Win32/Packed.7Zip.AI (file analysis)

The Win32/Packed.7Zip.AI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Packed.7Zip.AI virus can do?

Sample contains Overlay data
Reads data out of its own binary image
Unconventionial language used in binary resources: Russian
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Win32/Packed.7Zip.AI?


File Info:
name: D92BAB9F23B95BF6D080.mlw
path: /opt/CAPEv2/storage/binaries/6960c028807872b5ab69e1830917d097854e69a67bcd569c932be245e8ca6b79
crc32: 8C98DDA9
md5: d92bab9f23b95bf6d080163c8494017b
sha1: d8875f441913e3f6925dabbffc7335944e7a4f53
sha256: 6960c028807872b5ab69e1830917d097854e69a67bcd569c932be245e8ca6b79
sha512: a208772769213db2ce776d07170c949184f5f6697a1ba54b92b81aa1ab198fba0b390dcdcf49b87c7a015fb5d6b526f89aa9ebf3161ede8474fb00796003893b
ssdeep: 49152:6H55LHLNTGYCbfte2Ns1OEU2iLxpmn7MVSirOmkBR9e1VD2+qSh31W5:6H5599kftet1OFXyMJr4DeXSKq5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T171A52380FDC0ACF1D02215B69D60EA293A7AF7520B3E19C379B47816D7711C5763AE8B
sha3_384: 0bafe51e5f6264148ec2d09baca2447fa66065ea3325f135a9141cf75cc5bb72d4215ffd019c2ef545bc0a195984b8e6
ep_bytes: 558bec6aff6880c4410068f095410064
timestamp: 2012-05-28 09:05:18

Version Info:
CompanyName: Alexander Roshalov
LegalCopyright: Copyright © Alexander Roshalov 1993-2022
LegalTrademarks: i6i7ju56ytgrft423t
ProductName: WinRAR
PrivateBuild: i67juyhtgerft34t34
Comments: k786jutyhrtgj756h4tgrku6jyhrtgerjyhrtgerfwc
FileVersion: 6.11.0.0
SpecialBuild: k68ju7yh5rtgsdgfsdgderfwe
OriginalFilename: Uninstall.exe
FileDescription: Uninstall WinRAR
InternalName: Uninstall WinRAR
ProductVersion: 6.11.0.7
Created: 7z SFX Constructor v4.6.0.0 (http://usbtor.ru/viewtopic.php?t=798)
Builder: ahileeeeeess 16:37:05 15/10/2023
Translation: 0x0000 0x04b0

Win32/Packed.7Zip.AI also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Stealer.tsi1
ClamAV	Win.Malware.7zip-10013374-0
Skyhigh	BehavesLike.Win32.Dropper.vc
McAfee	Artemis!D92BAB9F23B9
Malwarebytes	Trojan.Dropper
Zillya	Trojan.7Zip.Win32.192
Sangfor	Trojan.Win32.Agent.Vr92
CrowdStrike	win/malicious_confidence_100% (W)
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Packed.7Zip.AI
Cynet	Malicious (score: 100)
BitDefender	Trojan.GenericKD.70018710
ViRobot	Trojan.Win.Z.Agent.2234430
MicroWorld-eScan	Trojan.GenericKD.70018710
Sophos	Mal/Generic-S
VIPRE	Trojan.GenericKD.70018710
Trapmine	suspicious.low.ml.score
FireEye	Trojan.GenericKD.70018710
Emsisoft	Trojan.GenericKD.70018710 (B)
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	Trojan:Win32/Wacatac.B!ml
Arcabit	Trojan.Generic.D42C6696
GData	Trojan.GenericKD.70018710
Varist	W32/Dropper.EM.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R619113
ALYac	Trojan.GenericKD.70018710
MAX	malware (ai score=80)
DeepInstinct	MALICIOUS
TrendMicro-HouseCall	TROJ_GEN.R002H09K323
Tencent	Malware.Win32.Gencirc.13f36c13
Yandex	Trojan.Agent!ZUALZUIUKwo
Ikarus	Trojan.Win32.7zip
AVG	Win32:Malware-gen
Avast	Win32:Malware-gen

How to remove Win32/Packed.7Zip.AI?

Win32/Packed.7Zip.AI removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X