Malware

Malware.AI.947558426 removal

Malware Removal

The Malware.AI.947558426 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.947558426 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • The binary contains an unknown PE section name indicative of packing
  • Looks up the external IP address
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Attempts to identify installed analysis tools by a known file location
  • Attempts to identify installed AV products by installation directory

Related domains:

ipinfo.io
wpad.local-net

How to determine Malware.AI.947558426?



File Info:

name: A3C88F292F70D960DBB4.mlw
path: /opt/CAPEv2/storage/binaries/cc55fabb987c560436b649a01ee2f334993d1b9602ce6178f12e94f180a26df1
crc32: 4013C810
md5: a3c88f292f70d960dbb4e7278913dd80
sha1: 22d941d9fb99db4d55fb1c2c9865e7d469fcb0bd
sha256: cc55fabb987c560436b649a01ee2f334993d1b9602ce6178f12e94f180a26df1
sha512: 07fc7403580a5fb71627f31f023cf1329e3cb4c130d18db7edf366d25f15066ad9bc616aeaa598aa96f098b21c4dadddb7d628cc66912288728d1e420c07f73c
ssdeep: 196608:S+5/m0At1CErA0JqYDKQ/uToGLYL63LOlZe:S+tmzt1Cr2qYDK/oUwe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T172866D12F2C4913ED0771A374D3BD6A4683BBA602E25CC5B2BF4498C8F39A417936797
sha3_384: 1a3e12a338c820cfde29a45541aff3cadb4408eb5f61d833dd591a9ce870b608b49d67015cd34bb1fc58e97cf4af9bec
ep_bytes: 558bec83c4f0b80c44ad00e8e4a492ff
timestamp: 2021-05-12 04:12:47


Version Info:

FileDescription: powerbook
FileVersion: 1.0.0.0
ProgramID: powerbook
ProductName: powerbook
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04e4

Malware.AI.947558426 also known as:

LionicTrojan.Win32.BestaFera.7!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ulise.262284
FireEyeGeneric.mg.a3c88f292f70d960
ALYacGen:Variant.Ulise.262284
CylanceUnsafe
ZillyaTrojan.BestaFera.Win32.9930
SangforTrojan.Win32.BestaFera.gen
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanBanker:Win32/BestaFera.cc0889c3
K7GWRiskware ( 0040eff71 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZelphiF.34294.@V0@aCFydzei
CyrenW32/Trojan.VWWQ-8673
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/TrojanDownloader.Delf.DFQ
TrendMicro-HouseCallTrojanSpy.Win32.BANKER.CBBCDK
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Banker.Win32.BestaFera.gen
BitDefenderGen:Variant.Ulise.262284
AvastWin32:WormX-gen [Wrm]
TencentWin32.Trojan-downloader.Delf.Lnee
Ad-AwareGen:Variant.Ulise.262284
SophosMal/Generic-S
TrendMicroTrojanSpy.Win32.BANKER.CBBCDK
McAfee-GW-EditionBehavesLike.Win32.Dropper.wh
EmsisoftGen:Variant.Ulise.262284 (B)
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Ulise.262284
JiangminTrojan.Banker.BestaFera.ifw
AviraHEUR/AGEN.1142293
MAXmalware (ai score=85)
Antiy-AVLTrojan[Banker]/Win32.BestaFera
ArcabitTrojan.Ulise.D4008C
MicrosoftTrojan:Win32/Sabsik.FT.A!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4484804
McAfeeTrojan-FTOD!A3C88F292F70
VBA32TrojanBanker.BestaFera
MalwarebytesMalware.AI.947558426
IkarusTrojan-Downloader.Win32.Banload
FortinetW32/BestaFera!tr
AVGWin32:WormX-gen [Wrm]
PandaTrj/RnkBend.A
MaxSecureTrojan.Malware.300983.susgen

How to remove Malware.AI.947558426?

Malware.AI.947558426 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment