Malware

Malware.AI.906339604 removal tips

Malware Removal

The Malware.AI.906339604 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.906339604 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • DNS query to a paste site or service detected
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Checks the version of Bios, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system

Related domains:

wpad.local-net
pastebin.com

How to determine Malware.AI.906339604?



File Info:

name: 285D8DA902BBA5BAF72B.mlw
path: /opt/CAPEv2/storage/binaries/e1239c6c28aee161f3e120d4891d0ded7daf26845332b2fc8871fedd9346cd5b
crc32: 6E70C24D
md5: 285d8da902bba5baf72bf4a1d48a0cfb
sha1: d09fb03d624a2bf7a0f88b558e79524056b157d9
sha256: e1239c6c28aee161f3e120d4891d0ded7daf26845332b2fc8871fedd9346cd5b
sha512: f0faf9531d80d72393ed932737e9f1dd7b921b8c087290518a4ba6dbd8ae3f4ee3d4056347bf96471be434ef408c9f5cf56031d199de29d66f53f1cfdf45a9c1
ssdeep: 49152:d4Q9AERN2ijicbtIAbKCwBMBTsMFeMc/u1g6SsuAMosbjAsY0g0RgR:d4QbRNltt1wWBTsMkMc/t6Dut40R
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1470633933DD1A93BEE98587E40C117ED889FAD62DE784B1651CE7E8D3F33802590436A
sha3_384: 2b5254e48e4eefd47bc0582565454197aeb16cc3defad8f9795007042277958e3a8c639a6f5b21d9b2a4a087f8d10ec6
ep_bytes: 81ecd4020000535556576a2033ed5e89
timestamp: 2012-02-24 19:20:04


Version Info:

CompanyName: 
FileVersion: 1.9.2.0
Country: 
Release: Final
FileDescription: 
LegalCopyright: 
ProductVersion: 
ProductName: 
OriginalFilename: Windows Loader.exe
InternalName:

Malware.AI.906339604 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanDropped:Trojan.GenericKD.36704087
FireEyeDropped:Trojan.GenericKD.36704087
ALYacDropped:Trojan.GenericKD.36704087
CylanceUnsafe
ZillyaTrojan.Blocker.Win32.12926
SangforHacktool.Win32.WinActivator.b
Cybereasonmalicious.902bba
BitDefenderThetaGen:NN.ZexaF.34294.!oNfaCUzYHli
CyrenW32/S-861d1f53!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
ClamAVWin.Ransomware.Sodinokibi-9887839-0
KasperskyHackTool.Win32.WinActivator.b
BitDefenderDropped:Trojan.GenericKD.36704087
NANO-AntivirusRiskware.Win32.WinActivator.ivssss
AvastWin32:PUP-gen [PUP]
Ad-AwareDropped:Trojan.GenericKD.36704087
SophosWindows 7 Loader (PUA)
ComodoMalware@#1r4930xuovng8
TrendMicroHKTL_KEYGEN_FC240003.UVPM
McAfee-GW-EditionBehavesLike.Win32.Dropper.wc
EmsisoftDropped:Trojan.GenericKD.36704087 (B)
SentinelOneStatic AI – Suspicious PE
GDataDropped:Trojan.GenericKD.36704087
AviraHEUR/AGEN.1122486
Antiy-AVLTrojan/Generic.ASMalwS.5E217
MicrosoftTrojan:Win32/Vigorf.A
CynetMalicious (score: 99)
McAfeeGenericR-JEA!285D8DA902BB
MAXmalware (ai score=85)
VBA32TrojanDropper.abdu
MalwarebytesMalware.AI.906339604
TrendMicro-HouseCallHKTL_KEYGEN_FC240003.UVPM
YandexTrojan.Agent!Xa91zrSZMFE
IkarusKeygen.ActivationWin7
eGambitUnsafe.AI_Score_100%
AVGWin32:PUP-gen [PUP]

How to remove Malware.AI.906339604?

Malware.AI.906339604 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment