Malware

Malware.AI.4089001821 malicious file

Malware Removal

The Malware.AI.4089001821 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Malware.AI.4089001821 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the Greame malware family
  • Creates a copy of itself
  • Creates known SpyNet mutexes and/or registry changes.

How to determine Malware.AI.4089001821?


File Info:

name: 2DE143E1F3A64FF5A6B9.mlw
path: /opt/CAPEv2/storage/binaries/3f60a2c8aba1e00525b7a3ffff2cb666d1e88e7b41504567d346dbf32d3b1e8b
crc32: 8DDB58A1
md5: 2de143e1f3a64ff5a6b963dbffa9d8b6
sha1: 32499170b5a59b921d88e6f8a5de4db8c9c4bcbb
sha256: 3f60a2c8aba1e00525b7a3ffff2cb666d1e88e7b41504567d346dbf32d3b1e8b
sha512: e38c2276ee10841aa27745086ed7422da8239337af44fa9243cbc83301d79d50ad77f8703990d4ccee2ac63fbd480e63f3d5d03ba4489a30ce95dd64901d297a
ssdeep: 6144:S5SR996OVxO3GXjAcn8b6UvyjxywN1pR/YuY:S5SF6OPOWX38b6UqjwwN1pR/YuY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16C44238BB85B3EE2EE4A24B3291BF690DA4D12932AC062310D93D3ECD4754935FED153
sha3_384: 1fa5845a94a639a58c3c276b3b87c771747f94dba44cccc81ea1dd2b6eea22eb18abbd0c4d6cc7951d40295c5e205af2
ep_bytes: 60be00f000148dbe0020ffff5783cdff
timestamp: 1992-06-19 22:22:17

Version Info:

0: [No Data]

Malware.AI.4089001821 also known as:

LionicTrojan.Win32.Generic.lzIt
Elasticmalicious (moderate confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.2de143e1f3a64ff5
CAT-QuickHealWorm.Rebhip.A8
McAfeeArtemis!2DE143E1F3A6
CylanceUnsafe
VIPREGeneric.Rebhip.1B800DE9
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004c14d91 )
AlibabaWorm:Win32/Fsysna.015c2cce
K7GWTrojan ( 004c14d91 )
Cybereasonmalicious.1f3a64
SymantecW32.Spyrat
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Spatet.AP
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Worm.Explorerhijack-6999913-0
KasperskyTrojan.Win32.Fsysna.dity
BitDefenderGeneric.Rebhip.1B800DE9
NANO-AntivirusTrojan.Win32.Autoruner.vfbmj
MicroWorld-eScanGeneric.Rebhip.1B800DE9
AvastFileRepMalware [Trj]
TencentWin32.Trojan.Fsysna.Sgil
Ad-AwareGeneric.Rebhip.1B800DE9
EmsisoftGeneric.Rebhip.1B800DE9 (B)
ComodoMalware@#k6h0lesp084v
DrWebWin32.HLLW.Autoruner1.58753
ZillyaTrojan.Spatet.Win32.4619
TrendMicroWORM_REBHIP.SMT
McAfee-GW-EditionBehavesLike.Win32.Picsys.dc
Trapminemalicious.high.ml.score
SophosML/PE-A + W32/Rebhip-AR
SentinelOneStatic AI – Malicious PE
GDataGeneric.Rebhip.1B800DE9
JiangminTrojan/Generic.aiheq
WebrootW32.Malware.Gen
AviraTR/Spy.Gen
Antiy-AVLTrojan/Generic.ASMalwS.C3
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitGeneric.Rebhip.1B800DE9
ViRobotTrojan.Win32.A.Buzus.292864[UPX]
ZoneAlarmTrojan.Win32.Fsysna.dity
MicrosoftWorm:Win32/Rebhip.A
GoogleDetected
Acronissuspicious
VBA32BScope.Backdoor.Cybergate
ALYacGeneric.Rebhip.1B800DE9
MAXmalware (ai score=100)
MalwarebytesMalware.AI.4089001821
TrendMicro-HouseCallWORM_REBHIP.SMT
RisingWorm.Rebhip!8.B31 (TFE:5:F5ReMn6kwDM)
YandexTrojan.GenAsa!BfAKDrDWg2Y
IkarusWorm.Win32.Rebhip
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Llac.ALO!tr
BitDefenderThetaAI:Packer.CE3F03EC1E
AVGFileRepMalware [Trj]
PandaTrj/Ransom.AB
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.4089001821?

Malware.AI.4089001821 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment