: FED0B635DF471085E9ED.mlw
path: /opt/CAPEv2/storage/binaries/4c44fb2bf9a8cb30294c7016299890f7b26f450fce6e944b40376070e2bddfde
crc32: 45D37B00
md5: fed0b635df471085e9ed48fb7a429c3d
sha1: ee178aa1fa2e8e9fcfddad8f09ad19633bba5514
sha256: 4c44fb2bf9a8cb30294c7016299890f7b26f450fce6e944b40376070e2bddfde
sha512: be5be46252958f73b0d8c7008bf4a68da292f0c384b900f81263fe0894a8a9d5088764fb55ad6e0b142d66906fac1098f4c57080d6c3b75f4ddfc0ebf34be4a3
ssdeep: 1536:zuygDFb9ucwn/h2J/OoISnj+LclYmi0UL/7TPxw:zuygDB9/8k04nj+LcCM2/fx
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T148A38D12B6E0D836C99748B024A9D6755AEEF5319B6091C333D84B7F2F303D04B7A35A
sha3_384: b62cfa1857eda6b60f6d8a9cfd4798a8a4401640ffadc6d092f9b4e550222c16a8de2ca06cf992a06c14e8b34814171a
ep_bytes: e8173c0000e9a4feffff3b0d3c5d4100
timestamp: 2023-06-11 07:09:31

Version Info:
Comments: Il s'agit d'une application légitime.
CompanyName: Renault S.A.
FileDescription: Renault S.A. Produit
FileVersion: 231
InternalName: ApplicationInterne
LegalCopyright: Droit d'auteur Â© Renault S.A. Tous droits réservés.
LegalTrademarks: Marques déposées Â© Renault S.A.
OriginalFilename: app.exe
ProductName: Application
ProductVersion: 231
Translation: 0x0407 0x04b0

Malware.AI.68425497 also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.472140
FireEye	Generic.mg.fed0b635df471085
Malwarebytes	Malware.AI.68425497
VIPRE	Gen:Variant.Zusy.472140
BitDefenderTheta	Gen:NN.ZexaF.36250.gq2@aasMbcai
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.GKPI
Kaspersky	HEUR:Trojan.Win32.Injurer.gen
BitDefender	Gen:Variant.Zusy.472140
Avast	Win32:CrypterX-gen [Trj]
Emsisoft	Gen:Variant.Zusy.472140 (B)
F-Secure	Trojan.TR/Kryptik.npnww
Trapmine	malicious.high.ml.score
SentinelOne	Static AI – Suspicious PE
GData	Gen:Variant.Zusy.472140
Google	Detected
Avira	TR/Kryptik.npnww
MAX	malware (ai score=89)
Arcabit	Trojan.Zusy.D7344C
ZoneAlarm	HEUR:Trojan.Win32.Injurer.gen
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.CrypterX-gen.R586090
Cylance	unsafe
Panda	Trj/Genetic.gen
Rising	Backdoor.Convagent!8.123DC (TFE:5:2ufaFoy3QMH)
Ikarus	Trojan-Spy.Agent
MaxSecure	PSW.W32.Coins.gen_265938
AVG	Win32:CrypterX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Malware.AI.68425497?

Malware.AI.68425497 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X