Malware

Malware.AI.4057739509 malicious file

Malware Removal

The Malware.AI.4057739509 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4057739509 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the Ursnif malware family
  • Creates a copy of itself
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.4057739509?



File Info:

name: B6A5CA459BB9736BC635.mlw
path: /opt/CAPEv2/storage/binaries/b1bfe41f5c2a5d6b60194a1d00c01a56447a31bde1c4b566a02b18294100d316
crc32: CDBB2C88
md5: b6a5ca459bb9736bc635964d6d9e1b27
sha1: a018ec40ff93b8a21d9307f999dbc07b578b3eb6
sha256: b1bfe41f5c2a5d6b60194a1d00c01a56447a31bde1c4b566a02b18294100d316
sha512: 16321fac4aa8fd88042008adcd9549e61cf651bc08c63b525fe58e58359128d2d662973d3c9d55f30788a27eebe34bad66e08222bfc09fa00c1fba05bedc2ff7
ssdeep: 6144:cibiPiKp535rMib8ceiKIWqzebk9O7/Ik+vGuudbwMrenO:crDReFIrz/9O7/GvGpd0GenO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F4641252C640A239D094D47300FFD62BB46EB6316E35B9B4F68C3C204A36E9D789FE61
sha3_384: f1a88b96df00ec2339bb2374263ead2c398e835a62166ad81928645a9ccc9a8183e2ce0cd1b7786a0a7b30a1fd08a4fd
ep_bytes: 55545d89e1b82a00000083ec446a0b83
timestamp: 2013-09-02 10:01:36


Version Info:

0: [No Data]

Malware.AI.4057739509 also known as:

BkavW32.AIDetectMalware
LionicVirus.Win32.Sality.l36o
MicroWorld-eScanGen:Variant.Crypt.38
ClamAVWin.Ransomware.Ursnif-7083611-0
FireEyeGeneric.mg.b6a5ca459bb9736b
CAT-QuickHealRansom.Exxroute.A4
ALYacGen:Variant.Crypt.38
MalwarebytesMalware.AI.4057739509
ZillyaTrojan.Kryptik.Win32.4165181
SangforRansom.Win32.Save.a
K7AntiVirusTrojan ( 0052ef101 )
AlibabaTrojanSpy:Win32/Ursnif.c9e8cfeb
K7GWTrojan ( 005072641 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.36350.uqW@aSWdU0h
CyrenW32/Ransom.DM.gen!Eldorado
SymantecPacked.Generic.493
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.FPAR
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Crypt.38
NANO-AntivirusTrojan.Win32.Papras.evqpjk
AvastWin32:Evo-gen [Trj]
TencentMalware.Win32.Gencirc.114c31c9
EmsisoftGen:Variant.Crypt.38 (B)
F-SecureHeuristic.HEUR/AGEN.1342839
DrWebTrojan.PWS.Papras.2707
VIPREGen:Variant.Crypt.38
TrendMicroRansom_HPCERBER.SMONT4
McAfee-GW-EditionBehavesLike.Win32.Dropper.fc
Trapminemalicious.high.ml.score
SophosMal/Elenoocka-E
IkarusTrojan.Ransom.Spora
GDataGen:Variant.Crypt.38
JiangminTrojan.Generic.btaul
AviraHEUR/AGEN.1342839
Antiy-AVLTrojan/Win32.AGeneric
XcitiumTrojWare.Win32.Crypt.CA@6ykcle
ArcabitTrojan.Crypt.38
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojanSpy:Win32/Ursnif.HX
GoogleDetected
AhnLab-V3Trojan/Win32.Cerber.R197678
McAfeeRansomware-FMJ!B6A5CA459BB9
MAXmalware (ai score=99)
VBA32BScope.Trojan.Zbot.2312
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallRansom_HPCERBER.SMONT4
RisingRansom.Cerber!8.3058 (TFE:4:jaalHvqi3iO)
YandexTrojan.GenAsa!L9VW7cmZXmc
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/Kryptik.GLXU!tr
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.59bb97
DeepInstinctMALICIOUS

How to remove Malware.AI.4057739509?

Malware.AI.4057739509 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment