Malware

What is “Malware.AI.4091612920”?

Malware Removal

The Malware.AI.4091612920 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4091612920 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Deletes executed files from disk

How to determine Malware.AI.4091612920?



File Info:

name: 499204093CF4B694ECEC.mlw
path: /opt/CAPEv2/storage/binaries/1479da5f8f0bfdbb5c9059ec061bd1d36239ccf36f38bbf741d5a43c51c4f957
crc32: FF0001BF
md5: 499204093cf4b694ececad8c9c656c28
sha1: 4dde70bb03bed53a36d43d947f705e307a37ef8d
sha256: 1479da5f8f0bfdbb5c9059ec061bd1d36239ccf36f38bbf741d5a43c51c4f957
sha512: bd4568dd2faaf62bcb36a06c0031672f96cc6504a9073bb98647dbed8386c5e487c897c0371c68b1a68f5c9d5dcf595535cc9bb16507dfb168486fdbc32a5b89
ssdeep: 49152:eVHR3+9tkjr4UcU2RtHpBjpM38kZZsOveehsVfs4:evu9tkjr4Uc3tHpBjpM3XPsOvDsVfs4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D38502605A90E48BF3549971D4F4EBBE09B17EBC5DA68102B9FEB6EDB3393140C25212
sha3_384: 1c164070c04a371fd572b9e707d6d8f73fdeeb486c897497c361115cfd8e3741d946d623fe36cfee649dd78df971fc95
ep_bytes: 60be00e048008dbe0030f7ff5783cdff
timestamp: 2021-11-03 09:33:50


Version Info:

CompanyName: Realtek Semiconductor
FileDescription: Realtek高清晰音频管理器
FileVersion: 1.0.703.1
InternalName: RtkNGui.exe
LegalCopyright: 2019 (c) Realtek Semiconductor.  All rights reserved.
OriginalFilename: RtkNGui.exe
ProductName: Realtek高清晰音频管理器
ProductVersion: 1.0.703.1
Translation: 0x0404 0x03b6

Malware.AI.4091612920 also known as:

tehtrisGeneric.Malware
MicroWorld-eScanGen:Heur.Mint.Porcupine.UnKfb01hm2bbg
FireEyeGeneric.mg.499204093cf4b694
ALYacGen:Heur.Mint.Porcupine.UnKfb01hm2bbg
CylanceUnsafe
VIPREGen:Heur.Mint.Porcupine.UnKfb01hm2bbg
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004b8ab71 )
K7GWTrojan ( 004b8ab71 )
CrowdStrikewin/malicious_confidence_90% (W)
CyrenW32/Injector.AUT.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Injector.BBYK
APEXMalicious
ClamAVWin.Dropper.Tiggre-9845940-0
KasperskyUDS:Trojan.Win32.Generic
BitDefenderGen:Heur.Mint.Porcupine.UnKfb01hm2bbg
NANO-AntivirusTrojan.Win32.Mint.jnxmtm
AvastWin32:InjectorX-gen [Trj]
TencentMalware.Win32.Gencirc.10cfa712
Ad-AwareGen:Heur.Mint.Porcupine.UnKfb01hm2bbg
EmsisoftGen:Heur.Mint.Porcupine.UnKfb01hm2bbg (B)
DrWebTrojan.MulDrop20.20889
ZillyaTrojan.Injector.Win32.1311769
McAfee-GW-EditionGenericRXRH-KR!1D85B40A0AC8
Trapminesuspicious.low.ml.score
SophosBlackMoon Packed (PUA)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.11N2JTZ
JiangminTrojan.Generic.hguws
AviraHEUR/AGEN.1243595
Antiy-AVLTrojan/Generic.ASMalwS.51F4
ArcabitTrojan.Mint.Porcupine.UnKfb01hm2bbg
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R501456
McAfeeGenericRXAA-AA!499204093CF4
MAXmalware (ai score=88)
VBA32BScope.Backdoor.BlackHole
MalwarebytesMalware.AI.4091612920
RisingTrojan.Injector!8.C4 (CLOUD)
IkarusTrojan.Win32.Injector
FortinetW32/CoinMiner.ESFJ!tr
BitDefenderThetaGen:NN.ZexaF.34786.UnKfa01hm2bb
AVGWin32:InjectorX-gen [Trj]
Cybereasonmalicious.93cf4b
PandaTrj/Genetic.gen

How to remove Malware.AI.4091612920?

Malware.AI.4091612920 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment