Malware

About “Malware.AI.866076925” infection

Malware Removal

The Malware.AI.866076925 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.866076925 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Installs itself for autorun at Windows startup
  • CAPE detected the NetWire malware family
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.866076925?



File Info:

name: 5E986103F1F504F374F5.mlw
path: /opt/CAPEv2/storage/binaries/cd3ef8c8a3729dd48f04fbaf3ea00935c7d7c976ba15ea32c6e08573e2cb5b1b
crc32: EC57267B
md5: 5e986103f1f504f374f5d21572906c87
sha1: 570f45b1ff0db452a53cd3b190ea953a208ec4ef
sha256: cd3ef8c8a3729dd48f04fbaf3ea00935c7d7c976ba15ea32c6e08573e2cb5b1b
sha512: 8403d73daaaca56f6e675b062ac0c124a1cef8b6cd96fb60aa95c1ce15aed65588bb03d1e136f8cf20d176bbe2f1f05f9a44a96d4e8cd8d1530b43df1e7fe0a8
ssdeep: 1536:CwsT/1L/lUIgmIWz7/2BTDRrs0XVzaRl6eFt/s55/qLrgaV5sW6K5neJDjNpkQEs:C1Flym7ziDEt/XxW7dXbmF8a4rh3J
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T190347C46EB47B866EE5D1AB048DFE13E86D46D0AC8324D46E3C13F6BFB725364408E64
sha3_384: d91ce0fbc634c99a7c523bb49c07a49e5924efd437b8c57d3d206ca53b065526a565888b82aab1d9f82600987b36d261
ep_bytes: 83ec1cc7042402000000ff151ca24000
timestamp: 2015-10-20 12:12:12


Version Info:

CompanyName: Elaborate Bytes AG
FileDescription: VirtualCloneDrive Preferences
FileVersion: 5.4.8.0
InternalName: VCDPrefs
LegalCopyright: 2002-2015 Elaborate Bytes AG
LegalTrademarks: 
OriginalFilename: 
ProductName: Virtual CloneDrive
ProductVersion: 5.4.8.0
Comments: 
Translation: 0x0409 0x04e4

Malware.AI.866076925 also known as:

BkavW32.AIDetectMalware
DrWebBackDoor.Wirenet.9
MicroWorld-eScanGen:Variant.Zusy.488122
ClamAVWin.Malware.Ursu-7604277-0
CAT-QuickHealTrojan.QbotIH.S28185033
ALYacGen:Variant.Zusy.488122
MalwarebytesMalware.AI.866076925
VIPREGen:Variant.Zusy.488122
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0055dd191 )
K7GWTrojan ( 0055dd191 )
BitDefenderThetaGen:NN.ZexaF.36662.oK0@aG4MMbdG
CyrenW32/Kryptik.KPH.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.EBOT
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.488122
NANO-AntivirusTrojan.Win32.Wirenet.dylbnz
AvastWin32:Evo-gen [Trj]
TencentMalware.Win32.Gencirc.114e2654
EmsisoftGen:Variant.Zusy.488122 (B)
F-SecureHeuristic.HEUR/AGEN.1341884
BaiduWin32.Worm.Autorun.bm
ZillyaTrojan.Kryptik.Win32.817313
McAfee-GW-EditionGenericR-IEZ!5E986103F1F5
Trapminesuspicious.low.ml.score
FireEyeGeneric.mg.5e986103f1f504f3
IkarusTrojan.Win32.Crypt
GDataGen:Variant.Zusy.488122
AviraHEUR/AGEN.1341884
Antiy-AVLTrojan/Win32.TSGeneric
XcitiumTrojWare.Win32.Dodiw.A@7mlbsl
ArcabitTrojan.Zusy.D772BA
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Qbot.VSD!MTB
GoogleDetected
McAfeeGenericR-IEZ!5E986103F1F5
MAXmalware (ai score=85)
VBA32BScope.TrojanPSW.Stealer
Cylanceunsafe
PandaTrj/Genetic.gen
RisingBackdoor.NetWiredRC!8.2AF (TFE:5:iOsgi2RTkMS)
SentinelOneStatic AI – Suspicious PE
FortinetW32/Kryptik.EBOY!tr
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.866076925?

Malware.AI.866076925 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment