Malware

About “Malware.AI.1040164907” infection

Malware Removal

The Malware.AI.1040164907 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1040164907 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • A process created a hidden window
  • Unconventionial language used in binary resources: Hebrew
  • Uses Windows utilities for basic functionality
  • Attempts to modify desktop wallpaper
  • Exhibits behavior characteristic of Cerber ransomware
  • Attempts to execute a binary from a dead or sinkholed URL
  • Writes a potential ransom message to disk
  • Attempts to modify proxy settings
  • Attempts to access Bitcoin/ALTCoin wallets
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.1040164907?



File Info:

crc32: ACAE7557
md5: 84647d7d1d3ba8346d38da4bd4f1b5f1
name: 84647D7D1D3BA8346D38DA4BD4F1B5F1.mlw
sha1: 950def88e818663c16078e6d0eed6b63b935cee2
sha256: b7de51644ea8ae3e5cc13c51b7055e0c87ca80461484d3a13529233a8ea840b7
sha512: 926821f8dfdd52d537b5fdb55999f23f14aad05100f54e3f2d2d55c45d8ab25c0ccd7d2235bcac451a71c2d82a2ba0f196f512cf7885641482b3aea75d8bb0ee
ssdeep: 6144:sCSK8DTayM6Ct4ejdwtaIfNHt6zxB/gaBIzD4iDZIO7Ouh992STjrBpZwfKIE6/+:MKqaJ7F2wwHANV7BqjDZcGPTPiyX6G
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 2009 - 2011 Nir Sofer
InternalName: WhatInStartup
FileVersion: 1.33
CompanyName: NirSoft
ProductName: WhatInStartup
ProductVersion: 1.33
FileDescription: WhatInStartup
OriginalFilename: WhatInStartup.exe
Translation: 0x0409 0x04b0

Malware.AI.1040164907 also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005224381 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.10731
CynetMalicious (score: 100)
CAT-QuickHealRansom.Cerber.A4
ALYacGen:Variant.Zusy.232524
CylanceUnsafe
ZillyaTrojan.Zerber.Win32.1782
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Cerber.ali1020013
K7GWTrojan ( 005224381 )
Cybereasonmalicious.d1d3ba
BaiduWin32.Trojan.Kryptik.alb
CyrenW32/Cerber.BF.gen!Eldorado
ESET-NOD32a variant of Win32/Kryptik.FQRH
APEXMalicious
AvastWin32:Filecoder-BG [Trj]
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.232524
NANO-AntivirusTrojan.Win32.Zerber.enraaw
MicroWorld-eScanGen:Variant.Zusy.232524
TencentMalware.Win32.Gencirc.10bbbb1a
Ad-AwareGen:Variant.Zusy.232524
SophosML/PE-A + Mal/Cerber-B
ComodoTrojWare.Win32.Ransom.Cerber.FJ@6wjqwh
BitDefenderThetaGen:NN.ZexaF.34628.Sq1@aSOAmRiO
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_CERBER.F117DH
McAfee-GW-EditionBehavesLike.Win32.Emotet.bm
FireEyeGeneric.mg.84647d7d1d3ba834
EmsisoftGen:Variant.Zusy.232524 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.ggqat
AviraHEUR/AGEN.1106595
MicrosoftRansom:Win32/Cerber.J
ArcabitTrojan.Zusy.D38C4C
AegisLabTrojan.Win32.Zerber.j!c
GDataGen:Variant.Zusy.232524
AhnLab-V3Win-Trojan/Cerber.Gen
Acronissuspicious
McAfeeRansomware-CBER!84647D7D1D3B
MAXmalware (ai score=89)
VBA32BScope.TrojanSpy.Zbot
MalwarebytesMalware.AI.1040164907
PandaTrj/Genetic.gen
TrendMicro-HouseCallRansom_CERBER.F117DH
RisingTrojan.Kryptik!1.AE9C (CLOUD)
YandexTrojan.GenAsa!Vzye+N2Hcqk
IkarusTrojan.Crypt
FortinetW32/Kryptik.HJJV!tr
AVGWin32:Filecoder-BG [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Filecoder.HxQB8dsA

How to remove Malware.AI.1040164907?

Malware.AI.1040164907 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment