Malware

What is “Malware.AI.965437211”?

Malware Removal

The Malware.AI.965437211 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.965437211 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Malware.AI.965437211?



File Info:

name: DC3E1965D5C3A3A803B3.mlw
path: /opt/CAPEv2/storage/binaries/01b1591cd2368b41a2d59521ce7f5f0726abd7693da2eb424f1587f3a72114ee
crc32: 4C7C48CE
md5: dc3e1965d5c3a3a803b37ca7d9fc2673
sha1: 0fb857480d82ec6276e31d10775975939cf32f1f
sha256: 01b1591cd2368b41a2d59521ce7f5f0726abd7693da2eb424f1587f3a72114ee
sha512: 6391f790312d958d1cdaf5d899c86ce9a1994a8c4b14bcb3dbeb98b2e0a639026a522439649f1b2014664c1e3e51c61342dd1a6aacfe0b5d6922b56037df2f8e
ssdeep: 1536:ysnYr5dYbuVjajSjJm95llPFct+faAoUt+Qeg6TKVbXNXaBwpkzeqHaQvMzhzYPS:3njbSVylFctTB9utwwGraQIBYPS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T179D3D012B801D473D80A417A096BDA812B7BAD311AB9798377FE3E4B5D313E44F6B25C
sha3_384: 6de0c9fd3843d24e286894e92fee561d94baba6319b3483ef68b9049bf86a8ba11368882c334aa8393c5a13a6b981565
ep_bytes: e8c21d0000e917feffff558bec515153
timestamp: 2011-02-26 17:36:36


Version Info:

0: [No Data]

Malware.AI.965437211 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Symmi.4579
FireEyeGeneric.mg.dc3e1965d5c3a3a8
CAT-QuickHealTrojan.Vundo.Gen
ALYacGen:Variant.Symmi.4579
CylanceUnsafe
VIPRETrojan.Win32.Vundo.o (v)
K7AntiVirusHacktool ( 005289861 )
K7GWHacktool ( 005289861 )
Cybereasonmalicious.5d5c3a
BaiduWin32.Trojan.SpyVoltar.i
VirITTrojan.Win32.Generic.RRL
CyrenW32/Zbot.EW.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/SpyVoltar.A
APEXMalicious
ClamAVWin.Trojan.Buterat-151
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Symmi.4579
NANO-AntivirusTrojan.Win32.Buterat.djpxtg
SUPERAntiSpywareTrojan.Agent/Gen-Vundo
AvastWin32:Bancos-CFS [Trj]
TencentMalware.Win32.Gencirc.10b80359
SophosML/PE-A + Troj/Buterat-C
ComodoTrojWare.Win32.Buterat.WDX@4r7wue
DrWebBackDoor.Butirat.112
ZillyaBackdoor.Buterat.Win32.962
TrendMicroTSPY_BUTERAT_BK083E30.TOMC
McAfee-GW-EditionBehavesLike.Win32.Adware.ch
EmsisoftGen:Variant.Symmi.4579 (B)
IkarusBackdoor.Win32.Buterat
JiangminBackdoor/Buterat.ahi
WebrootW32.Infostealer.Zeus
AviraTR/Crypt.XPACK.Gen7
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASMalwS.1B91F
KingsoftHeur.SSC.2794264.1216.(kcloud)
MicrosoftTrojan:Win32/Vundo
ViRobotBackdoor.Win32.A.Buterat.135168.F
GDataGen:Variant.Symmi.4579
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Jorik.R33217
McAfeeGeneric BackDoor.acz
TACHYONBackdoor/W32.Buterat.135168.D
VBA32Backdoor.Buterat
MalwarebytesMalware.AI.965437211
TrendMicro-HouseCallTSPY_BUTERAT_BK083E30.TOMC
RisingTrojan.Neconyd!8.1263 (CLOUD)
YandexTrojan.GenAsa!rYGygahMYao
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.GOGY!tr
BitDefenderThetaGen:NN.ZexaF.34182.iuW@aWRhg!fk
AVGWin32:Bancos-CFS [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Malware.AI.965437211?

Malware.AI.965437211 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment