Malware

Malware.AI.4024095225 removal

Malware Removal

The Malware.AI.4024095225 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4024095225 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A scripting utility was executed
  • A script process initiated network activity
  • Attempts to modify proxy settings

How to determine Malware.AI.4024095225?



File Info:

name: AFB2CB925D6A076D348A.mlw
path: /opt/CAPEv2/storage/binaries/6c1e716d45d9218045cbdf7c5c0a8000cabdd7ec8fb4e1e7bcf3d888abd58900
crc32: 9A9A44E9
md5: afb2cb925d6a076d348acbab2dc513af
sha1: 7237c51bd50c59deffb46acb9258459907719bd1
sha256: 6c1e716d45d9218045cbdf7c5c0a8000cabdd7ec8fb4e1e7bcf3d888abd58900
sha512: 72137539311acc08825f84ad8d43f5a776f452f8ee561d3746d42fa2dea24c884b6f815da4f7421b9e2829d4b7ca17c0e9bbe6e2c8f94d24aac9096ceb1720bd
ssdeep: 768:L3ojoMAZjYkLP91cie+FflqPgDMyaXU5/SyOerbi2OcvF1XVHAwDqjonbcuyD7U:jojoMAFYoFneAlqErn/eCOyVgwXnouy8
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1E223F2176BB83638CA5F80772B9AA7088644C24DF44C821D4FD469365EA7F745EEC363
sha3_384: d9b0b3b2b612f5fa5c3fe3df37c2967079bc2cea9f7c464f5ed6e3d3facf0abe425d8b86ea5f4f43719e82c50aeb3b74
ep_bytes: 60be152041008dbeebeffeff5789e58d
timestamp: 2018-02-01 20:46:15


Version Info:

0: [No Data]

Malware.AI.4024095225 also known as:

CynetMalicious (score: 100)
FireEyeGeneric.mg.afb2cb925d6a076d
CAT-QuickHealTrojan.TiggrePMF.S2150710
McAfeeGenericRXGR-FD!6CCF22FF2A79
MalwarebytesMalware.AI.4024095225
VIPREDropped:Generic.XPL.ADODB.1B82208D
K7AntiVirusTrojan ( 0051918e1 )
BitDefenderDropped:Generic.XPL.ADODB.1B82208D
K7GWTrojan ( 0051918e1 )
Cybereasonmalicious.25d6a0
CyrenW32/Agent.BJD.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32VBS/TrojanDownloader.Agent.SNB
APEXMalicious
ClamAVWin.Malware.Bladabindi-6972922-0
KasperskyHEUR:Trojan.VBS.SAgent.gen
NANO-AntivirusTrojan.Win32.Ursu.exfdyc
MicroWorld-eScanDropped:Generic.XPL.ADODB.1B82208D
AvastSNH:Script [Dropper]
Ad-AwareDropped:Generic.XPL.ADODB.1B82208D
SophosGeneric ML PUA (PUA)
McAfee-GW-EditionBehavesLike.Win32.Ramnit.pc
Trapminemalicious.high.ml.score
EmsisoftDropped:Generic.XPL.ADODB.1B82208D (B)
IkarusBackdoor.MSIL.Bladabindi
GDataWin32.Trojan.BSE.QSCBGO
JiangminTrojanDownloader.Script.gjh
MAXmalware (ai score=81)
Antiy-AVLTrojan/Generic.ASMalwS.2730
ArcabitGeneric.XPL.ADODB.1B82208D
ZoneAlarmHEUR:Trojan.VBS.SAgent.gen
MicrosoftProgram:Win32/Wacapew.C!ml
AhnLab-V3Malware/Win32.RL_Generic.R269122
Acronissuspicious
VBA32Trojan.Swrort
ALYacDropped:Generic.XPL.ADODB.1B82208D
CylanceUnsafe
YandexTrojan.GenAsa!qbutAVrvChM
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaGen:NN.ZexaF.34786.cmGfa8XNNVk
AVGSNH:Script [Dropper]

How to remove Malware.AI.4024095225?

Malware.AI.4024095225 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment