Malware

About “Malware.AI.4093655386” infection

Malware Removal

The Malware.AI.4093655386 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Malware.AI.4093655386 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • A process created a hidden window
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to remove evidence of file being downloaded from the Internet
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • A system process is generating network traffic likely as a result of process injection
  • Behavior consistent with a dropper attempting to download the next stage.
  • Mimics the file times of a Windows system file
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Malware.AI.4093655386?


File Info:

crc32: 81A7B0F1
md5: b3746da8e9565cdc99309bb7ab4981cb
name: B3746DA8E9565CDC99309BB7AB4981CB.mlw
sha1: eef70319961f720e69e6814e8b0ec30860617e47
sha256: 318da5393b33eecd56b85758d52f3baf0a01e19c979c910099e61da6b86099b0
sha512: 1b8c90c6ec5c2ef523522acb6cd04f9c618e3cf2a072d982caac191c1f78f862e54637365da324b3917903c9104fda5af0e68f6fcd1043d439abee9c419263e6
ssdeep: 3072:LRSCwISjY+sxh2IMI4637xoSGYkMPVOgiaN1Tbll2uyjn:LRmLjY+szrLkMPVOza7TS
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright ? 2014
InternalName: ytr
FileVersion: 1, 0, 0, 1
CompanyName:
PrivateBuild:
LegalTrademarks:
Comments:
ProductName: ytr
SpecialBuild:
ProductVersion: 1, 0, 0, 1
FileDescription: ytr
OriginalFilename: ytr.exe
Translation: 0x0c0a 0x04e3

Malware.AI.4093655386 also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 004b12061 )
LionicTrojan.Win32.Androm.toTm
Elasticmalicious (high confidence)
DrWebTrojan.Siggen6.23087
CynetMalicious (score: 100)
CAT-QuickHealTrojanPWS.Zbot.AP4
ALYacTrojan.GenericKD.1985959
CylanceUnsafe
ZillyaBackdoor.Androm.Win32.13139
SangforTrojan.Win32.miox.24
CrowdStrikewin/malicious_confidence_80% (D)
AlibabaBackdoor:Win32/Emotet.02ee566c
K7GWTrojan ( 004afe501 )
Cybereasonmalicious.8e9565
CyrenW32/Trojan.OBJK-2146
SymantecDownloader.Ponik
ESET-NOD32Win32/Emotet.AB
APEXMalicious
AvastWin32:Agent-AUPH [Trj]
ClamAVWin.Trojan.Emotet-7524786-0
KasperskyBackdoor.Win32.Androm.flms
BitDefenderTrojan.GenericKD.1985959
NANO-AntivirusTrojan.Win32.TrjGen.efhiyu
ViRobotTrojan.Win32.Zbot.176128.H
MicroWorld-eScanTrojan.GenericKD.1985959
TencentBackdoor.Win32.Androm.flnxa
Ad-AwareTrojan.GenericKD.1985959
SophosML/PE-A + Troj/Agent-AKFG
ComodoMalware@#3m6fuauas952x
BitDefenderThetaGen:NN.ZexaF.34294.kq0@aGckPabb
VIPRETrojan.Win32.Generic.pak!cobra
TrendMicroTROJ_EMOTET.WJSV
McAfee-GW-EditionRDN/Spybot.bfr!o
FireEyeGeneric.mg.b3746da8e9565cdc
EmsisoftTrojan.GenericKD.1985959 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan/Inject.aude
WebrootTrojan.Dropper.Gen
AviraTR/Dropper.miox.24
eGambitGeneric.Dropper
Antiy-AVLTrojan/Generic.ASMalwS.CE58B8
KingsoftWin32.Hack.Androm.fl.(kcloud)
MicrosoftTrojan:Win32/Bagsu!rfn
GDataWin32.Trojan.Agent.1HARNA
TACHYONBackdoor/W32.Androm.176128.I
AhnLab-V3Spyware/Win32.Zbot.R106104
McAfeeRDN/Spybot.bfr!o
MAXmalware (ai score=100)
VBA32SScope.Malware-Cryptor.Hlux
MalwarebytesMalware.AI.4093655386
PandaTrj/Chgt.L
TrendMicro-HouseCallTROJ_EMOTET.WJSV
RisingBackdoor.Win32.Androm.zi (CLASSIC)
YandexBackdoor.Androm!8QbBzyXrYwY
IkarusTrojan-Banker.Emotet
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.MFCO!tr
AVGWin32:Agent-AUPH [Trj]
Paloaltogeneric.ml

How to remove Malware.AI.4093655386?

Malware.AI.4093655386 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment