Malware

Malware.AI.735309629 removal guide

Malware Removal

The Malware.AI.735309629 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.735309629 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Authenticode signature is invalid

How to determine Malware.AI.735309629?



File Info:

name: 274E54D106A7D6D893E0.mlw
path: /opt/CAPEv2/storage/binaries/6942c9ad7a23cf42449b9e24fcd2a4cb88d1efc144c53dc70635393183aec6eb
crc32: 5107F918
md5: 274e54d106a7d6d893e004dc0669608f
sha1: b888323ee93e61d885e229be806e64d1184ee2c0
sha256: 6942c9ad7a23cf42449b9e24fcd2a4cb88d1efc144c53dc70635393183aec6eb
sha512: 3fe315090e867d8a62bfec5f99fb6f048cfa29f91c83cc6503b5361517677d33bd8ae4be184817014483c62e02f6f90132afacb406057d013143d3e612ce56c2
ssdeep: 98304:FjdyLmU8dWgAyPxh0LaT1l7xVsbrTJNHhRrEhkgGOveWJylBDxgc6DAb2QjPJ/:RQidWgrLeaT1lIbxNbykgGOAgjQrJ/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13F46CF22B9808076D2630331698DBFE599FDFB702A71A5279BCC165D1F709C2D32639B
sha3_384: 1e588ec90f7733e6dd7949f4d55a3dfa4cb878df9c86952aca179169221ee06f515920e481d1569c49cb1eb41c8d95ae
ep_bytes: 5150528d0d18000000648b0101c801c8
timestamp: 2021-11-24 16:16:33


Version Info:

CompanyName: BitTorrent Inc.
FileVersion: 2.1.3.1957
FileDescription: µTorrent Helper
InternalName: helper.exe
OriginalFilename: helper.exe
LegalCopyright: ©2018 BitTorrent, Inc. All Rights Reserved.
ProductName: µTorrent Helper
ProductVersion: 2.1.3.1957
SpecialBuild: uthelper
Translation: 0x0409 0x04e4

Malware.AI.735309629 also known as:

LionicRiskware.Win32.Expiro.1!c
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Expiro.Gen.6
FireEyeGeneric.mg.274e54d106a7d6d8
ALYacWin32.Expiro.Gen.6
CylanceUnsafe
K7AntiVirusTrojan ( 00561cbf1 )
AlibabaVirus:Win32/Expiro.e4ac7500
K7GWTrojan ( 00561cbf1 )
Cybereasonmalicious.106a7d
CyrenW32/Expiro.AN.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Expiro.NDG
TrendMicro-HouseCallTROJ_GEN.R002C0RL921
BitDefenderWin32.Expiro.Gen.6
NANO-AntivirusVirus.Win32.Gen.ccmw
AvastWin32:Xpirat-C [Inf]
TencentWin32.Virus.Expiro.Hqcc
Ad-AwareWin32.Expiro.Gen.6
SophosMal/EncPk-MK
TrendMicroTROJ_GEN.R002C0RL921
EmsisoftWin32.Expiro.Gen.6 (B)
IkarusVirus.Win32.Expiro
GDataWin32.Expiro.Gen.6
AviraW32/Infector.Gen8
MAXmalware (ai score=86)
MicrosoftTrojan:Win32/Raccoon.EC!MTB
CynetMalicious (score: 100)
VBA32BScope.Trojan.Wacatac
MalwarebytesMalware.AI.735309629
APEXMalicious
SentinelOneStatic AI – Suspicious PE
FortinetW32/Expiro.NDG
AVGWin32:Xpirat-C [Inf]

How to remove Malware.AI.735309629?

Malware.AI.735309629 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment