Malware

Malware.AI.4078769533 (file analysis)

Malware Removal

The Malware.AI.4078769533 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Malware.AI.4078769533 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Terminates another process
  • Possible date expiration check, exits too soon after checking local time
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • A process attempted to delay the analysis task by a long amount of time.
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Performs a large number of encryption calls using the same key possibly indicative of ransomware file encryption behavior
  • Attempts to modify proxy settings
  • Creates a copy of itself

How to determine Malware.AI.4078769533?


File Info:

name: 19D40A6AAF48BE95EB4C.mlw
path: /opt/CAPEv2/storage/binaries/ee633e7eb07b2143f34f6fdd701b89d571d83d05a99b69c00a710ef02b7d51f4
crc32: 63769F9A
md5: 19d40a6aaf48be95eb4c31788d0eea8c
sha1: 0970d723d28ed6bfc4b7ce3e621a67b9276fc1eb
sha256: ee633e7eb07b2143f34f6fdd701b89d571d83d05a99b69c00a710ef02b7d51f4
sha512: bf83ecf6a515aec7c3c99b005e243af89687bb3b4a46bc0cfe51af7c7348451eb2b10b2992567e3e40d8c96ce9ae4a5b6eb0fd4c3c308a048c95f44cbfc37993
ssdeep: 3072:ccZq+B6CtT4rN4rAjZo+A6jvJWE9+4rPi/ouDeB:cccS6CtTc/o4JwAuhe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19DF3AD1073E1C4B2D42341308975CB429B6EBEA74B74AE97B7C0324E69751D0AB39AF3
sha3_384: bfc5b17492719f9da48514004daa4319bfb597c2f8d9c44e1c4652e96e6ee1ced5c9616192755960d2beddd2f84558a7
ep_bytes: e82d370000e9000000006a1468e80d01
timestamp: 2014-12-09 12:27:02

Version Info:

0: [No Data]

Malware.AI.4078769533 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.64856
FireEyeGeneric.mg.19d40a6aaf48be95
CAT-QuickHealTrojanDownloader.Kuluoz.AA4
McAfeeDownloader-FAII!19D40A6AAF48
CylanceUnsafe
VIPRETrojan.GenericKDZ.64856
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 00527c131 )
K7GWTrojan-Downloader ( 00527c131 )
Cybereasonmalicious.aaf48b
BitDefenderThetaGen:NN.ZexaF.34582.juW@aeUbVlgc
VirITTrojan.Win32.Generic.FYB
CyrenW32/S-9c4c0430!Eldorado
SymantecPacked.Generic.463
ESET-NOD32Win32/TrojanDownloader.Zortob.H
TrendMicro-HouseCallBKDR_KULUOZ.SM23
Paloaltogeneric.ml
ClamAVWin.Trojan.Kuluoz-2887
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.GenericKDZ.64856
NANO-AntivirusTrojan.Win32.Kuluoz.dkapie
SUPERAntiSpywareTrojan.Agent/Gen-Kuluoz
AvastWin32:GenMalicious-BEM [Trj]
TencentMalware.Win32.Gencirc.10b19f5f
Ad-AwareTrojan.GenericKDZ.64856
EmsisoftTrojan.GenericKDZ.64856 (B)
ComodoTrojWare.Win32.Kuluoz.DES@5iailn
DrWebBackDoor.Kuluoz.4
ZillyaDownloader.Zortob.Win32.3008
TrendMicroBKDR_KULUOZ.SM23
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
Trapminemalicious.high.ml.score
SophosTroj/Weelsof-JV
APEXMalicious
GDataTrojan.GenericKDZ.64856
JiangminWorm/Aspxor.tl
WebrootTrojan.Dropper.Gen
AviraTR/Dldr.Zortob.along
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.330C
KingsoftWin32.Heur.KVM007.a.(kcloud)
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojanDownloader:Win32/Kuluoz.D
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Kuluoz.R127799
VBA32Worm.Aspxor
ALYacTrojan.GenericKDZ.64856
MalwarebytesMalware.AI.4078769533
IkarusTrojan-Spy.Zbot
RisingTrojan.Generic@AI.92 (RDML:rf/6zaQc+syjfyPleBJuLA)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Zortob.H!tr
AVGWin32:GenMalicious-BEM [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.4078769533?

Malware.AI.4078769533 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment