Malware

How to remove “Malware.AI.4075548499”?

Malware Removal

The Malware.AI.4075548499 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4075548499 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
  • Creates a copy of itself
  • Creates known SpyNet mutexes and/or registry changes.
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Malware.AI.4075548499?



File Info:

name: 85F5C1BC0E81FA48DD2C.mlw
path: /opt/CAPEv2/storage/binaries/44eded53f2c1d33e622bdb2b689eaf23eb7d452c33ab3041068341fda6b1f162
crc32: 40E20F7D
md5: 85f5c1bc0e81fa48dd2c2d1ecb783a7d
sha1: d6823cf9650c3e4aa9f50e093c218d5af58d651f
sha256: 44eded53f2c1d33e622bdb2b689eaf23eb7d452c33ab3041068341fda6b1f162
sha512: 811e54cb1011cf99cb7cfe7aea73a58de465937744476a3d7bbd3f064be0ca518275fa3efae4d659bb4e8f579b59cc7d9e27ca6239c707e25ac0df3c3a300780
ssdeep: 6144:b+xnkpPFv9hug1wi08KRJmKBjtqVgo2nyetz+AALVT+AfsLYdvs6LG4hWUy+3N:b+xqPHhP7N8jtqVgosyeuxHfgqEqDhWM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AC840234EBD39D6FC447C93E94A159103E24AD43C9768994E78BB54A8418AF0AFFC3B1
sha3_384: 3f50b196d9ff2e3ab060d05036623b7e9def138ef25931f51cfb1552937234506e54e5ff80fb6c3b94deb647f5434889
ep_bytes: 68480000006800000000687c544000e8
timestamp: 2011-04-02 05:23:40


Version Info:

CompanyName: Silent Evil Trooper
ProductName: DogDayz Contribution
ProductVersion: DogDayz
FileVersion: Fully undetected @ 02.04.2011
FileDescription: DogDayz @ www.HackHound.org
InternalName: Doggy Style
OriginalFilename: DogDayz_Backpack.exe
LegalCopyright: Made by sotpot for www.HackHound.org
LegalTrademarks: SET
Translation: 0x0000 0x04b0

Malware.AI.4075548499 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Jorik.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanMemScan:Trojan.Agent.AROC
ClamAVWin.Packed.Rebhip-9362726-0
FireEyeGeneric.mg.85f5c1bc0e81fa48
ALYacMemScan:Trojan.Agent.AROC
MalwarebytesMalware.AI.4075548499
ZillyaTrojan.Jorik.Win32.4532
SangforBackdoor.Win32.Poison.Vyj9
AlibabaBackdoor:Win32/Poison.0be48a22
Cybereasonmalicious.c0e81f
BitDefenderThetaGen:NN.ZexaF.36196.xy0@a8m8blii
VirITTrojan.Win32.Generic.BCZE
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Injector.FVK
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Poison.hjrd
BitDefenderMemScan:Trojan.Agent.AROC
NANO-AntivirusTrojan.Win32.Jorik.cbsje
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b8889c
TACHYONTrojan/W32.Agent.388612
EmsisoftMemScan:Trojan.Agent.AROC (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.MulDrop.65391
VIPREMemScan:Trojan.Agent.AROC
TrendMicroTROJ_GEN.R002C0DB623
McAfee-GW-EditionBehavesLike.Win32.MultiDropper.fh
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
GDataMemScan:Trojan.Agent.AROC
JiangminTrojan/Jorik.elr
WebrootW32.Malware.Gen
AviraTR/Dropper.Gen
XcitiumMalware@#39uemuws0868x
ArcabitTrojan.Agent.AROC
ZoneAlarmBackdoor.Win32.Poison.hjrd
MicrosoftWorm:Win32/Rebhip.V
GoogleDetected
AhnLab-V3Trojan/Win32.Zbot.C89338
McAfeePWS-Zbot.gen.awn
MAXmalware (ai score=100)
VBA32BScope.Malware-Cryptor.2013
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0DB623
RisingBackdoor.Poison!8.2D7 (TFE:1:cm4sxlsGxQU)
YandexTrojan.Injector!o5fujDnd7mA
IkarusTrojan.Win32.Jorik
MaxSecureTrojan.Malware.1957254.susgen
FortinetW32/JkPoisonIvy.AZ!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Malware.AI.4075548499?

Malware.AI.4075548499 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment