Malware

Malware.AI.4105474938 removal guide

Malware Removal

The Malware.AI.4105474938 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4105474938 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Starts servers listening on 127.0.0.1:0
  • Enumerates running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • Behavioural detection: Injection (inter-process)
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config

How to determine Malware.AI.4105474938?



File Info:

name: 2FD45F959316F8CE4D84.mlw
path: /opt/CAPEv2/storage/binaries/01a1c5453ae2266d37a3da622e60acf64c0263e8eac75f4e392e1363e8c3565c
crc32: 0D437253
md5: 2fd45f959316f8ce4d8472f32ef68af0
sha1: ed33e33337f79c7d98e5b817ffb447769a1e1758
sha256: 01a1c5453ae2266d37a3da622e60acf64c0263e8eac75f4e392e1363e8c3565c
sha512: 2c18853f1aee5b0ca4700d5cdcba50648b648aa56574389b43498fceb67c002fefa48487a7b0cef13020032fbf864ef851b9c42946ec1ae0881c697f61ab1939
ssdeep: 98304:FCsI+4xu16pmSy/jOsbSu3hP6yJxVnjJTzmTPkLCkpPGqxiC:FI+4PPsbSqP6GTnjNzmAL2OF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FF263383A39192F6F896BDB35C3E1604173077911073686EBA1CD27C17F86A17B2B729
sha3_384: cd23c103754617a323569c035aebd4715066fed1ccca8a1e731bf2ab8beed9ce192327bfd258282ff2bb99d20914fb26
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: LRepacks                                                    
FileDescription: Wi-Fi Scanner Setup                                         
FileVersion: 21.02.0             
LegalCopyright: Copyright 2007-2021 LRepacks                                                                        
ProductName: Wi-Fi Scanner                                               
ProductVersion: 21.02               
Translation: 0x0000 0x04b0

Malware.AI.4105474938 also known as:

MicroWorld-eScanTrojan.GenericKD.37696170
FireEyeTrojan.GenericKD.37696170
McAfeeArtemis!2FD45F959316
CylanceUnsafe
SangforSuspicious.Win32.Malware.gen
K7AntiVirusUnwanted-Program ( 005727751 )
K7GWUnwanted-Program ( 005727751 )
CyrenW32/Trojan.EGLF-1705
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/HackTool.Crack.KN potentially unsafe
Paloaltogeneric.ml
BitDefenderTrojan.GenericKD.37696170
AvastWin32:Malware-gen
RisingTrojan.Vigorf!8.EAEA (C64:YzY0OuIb/gpT4/z8)
Ad-AwareTrojan.GenericKD.37696170
SophosDownWare (PUA)
McAfee-GW-EditionBehavesLike.Win32.BadFile.rc
EmsisoftTrojan.GenericKD.37696170 (B)
GDataTrojan.GenericKD.37696170
WebrootW32.Trojan.Gen
AviraTR/Patched.Gen2
MicrosoftRansom:MSIL/Gorf
CynetMalicious (score: 99)
ALYacTrojan.GenericKD.37696170
MAXmalware (ai score=84)
MalwarebytesMalware.AI.4105474938
YandexTrojan.Igent.bVnQbf.56
IkarusTrojan.Patched
MaxSecureTrojan.Malware.139071122.susgen
FortinetRiskware/Crack
AVGWin32:Malware-gen

How to remove Malware.AI.4105474938?

Malware.AI.4105474938 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment