Malware

Malware.AI.4066713837 removal guide

Malware Removal

The Malware.AI.4066713837 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4066713837 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs

How to determine Malware.AI.4066713837?



File Info:

name: 89626E8867348E054F32.mlw
path: /opt/CAPEv2/storage/binaries/1d13150896e634369d50a8f8e850ee6bc63f8ece455bc292475be3d87db649e7
crc32: 303E0A71
md5: 89626e8867348e054f32efa50158b2f2
sha1: b27d2f55817322d7f3866dbfd65690e1589c6871
sha256: 1d13150896e634369d50a8f8e850ee6bc63f8ece455bc292475be3d87db649e7
sha512: f50d47f54cf91b8293bfe55ee9c005cc82fbd82c884314015dc6dcf42216ae4b973ca019aa2a86b7d7905e36bbd06cb45f470507e7cdab7b27eeb0e8260a4b37
ssdeep: 12288:EHLUMuiv9RgfSjAzRty7Ku1tmo8F0WLzCFn7/ewKlGUAb:etARosF0WXw7/ecBb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T165D4239B7E51F5FFDC248830EF6A971DD0FAAF611B3093637254590FE869123A8124E4
sha3_384: 2ee46212ac0e056d5576c792734e34e7ccbc82557b6ef7ab7f992500d14f6f98d4fa90a26c9c849c041bfcd51495d7b6
ep_bytes: 60be000047008dbe0010f9ff5783cdff
timestamp: 2008-12-24 09:00:07


Version Info:

FileDescription: 
FileVersion: 3, 3, 0, 0
CompiledScript: AutoIt v3 Script : 3, 3, 0, 0
Translation: 0x0809 0x04b0

Malware.AI.4066713837 also known as:

LionicTrojan.Win32.Scar.4!c
DrWebWin32.HLLW.Autoruner.17772
McAfeeArtemis!89626E886734
CylanceUnsafe
ZillyaTrojan.Scar.Win32.99016
AlibabaTrojan:Win32/USBHiddenCopier.83caa2f8
ESET-NOD32Win32/RiskWare.USBHiddenCopier.A
TrendMicro-HouseCallBKDR_PATCH.SA
KasperskyTrojan.Win32.Scar.lqlr
NANO-AntivirusTrojan.Win32.Scar.ebhdov
TencentWin32.Trojan.Scar.Ebgs
SophosMal/Generic-R
VIPRETrojan.Win32.Generic!BT
TrendMicroBKDR_PATCH.SA
McAfee-GW-EditionBehavesLike.Win32.Injector.jc
IkarusTrojan.VB
WebrootW32.Malware.Heur
KingsoftWin32.Troj.Generic.(kcloud)
MicrosoftTrojan:Win32/Occamy.C1D
CynetMalicious (score: 100)
VBA32Trojan.Scar
MalwarebytesMalware.AI.4066713837
APEXMalicious
MAXmalware (ai score=97)
FortinetW32/PATCH.SA!tr.bdr

How to remove Malware.AI.4066713837?

Malware.AI.4066713837 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment