About “Malware.AI.4019258730” infection

The Malware.AI.4019258730 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Malware.AI.4019258730 virus can do?

• SetUnhandledExceptionFilter detected (possible anti-debug)
• Behavioural detection: Executable code extraction – unpacking
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Creates RWX memory
• NtSetInformationThread: attempt to hide thread from debugger
• Possible date expiration check, exits too soon after checking local time
• Dynamic (imported) function loading detected
• Enumerates the modules from a process (may be used to locate base addresses in process injection)
• Reads data out of its own binary image
• CAPE extracted potentially suspicious content
• Drops a binary and executes it
• Unconventionial binary language: Russian
• Unconventionial language used in binary resources: Russian
• The binary likely contains encrypted or compressed data.
• Authenticode signature is invalid
• Queries information on disks, possibly for anti-virtualization
• Checks for the presence of known windows from debuggers and forensic tools
• Installs itself for autorun at Windows startup
• Spoofs its process name and/or associated pathname to appear as a legitimate process
• CAPE detected the EnigmaStub malware family
• Attempts to identify installed AV products by installation directory
• Checks for the presence of known devices from debuggers and forensic tools
• Attempted to write directly to a physical drive
• Binary compilation timestomping detected

How to determine Malware.AI.4019258730?

File Info:
name: 270347BF22D7FDFD5D87.mlw
path: /opt/CAPEv2/storage/binaries/b74d4203c8bf7382867d504d4845db6a45b020f62cdae6c6e32e53dd3b3166cd
crc32: 81BF9A0F
md5: 270347bf22d7fdfd5d87cae743eb878e
sha1: ffab2c27a1e70cb00d4196df23c70ebdfcdf3e07
sha256: b74d4203c8bf7382867d504d4845db6a45b020f62cdae6c6e32e53dd3b3166cd
sha512: 74eba894bdaffaa2bb2ad0ceff6f876c21f50bc8a63db7867afd493fc4969efbe7b4ac9701be414bee80e578fa4e19bf70d18c5e5a6ede6fb0d7f1610580b9ca
ssdeep: 24576:vzy8H5Sy3/07/7UJwXnk/F9qFICC+yRz/f3xGD6pJMNvMkfB6ydnWUqAue5i:Omp87giXnqFQ3Gzn3xGEmkkffAUqAu
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T19865230B66D930A6D475D374469306D3A771B9A2130C02EF09EDEE7869233F17A32B6D
sha3_384: 3e575a6baf25433909c51b40300e3a23ac5f5069152e942ba1704da18d984568b8cd3f1d81d754e17cfbcc81b8ef39ee
ep_bytes: 4883ec28e85b0700004883c428e90600
timestamp: 2062-07-25 12:18:00

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Самоизвлечение CAB-файлов Win32                                           
FileVersion: 11.00.19041.1165 (WinBuild.160101.0800)
InternalName: Wextract                
LegalCopyright: © Корпорация Майкрософт. Все права защищены.
OriginalFilename: WEXTRACT.EXE            .MUI
ProductName: Internet Explorer
ProductVersion: 11.00.19041.1165
Translation: 0x0419 0x04b0

Malware.AI.4019258730 also known as:

How to remove Malware.AI.4019258730?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.