Malware

Malware.AI.4066731592 removal

Malware Removal

The Malware.AI.4066731592 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4066731592 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • HTTPS urls from behavior.
  • Installs OpenCL library, probably to mine Bitcoins
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Deletes executed files from disk
  • Harvests credentials from local FTP client softwares
  • Creates a Tor Hidden Service on the machine
  • Collects information to fingerprint the system
  • Clears web history

How to determine Malware.AI.4066731592?



File Info:

name: 5C696B306E56972228EE.mlw
path: /opt/CAPEv2/storage/binaries/d91cf974f1542e7fe34e4e60d61fae6f7fccee2fe07a4bae860adf1843c0c1b0
crc32: FE0B6D0D
md5: 5c696b306e56972228ee70b2e29f85bf
sha1: 0ab4c0ae4b10bbe2a92d46071d7648a08f8e24aa
sha256: d91cf974f1542e7fe34e4e60d61fae6f7fccee2fe07a4bae860adf1843c0c1b0
sha512: dc766959bc6007fefb322b7b0febd6a19c86c9519c211e80eb8b427861ebd8e98c89d1767fb1e89e5461e7844b4409e8d734760a5f121a80c66ed78f694bf485
ssdeep: 49152:TDOyelPp5opK4aBbIkLKq1fut7lNPKVfR5VrzX:TDclPpCpKj5073WDN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EC06015275F95C59F3F38E3A12B8B2DA1437B9B3FA2580EFCA0043495925B858D63723
sha3_384: a25ca32c0085043adf635bbc42a3c029c2c82ff2f56189e85c4988e24299ae2f3cbd76bddd07839b21875910a95c0089
ep_bytes: 6a186838446a00e8061b0000bf940000
timestamp: 2012-07-19 15:58:41


Version Info:

CompanyName: Zkliv
FileDescription: Cnyu
FileVersion: 9.8
InternalName: Hou
LegalCopyright: Copyright Veu
OriginalFilename: Eojj.exe
ProductName: Wvseg
ProductVersion: 2.8
Translation: 0x0809 0x04e4

Malware.AI.4066731592 also known as:

LionicTrojan.Win32.Generic.lVHv
Elasticmalicious (high confidence)
DrWebTrojan.Siggen18.41827
MicroWorld-eScanGen:Variant.Graftor.951934
FireEyeGeneric.mg.5c696b306e569722
CAT-QuickHealTrojan.GenericRI.S25336575
McAfeePWS-Zbot.gen.ams
CylanceUnsafe
VIPREGen:Variant.Graftor.951934
SangforSuspicious.Win32.Save.ins
AlibabaTrojan:Win32/Injector.21ebc2e3
K7GWTrojan ( 004ca37e1 )
CrowdStrikewin/malicious_confidence_90% (W)
BitDefenderThetaGen:NN.ZexaF.34646.Yt0@aKMhlpdi
CyrenW32/Injector.AT.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.VTT
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Zeus-7191160-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Graftor.951934
NANO-AntivirusTrojan.Win32.Inject.ycqda
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
AvastWin32:Agent-APTQ [Trj]
RisingTrojan.Toga!8.136D (TFE:5:PlWjGQ2tlnN)
Ad-AwareGen:Variant.Graftor.951934
SophosML/PE-A
ComodoTrojWare.Win32.Injector.VTT@4qpxfg
ZillyaTrojan.Injector.Win32.295601
TrendMicroTROJ_GEN.R002C0PI122
McAfee-GW-EditionPWS-Zbot.gen.ams
Trapminesuspicious.low.ml.score
EmsisoftGen:Variant.Graftor.951934 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.hmije
WebrootW32.Injector.Gen
GoogleDetected
AviraTR/Injector.SF
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASMalwS.3303
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Variant.Graftor.951934
CynetMalicious (score: 99)
ALYacGen:Variant.Graftor.951934
MalwarebytesMalware.AI.4066731592
TrendMicro-HouseCallTROJ_GEN.R002C0PI122
TencentWin32.Trojan.Generic.Zimw
YandexTrojan.GenAsa!XMgyvi9o/DM
IkarusTrojan-PWS.Win32.Zbot
FortinetW32/Injector.SLW!tr
AVGWin32:Agent-APTQ [Trj]
PandaTrj/Genetic.gen

How to remove Malware.AI.4066731592?

Malware.AI.4066731592 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment