About “Malware.AI.990189213” infection

The Malware.AI.990189213 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.990189213 virus can do?

Unconventionial language used in binary resources: Japanese
The binary contains an unknown PE section name indicative of packing
The executable is compressed using UPX
Authenticode signature is invalid

How to determine Malware.AI.990189213?


File Info:
name: 2BAD5119344B708A64D1.mlw
path: /opt/CAPEv2/storage/binaries/cb54e33cfc9dfb5aee5e3d456a69dd37069a8076842a0cbb192f7144328324b4
crc32: 6F8049A1
md5: 2bad5119344b708a64d1e02607a4d76b
sha1: 98b4b7146eb01cdd50ecee6a4c2a600999d397dd
sha256: cb54e33cfc9dfb5aee5e3d456a69dd37069a8076842a0cbb192f7144328324b4
sha512: 3288e0c514fa2d543eb7d5ad4e2fc209af7c83d730f83d85a22a5b55db0c2be0fe0d5360a684f76636bc18f1ec53b80da0625c9dcf19ad4579cadf217a9615b2
ssdeep: 192:/cAiwokaNLlz8Na6TGC+UoCkQ/niw/t7XXbWg2E2:/cA1okaH6TGTPmVHbYE2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T127921B92F32CB955E0860871CCAFD391A826FC329E2A6B477BC0775F2C711586972D74
sha3_384: 73a4eea45fc8c1119cd27655df2b67ef070ce277a0a42ea9decf44261b0b1f27e690fad6d3e6ed4d4f14de93edce85cc
ep_bytes: 60be00c040008dbe0050ffff5783cdff
timestamp: 2010-10-25 13:21:20

Version Info:
Translation: 0x0409 0x04b0
Comments: MPHf
CompanyName: nXGIcFJXhDQD
LegalCopyright: RnlOyNDdDOI
LegalTrademarks: XuQohdoG
ProductName: gts
FileVersion: 3.07.0005
ProductVersion: 3.07.0005
InternalName: s3ready
OriginalFilename: s3ready.exe

Malware.AI.990189213 also known as:

tehtris	Generic.Malware
MicroWorld-eScan	Gen:Trojan.Heur.bm0@!Fhh02lO
FireEye	Generic.mg.2bad5119344b708a
McAfee	GenericRXAA-FA!2BAD5119344B
Cylance	Unsafe
VIPRE	Gen:Trojan.Heur.bm0@!Fhh02lO
Sangfor	Suspicious.Win32.Save.a
Cybereason	malicious.9344b7
BitDefenderTheta	AI:Packer.A54C91AE1C
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
BitDefender	Gen:Trojan.Heur.bm0@!Fhh02lO
Cynet	Malicious (score: 100)
Avast	Win32:Malware-gen
Ad-Aware	Gen:Trojan.Heur.bm0@!Fhh02lO
Emsisoft	Gen:Trojan.Heur.bm0@!Fhh02lO (B)
Comodo	Packed.Win32.MUPX.Gen@24tbus
F-Secure	Heuristic.HEUR/AGEN.1251230
Sophos	Generic ML PUA (PUA)
APEX	Malicious
Jiangmin	TrojanClicker.VB.fk
Webroot	W32.Malware.Gen
Avira	HEUR/AGEN.1251230
MAX	malware (ai score=86)
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Trojan.Heur.bm0@!Fhh02lO
Google	Detected
AhnLab-V3	Trojan/Win32.Refroso.C73706
ALYac	Gen:Trojan.Heur.bm0@!Fhh02lO
Malwarebytes	Malware.AI.990189213
Ikarus	Trojan.Crypt
SentinelOne	Static AI – Malicious PE
AVG	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Malware.AI.990189213?

Malware.AI.990189213 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X