Malware

How to remove “Malware.AI.4028678471”?

Malware Removal

The Malware.AI.4028678471 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4028678471 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Network activity contains more than one unique useragent.
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Malware.AI.4028678471?



File Info:

name: CA63AE8DF02AC8A16072.mlw
path: /opt/CAPEv2/storage/binaries/ef68f7d85f26951931345c584e5de82305341eba2d5dd62e4319c6dd41d56e5f
crc32: CC3D9F7F
md5: ca63ae8df02ac8a16072894dc622ceaa
sha1: 51bd6aea162605b1053df8b15fef97f4c419a966
sha256: ef68f7d85f26951931345c584e5de82305341eba2d5dd62e4319c6dd41d56e5f
sha512: 0404e8b81aa71379899e63cb209dada815a96856f0955b75cfeeeb0ad5d0748c55440a3090308e6f3a32ce8df3f115db23b4f8bc480a4b95fbdd750c25e1234e
ssdeep: 24576:WNGftD6/6D/OHE0cy0+NvGwrdWYaJsIm88D8H2dW7g6J/:TfR23cZ+FGwrdWYeSw2dW7g6J
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C13533F2890B0523E928D5BDFABC778245FBE812FFDC8199F705914A61F5EA0A4D90D0
sha3_384: 1244d8c64bd46cd7af09e327798beea3ffe48a48f899f62f7fc0005441ab1f7b20ca4a59b3188d1ebf9662c642bfd5b1
ep_bytes: 60be00c06e008dbe0050d1ff57eb0b90
timestamp: 2018-06-04 09:21:03


Version Info:

CompanyName: TODO: 
FileDescription: TODO: 
FileVersion: 2.1.0.20
InternalName: shell.exe
LegalCopyright: Copyright (C) 2017
OriginalFilename: shell.exe
ProductName: TODO: 
ProductVersion: 2.1.0.20
Translation: 0x0804 0x04b0

Malware.AI.4028678471 also known as:

LionicTrojan.Win32.Agent.4!c
DrWebTrojan.PWS.Siggen2.14051
MicroWorld-eScanGen:Variant.Ursu.721535
FireEyeGeneric.mg.ca63ae8df02ac8a1
ALYacGen:Variant.Ursu.721535
CylanceUnsafe
ZillyaTrojan.Agent.Win32.1287175
SangforTrojan.Win32.Agent.xadfcu
K7AntiVirusTrojan ( 00524aca1 )
AlibabaTrojan:Win32/APTLazerus.d93a7f25
K7GWTrojan ( 00524aca1 )
Cybereasonmalicious.df02ac
ArcabitTrojan.Ursu.DB027F
BitDefenderThetaGen:NN.ZexaF.34212.enKfaWPgl9bj
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Agent.ZIO
TrendMicro-HouseCallTROJ_GEN.R002C0PAU22
Paloaltogeneric.ml
CynetMalicious (score: 99)
KasperskyTrojan.Win32.Agent.xadfcu
BitDefenderGen:Variant.Ursu.721535
AvastFileRepMalware
TencentWin32.Trojan.Agent.Szlb
Ad-AwareGen:Variant.Ursu.721535
SophosMal/Generic-S
ComodoMalware@#pi61ldrpnmyi
TrendMicroTROJ_GEN.R002C0PAU22
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
EmsisoftGen:Variant.Ursu.721535 (B)
JiangminTrojan.Generic.cofpx
eGambitUnsafe.AI_Score_99%
AviraHEUR/AGEN.1215333
Antiy-AVLTrojan/Generic.ASMalwS.351EBA1
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmTrojan.Win32.Agent.xadfcu
GDataGen:Variant.Ursu.721535
McAfeeArtemis!CA63AE8DF02A
VBA32suspected of Trojan.Downloader.gen
MalwarebytesMalware.AI.4028678471
APEXMalicious
RisingTrojan.Agent!8.B1E (CLOUD)
YandexTrojan.GenAsa!UHTxwww5mjw
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.74297100.susgen
FortinetW32/Agent.ZIO!tr
AVGFileRepMalware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.4028678471?

Malware.AI.4028678471 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment