Malware

Malware.AI.2418196431 information

Malware Removal

The Malware.AI.2418196431 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.2418196431 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

How to determine Malware.AI.2418196431?



File Info:

name: 066CC745306B01AFAD0A.mlw
path: /opt/CAPEv2/storage/binaries/1948a2375fad11060d110eb5b45b26f37fd7c34918e8c1c39eb2d963b341a3f7
crc32: 06DFC22C
md5: 066cc745306b01afad0a7b776f0a4f6c
sha1: a93e5693beb28eec8528cc22e89f0d2d31c19323
sha256: 1948a2375fad11060d110eb5b45b26f37fd7c34918e8c1c39eb2d963b341a3f7
sha512: 817714779ab779409b8fc3465ac2f83d9b488d18b8f0c66dd14131139cd58176fbc8478230594249f5a1b6a7fb60e1de66bffb0e9eb64b11e87689513c4ea766
ssdeep: 6144:xFHPVCtBi7NYHaAVFm+ltY7TflDuOSxDUHlGcUEf8QAVZHsZ66zEQ:f8tBIfAVFm+jK9DuJDUHlGcFffAVZHs/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12E843B527A0CA3E5F2BB693AD2CF703CEBF19C651373EA49AA8D719E0503742D9154C8
sha3_384: e3bd6d377e9750ac1232e949023588084414326d18808d35c5429ea04ffa8cd7e2bd47a016c6661e4a358fd983443661
ep_bytes: ff250020400000000000000000000000
timestamp: 2017-12-19 22:06:10


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: WindowsApplication4.exe
LegalCopyright: Copyright ©  2017
OriginalFilename: WindowsApplication4.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Malware.AI.2418196431 also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader26.3123
MicroWorld-eScanGen:Variant.MSILPerseus.135745
FireEyeGeneric.mg.066cc745306b01af
McAfeeRDN/Generic BackDoor
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.2817376
SangforSuspicious.Win32.Save.a
K7AntiVirusRiskware ( 0040eff71 )
AlibabaBackdoor:MSIL/Disfa.d7df357c
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.5306b0
BitDefenderThetaGen:NN.ZemsilF.34084.xq0@a49tEbo
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Kryptik.OIQ
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 99)
KasperskyHEUR:Backdoor.MSIL.Generic
BitDefenderGen:Variant.MSILPerseus.135745
NANO-AntivirusTrojan.Win32.Bladabindi.ewfvwn
AvastWin32:Malware-gen
TencentMsil.Backdoor.Generic.Eoq
Ad-AwareGen:Variant.MSILPerseus.135745
EmsisoftGen:Variant.MSILPerseus.135745 (B)
ComodoMalware@#14uagueyv5man
VIPRETrojan.Win32.Generic!BT
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.MSILPerseus.135745
JiangminBackdoor.MSIL.bnjy
eGambitUnsafe.AI_Score_100%
AviraTR/Dropper.Gen
MAXmalware (ai score=99)
Antiy-AVLTrojan/Win32.TSGeneric
ArcabitTrojan.MSILPerseus.D21241
MicrosoftBackdoor:MSIL/Bladabindi
AhnLab-V3Trojan/Win32.Bladabindi.C2678382
VBA32Backdoor.MSIL.Bladabindi
ALYacGen:Variant.MSILPerseus.135745
MalwarebytesMalware.AI.2418196431
RisingTrojan.Generic@ML.99 (RDML:wFwq74zOuHzM3Y92HTmx0w)
YandexBackdoor.Bladabindi!t4oy39GEE9E
IkarusTrojan.MSIL.Disfa
MaxSecureTrojan.Malware.300983.susgen
FortinetGenerik.HYADKRZ!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Malware.AI.2418196431?

Malware.AI.2418196431 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment