Malware

What is “Malware.AI.4052840613”?

Malware Removal

The Malware.AI.4052840613 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4052840613 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Starts servers listening on :0, 0.0.0.0:4433, 0.0.0.0:6881
  • Enumerates running processes
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Malware.AI.4052840613?



File Info:

name: 275B1AFC0EBA0E453DE2.mlw
path: /opt/CAPEv2/storage/binaries/c8166cc156b4c6348755c26ef6b1fda2eb28d1205ceedc7b9178e8aec3a8b8c0
crc32: 9B8662C3
md5: 275b1afc0eba0e453de2db7106063ff7
sha1: 190fd551017f2a343c0eeada28c71224c9d18891
sha256: c8166cc156b4c6348755c26ef6b1fda2eb28d1205ceedc7b9178e8aec3a8b8c0
sha512: 5fbecbf49b9c70650c01178c691f8052a8e2d4ff3408ac499f508bfed4ce8b5108301e1d9ebdc8d725ed5e255f73673ba533e1ddd87809e56c2b4d9edc9fd063
ssdeep: 98304:vqfr8qjV5REqFsCwv6mfin14F4AMbogmZMznOWE1tDxxlqv:igqjvwibF92x7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15836BF11FBD6C0B7CB53217205ABA33E896AD65507355FD3E2C81F2A1D312C17A3A29B
sha3_384: 2336225f12471e8796c90cd4042ad0307907c4dd2cadb96a65e1614d14cf191c9cb7f507aac6033e7211b87a2064c6e0
ep_bytes: e8e9d50000e979feffff3b0df0fe8400
timestamp: 2016-11-21 16:18:07


Version Info:

CompanyName: TODO: 
FileDescription: TODO: 
FileVersion: 1.0.0.1
InternalName: P1.exe
LegalCopyright: TODO: (c) .  All rights reserved.
OriginalFilename: P1.exe
ProductName: TODO: 
ProductVersion: 1.0.0.1
Translation: 0x0409 0x04e4

Malware.AI.4052840613 also known as:

LionicTrojan.Win32.Flgd.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.FLGD
FireEyeTrojan.Agent.FLGD
CAT-QuickHealTrojan.GenericRI.S16124835
McAfeeGenericRXAA-AA!275B1AFC0EBA
CylanceUnsafe
ZillyaTool.TorTool.Win32.287
AlibabaTrojan:Win32/Generic.2ce6ce86
CyrenW32/Trojan.GFT.gen!Eldorado
SymantecML.Attribute.HighConfidence
Paloaltogeneric.ml
ClamAVWin.Trojan.Remcos-9881483-0
BitDefenderTrojan.Agent.FLGD
TencentMalware.Win32.Gencirc.10cec2f1
Ad-AwareTrojan.Agent.FLGD
EmsisoftTrojan.Agent.FLGD (B)
McAfee-GW-EditionBehavesLike.Win32.Dropper.rh
SophosMal/Generic-S
IkarusTrojan.Agent
GDataWin32.Riskware.Retnerrot.A
JiangminNetTool.TorTool.kp
Antiy-AVLTrojan/Generic.ASMalwS.3462E6A
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojan:Win32/Tnega!ml
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.DownloadHelper.R352738
VBA32Backdoor.Remcos
ALYacTrojan.Agent.FLGD
MAXmalware (ai score=83)
MalwarebytesMalware.AI.4052840613
TrendMicro-HouseCallTROJ_GEN.R002H0CKR21
YandexBackdoor.Remcos!X6iFPe++dZw
FortinetW32/Agent.FLAZ!tr
MaxSecureTrojan.Malware.107598847.susgen

How to remove Malware.AI.4052840613?

Malware.AI.4052840613 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment