Malware

Malware.AI.4041957021 malicious file

Malware Removal

The Malware.AI.4041957021 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4041957021 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with ASPack
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Attempts to modify proxy settings
  • CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
  • Creates a copy of itself
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.4041957021?



File Info:

name: 51211D550C197B5D30F2.mlw
path: /opt/CAPEv2/storage/binaries/0481a8020396fefd9b6dc68c689094deb5d08106a54d6561e684e234039ae282
crc32: 9F47D5CB
md5: 51211d550c197b5d30f243c54506cbc3
sha1: e0d1b97063d69c825d2b82009c1880b71a6003bc
sha256: 0481a8020396fefd9b6dc68c689094deb5d08106a54d6561e684e234039ae282
sha512: 38da674d928c65404bffbc0a884baa705183b7eddf70e0b1969d4dbf980ebb316589909068ff60dc912f0bc3e0e2ce49889dd9d7083535385c65df673b81b282
ssdeep: 768:0P1kD/9p4autt74pgCnEM1U2n28E0roktkSmGyxyj3DnnEV:0PCD/9966Vy2npUQkSmALEV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18F831763AD0847F6DDD112BCC45EFA424BFAF9308BE1A3B385610EB6CC255D49C6452B
sha3_384: 83f28d5a996aa09cbe594bbac402a114fa54e49b4508088998d7170e131399bad4ad68a35db269cb9dbdfeb37d049062
ep_bytes: 558bec83ec488d45b850ff15a0304000
timestamp: 2013-01-29 18:03:15


Version Info:

CompanyName: Microsoft Corporation
FileDescription: MLS Migrate DLL
FileVersion: 9.00.00.4503 (xpsp.080413-0845)
InternalName: migrate.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: migrate.exe
ProductName: Microsoft® Windows Media Services
ProductVersion: 9.00.00.4503
Translation: 0x0409 0x04b0

Malware.AI.4041957021 also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.400065
FireEyeGeneric.mg.51211d550c197b5d
McAfeePWS-Zbot-FAKU!51211D550C19
MalwarebytesMalware.AI.4041957021
SangforSuspicious.Win32.Save.ins
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaAI:Packer.1DCB46C31F
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.ATEV
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Barys.400065
NANO-AntivirusTrojan.Win32.MlwGen.crgpsl
AvastWin32:Sirefef-AXJ [Rtk]
EmsisoftGen:Variant.Barys.400065 (B)
BaiduWin32.Trojan.Agent.eq
F-SecureDropper.DR/Delphi.Gen
DrWebTrojan.DownLoader7.51017
VIPREGen:Variant.Barys.400065
McAfee-GW-EditionBehavesLike.Win32.Fake.mz
Trapminemalicious.moderate.ml.score
SophosMal/EncPk-AIT
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Barys.400065
JiangminTrojan.Generic.dvnas
AviraDR/Delphi.Gen
MAXmalware (ai score=81)
XcitiumTrojWare.Win32.ShipUp.BNL@4v1obi
ArcabitTrojan.Barys.D61AC1
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftRogue:Win32/FakeDef
GoogleDetected
VBA32TScope.Malware-Cryptor.SB
ALYacGen:Variant.Barys.400065
Cylanceunsafe
RisingSpyware.Zbot!8.16B (TFE:2:tXNhLZz0tcP)
IkarusBackdoor.Win32.Hlux
FortinetW32/Hulo.ES!tr
AVGWin32:Sirefef-AXJ [Rtk]
Cybereasonmalicious.50c197
DeepInstinctMALICIOUS

How to remove Malware.AI.4041957021?

Malware.AI.4041957021 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment