Malware

Malware.AI.821152956 removal instruction

Malware Removal

The Malware.AI.821152956 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.821152956 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Appears to use command line obfuscation
  • A script or command line contains a long continuous string indicative of obfuscation
  • A powershell command using multiple variables was executed possibly indicative of obfuscation
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.821152956?



File Info:

name: D891A6FC02F395D72E97.mlw
path: /opt/CAPEv2/storage/binaries/a4c75c90355226ef3f1a7cf056e77b9bc4aed5e26021ac4f473ed2e5de460a4a
crc32: 768114C1
md5: d891a6fc02f395d72e97194a33094bfb
sha1: e3925c690f664b2d60b0db1deec70e1d31b44377
sha256: a4c75c90355226ef3f1a7cf056e77b9bc4aed5e26021ac4f473ed2e5de460a4a
sha512: 62bb0e428148922a2e1c69085f7e855b7deb33336b4c41b2aa4466661f4a08f34bc94929830247be70ed9f18599c8ab6bc9ba30967431ffe6cf3d7ae519f51f6
ssdeep: 96:/lxER/nFY2NBc3+Ew7JZ1L2MCcQPpYmcRDucf6Jai1z0DxiF6lY9oO8l7aY6ueZP:/TE3Yr3MJvL2MCVpYplfMaFesYUZeXPB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E2028D5D75F64BEBF0FDAE3269A78649B071BC624B76331E568005061C6C3367C1E325
sha3_384: 2f9fdf818300da83c81d013656479ab12727efa0a79db5375ac0ebe5f5214f47df9635b8b1e0d22f148bff5c11347273
ep_bytes: b8e88b40005064ff3500000000648925
timestamp: 2022-05-07 00:00:45


Version Info:

CompanyName: JetBrains s.r.o
LegalCopyright: Copyright ©2011-2021 JetBrains s.r.o. All rights reserved.
FileDescription: JetBrains ETW Collector Host
FileVersion: 211.15.21.0
ProductName: JetBrains ETW Collector
ProductVersion: 211.15.21.0
Translation: 0x0000 0x04b0

Malware.AI.821152956 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Doris.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGen:Variant.Lazy.185607
CAT-QuickHealTrojan.Lazy
McAfeeRDN/Generic.dx
MalwarebytesMalware.AI.821152956
SangforTrojan.Win32.Agent.Vyfo
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Generic.f377ba41
SymantecTrojan Horse
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Downloader.Offer-9959757-0
KasperskyTrojan-Downloader.Win32.Agent.xyahmd
BitDefenderGen:Variant.Lazy.185607
MicroWorld-eScanGen:Variant.Lazy.185607
AvastWin32:Malware-gen
RisingDownloader.Agent!8.B23 (CLOUD)
Ad-AwareGen:Variant.Lazy.185607
SophosML/PE-A
DrWebTrojan.Siggen17.57362
VIPREGen:Variant.Lazy.185607
TrendMicroTROJ_FRS.0NA104HV22
McAfee-GW-EditionBehavesLike.Win32.VBObfus.xc
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Lazy.185607 (B)
GDataGen:Variant.Lazy.185607
JiangminTrojanDownloader.Agent.gciq
WebrootW32.Malware.Gen
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASCommon.3B
ArcabitTrojan.Lazy.D2D507
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Malware/Win.Generic.C5143266
BitDefenderThetaGen:NN.ZevbaF.34606.ai0faGMp1Gm
ALYacGen:Variant.Lazy.185607
VBA32BScope.Trojan.VB.01559
CylanceUnsafe
TrendMicro-HouseCallTROJ_FRS.0NA104HV22
TencentWin32.Trojan-Downloader.Agent.Gflw
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
Cybereasonmalicious.c02f39
PandaTrj/Chgt.AD

How to remove Malware.AI.821152956?

Malware.AI.821152956 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment