Malware

What is “Malware.AI.4031143606”?

Malware Removal

The Malware.AI.4031143606 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Malware.AI.4031143606 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Steals private information from local Internet browsers
  • CAPE detected the Loki malware family
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system

How to determine Malware.AI.4031143606?


File Info:

name: 14BA26EBF4E5348C92C5.mlw
path: /opt/CAPEv2/storage/binaries/f12b997157f70dab412b88bcd7934b3815818f9d32dcf6986a882e323a0f739a
crc32: 086B5A9A
md5: 14ba26ebf4e5348c92c5de83fc2ffe01
sha1: ed9000f6ecb34f7fde4d891d3fb98b1cbf535550
sha256: f12b997157f70dab412b88bcd7934b3815818f9d32dcf6986a882e323a0f739a
sha512: 410915a86c150246a4ee6aa40deddb228f86fd9b540b9e62bb3a8a4cfdb6f3e7e85b020f08d8375cd714dcd1b0bdb3dd8fb1cda680a93960ec2a0f83928b1c92
ssdeep: 6144:rGikTS6//z+TU3OVfoi5Vvd1NBmKbKiXpKuFugJZT:QTSkzZ3UzrLNBSovFuoZT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12934132BE1D14CA3C59209B454BFB33FABFD52795092390F8B6D4F771C252AB89049B1
sha3_384: 8c0e539e8cd2bbac7281cba353812575115168ba5adb4e835d5604a38a71af9826b4da30f7ceaed9ab6ae434be2bf6d8
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2008-10-10 21:49:01

Version Info:

0: [No Data]

Malware.AI.4031143606 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Androm.m!c
DrWebTrojan.Loader.977
MicroWorld-eScanTrojan.GenericKD.48695969
CAT-QuickHealTrojan.Spynoon
McAfeeRDN/Generic.hbg
CylanceUnsafe
SangforBackdoor.Win32.Androm.gen
K7AntiVirusTrojan ( 0058fdf51 )
AlibabaBackdoor:Win32/SpyNoon.bb168db1
K7GWTrojan ( 0058fdf51 )
BitDefenderThetaGen:NN.ZexaCO.34666.aqW@amuBKnpi
CyrenW32/Injector.AVR.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/PSW.Fareit.L
TrendMicro-HouseCallTROJ_GEN.R002C0DCQ22
Paloaltogeneric.ml
KasperskyHEUR:Backdoor.Win32.Androm.gen
BitDefenderTrojan.GenericKD.48695969
AvastWin32:PWSX-gen [Trj]
TencentWin32.Backdoor.Androm.Dyqs
Ad-AwareTrojan.GenericKD.48695969
SophosMal/Generic-S
ComodoMalware@#2pw2atjsvkxq7
ZillyaTrojan.Fareit.Win32.38581
TrendMicroTROJ_GEN.R002C0DCQ22
McAfee-GW-EditionRDN/Generic.hbg
FireEyeTrojan.GenericKD.48695969
EmsisoftTrojan.GenericKD.48695969 (B)
GDataWin32.Trojan.PSE.1FFEO5J
WebrootW32.Malware.Gen
AviraTR/Crypt.ZPACK.ulztc
MAXmalware (ai score=89)
ArcabitTrojan.Generic.D2E70AA1
MicrosoftTrojan:Win32/SpyNoon.RPS!MTB
CynetMalicious (score: 100)
VBA32BScope.Trojan.Wacatac
ALYacTrojan.Agent.FormBook
MalwarebytesMalware.AI.4031143606
APEXMalicious
RisingTrojan.Injector!8.C4 (CLOUD)
YandexTrojan.Igent.bXHZDu.32
IkarusTrojan.Agent
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Injector.ERKP!tr
AVGWin32:PWSX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.4031143606?

Malware.AI.4031143606 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment