Categories: Malware

Malware.AI.947558426 removal

The Malware.AI.947558426 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Malware.AI.947558426 virus can do?

Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Dynamic (imported) function loading detected
Enumerates running processes
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
The binary contains an unknown PE section name indicative of packing
Looks up the external IP address
Authenticode signature is invalid
Checks for the presence of known windows from debuggers and forensic tools
Attempts to identify installed analysis tools by a known file location
Attempts to identify installed AV products by installation directory

Related domains:

ipinfo.io

wpad.local-net

How to determine Malware.AI.947558426?


File Info:
name: A3C88F292F70D960DBB4.mlwpath: /opt/CAPEv2/storage/binaries/cc55fabb987c560436b649a01ee2f334993d1b9602ce6178f12e94f180a26df1crc32: 4013C810md5: a3c88f292f70d960dbb4e7278913dd80sha1: 22d941d9fb99db4d55fb1c2c9865e7d469fcb0bdsha256: cc55fabb987c560436b649a01ee2f334993d1b9602ce6178f12e94f180a26df1sha512: 07fc7403580a5fb71627f31f023cf1329e3cb4c130d18db7edf366d25f15066ad9bc616aeaa598aa96f098b21c4dadddb7d628cc66912288728d1e420c07f73cssdeep: 196608:S+5/m0At1CErA0JqYDKQ/uToGLYL63LOlZe:S+tmzt1Cr2qYDK/oUwetype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T172866D12F2C4913ED0771A374D3BD6A4683BBA602E25CC5B2BF4498C8F39A417936797sha3_384: 1a3e12a338c820cfde29a45541aff3cadb4408eb5f61d833dd591a9ce870b608b49d67015cd34bb1fc58e97cf4af9becep_bytes: 558bec83c4f0b80c44ad00e8e4a492fftimestamp: 2021-05-12 04:12:47
Version Info:
FileDescription: powerbookFileVersion: 1.0.0.0ProgramID: powerbookProductName: powerbookProductVersion: 1.0.0.0Translation: 0x0409 0x04e4

Malware.AI.947558426 also known as:

Lionic	Trojan.Win32.BestaFera.7!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Ulise.262284
FireEye	Generic.mg.a3c88f292f70d960
ALYac	Gen:Variant.Ulise.262284
Cylance	Unsafe
Zillya	Trojan.BestaFera.Win32.9930
Sangfor	Trojan.Win32.BestaFera.gen
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	TrojanBanker:Win32/BestaFera.cc0889c3
K7GW	Riskware ( 0040eff71 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZelphiF.34294.@V0@aCFydzei
Cyren	W32/Trojan.VWWQ-8673
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/TrojanDownloader.Delf.DFQ
TrendMicro-HouseCall	TrojanSpy.Win32.BANKER.CBBCDK
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Banker.Win32.BestaFera.gen
BitDefender	Gen:Variant.Ulise.262284
Avast	Win32:WormX-gen [Wrm]
Tencent	Win32.Trojan-downloader.Delf.Lnee
Ad-Aware	Gen:Variant.Ulise.262284
Sophos	Mal/Generic-S
TrendMicro	TrojanSpy.Win32.BANKER.CBBCDK
McAfee-GW-Edition	BehavesLike.Win32.Dropper.wh
Emsisoft	Gen:Variant.Ulise.262284 (B)
SentinelOne	Static AI – Suspicious PE
GData	Gen:Variant.Ulise.262284
Jiangmin	Trojan.Banker.BestaFera.ifw
Avira	HEUR/AGEN.1142293
MAX	malware (ai score=85)
Antiy-AVL	Trojan[Banker]/Win32.BestaFera
Arcabit	Trojan.Ulise.D4008C
Microsoft	Trojan:Win32/Sabsik.FT.A!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C4484804
McAfee	Trojan-FTOD!A3C88F292F70
VBA32	TrojanBanker.BestaFera
Malwarebytes	Malware.AI.947558426
Ikarus	Trojan-Downloader.Win32.Banload
Fortinet	W32/BestaFera!tr
AVG	Win32:WormX-gen [Wrm]
Panda	Trj/RnkBend.A
MaxSecure	Trojan.Malware.300983.susgen