Malware

Generic.Starter.4.AE81AF30 removal guide

Malware Removal

The Generic.Starter.4.AE81AF30 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Starter.4.AE81AF30 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location

How to determine Generic.Starter.4.AE81AF30?



File Info:

name: 0362A216B24A07504702.mlw
path: /opt/CAPEv2/storage/binaries/c2d4ff5f71d9dafd0cc7cf9d137c157ab717665b10045a964e517e349c746872
crc32: E74802FB
md5: 0362a216b24a07504702d406d98a76d2
sha1: 30ed6d41a44957aa2cdbae3eac7922af9d25bf70
sha256: c2d4ff5f71d9dafd0cc7cf9d137c157ab717665b10045a964e517e349c746872
sha512: d3daae56434b3e7238c747aa826a6a0a40242d6680f685063d3a11d31be39bd99a4090002d2756e59567d0ad935a9f73d5d985b1ed94ad63f38f058a5937cc3f
ssdeep: 49152:IBJOcunJDWCqrj6RJ4iNxuU2rX6QFYX+LX+c4C:yoVRWxjcDtO9eC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F6952311BAC695F2D123197226269B21B93DBD200F62CEDB63C46E6DDE311C1DB313B6
sha3_384: ffe2b4253ee9f39cda9abb8494d758ffe89719fc71059e8ab1c9fa183cc1cc9e7c44be4b41e9652898f28d0699909d29
ep_bytes: e866050000e978feffffcccccccccccc
timestamp: 2022-03-03 13:15:57


Version Info:

0: [No Data]

Generic.Starter.4.AE81AF30 also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanGeneric.Starter.4.AE81AF30
FireEyeGeneric.mg.0362a216b24a0750
ALYacZum.Rastarby.4
MalwarebytesMalware.AI.4042439386
VIPREGeneric.Starter.4.AE81AF30
SangforSuspicious.Win32.Save.a
Elasticmalicious (high confidence)
APEXMalicious
ClamAVWin.Packed.Nanocore-9942160-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGeneric.Starter.4.AE81AF30
SophosGeneric ML PUA (PUA)
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
EmsisoftGeneric.Starter.4.AE81AF30 (B)
Antiy-AVLTrojan/Generic.ASCommon.24D
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataZum.Rastarby.4
CynetMalicious (score: 100)
Acronissuspicious
MAXmalware (ai score=87)
AVGWin32:Malware-gen
Cybereasonmalicious.6b24a0
AvastWin32:Malware-gen

How to remove Generic.Starter.4.AE81AF30?

Generic.Starter.4.AE81AF30 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment