Malware

Malware.AI.4121318528 (file analysis)

Malware Removal

The Malware.AI.4121318528 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4121318528 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Detects Bitdefender Antivirus through the presence of a library
  • Detects the presence of Wine emulator via function name
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • CAPE detected the BetaBot malware family
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Malware.AI.4121318528?



File Info:

name: DD8FBDC96FD080230B1D.mlw
path: /opt/CAPEv2/storage/binaries/33441312c20fbeccffceb522e626aa47366a966c48be537d82d4ecc60858d14c
crc32: 52C84985
md5: dd8fbdc96fd080230b1d230ac2f59cae
sha1: dc474a2f94b79d3c7936a393751b0aad7284362e
sha256: 33441312c20fbeccffceb522e626aa47366a966c48be537d82d4ecc60858d14c
sha512: 7f005e93a19818a7ec91ab7e814c9402aa3866972d784d78287212db924e97da43887e05b2e00766045bc35dc2b6fcf5ad47d24a3c5eeb3d26d366925d3570f0
ssdeep: 6144:mcLPXTA9loLDCyEzvx++SI9lN4yqY+P/7wJpU2fUfm7wVdoB:9fTA9OQp/jd4ygApnRa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BE64DFD3219C7032F5A2247C8A27D7508F1E789187A0598F6AC605BB8F74ADD9B2C74B
sha3_384: 5ed6cf028363d462cb16aadc5c519b286544f20b0cd90e0bc99b0bd0806f65729493ea77349e7016a723bfaff5fbf397
ep_bytes: e8a51f0000e989feffff8bff558bec83
timestamp: 2017-05-22 04:55:23


Version Info:

FileVersion: 19, 8, 5, 30
LegalCopyright: Puta xipaya duwubiteye da
ProductVersion: 19, 8, 5, 30
Translation: 0x0409 0x04b0

Malware.AI.4121318528 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen7.10717
MicroWorld-eScanTrojan.GenericKDZ.39135
FireEyeGeneric.mg.dd8fbdc96fd08023
ALYacTrojan.GenericKDZ.39135
MalwarebytesMalware.AI.4121318528
ZillyaBackdoor.Androm.Win32.43971
SangforTrojan.Win32.Save.a
K7AntiVirusAdware ( 00539ed31 )
AlibabaTrojanDownloader:Win32/Neurevt.bee261eb
K7GWAdware ( 00539ed31 )
Cybereasonmalicious.96fd08
BitDefenderThetaAI:Packer.647FF33321
VirITTrojan.Win32.Ursnif.JWO
CyrenW32/S-4ba5db7d!Eldorado
SymantecPacked.Generic.525
ESET-NOD32Win32/Neurevt.I
TrendMicro-HouseCallTSPY_EMOTET.SMQ
Paloaltogeneric.ml
KasperskyTrojan-Downloader.Win32.Agent.hhme
BitDefenderTrojan.GenericKDZ.39135
NANO-AntivirusTrojan.Win32.Androm.epdmjx
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
AvastWin32:Malware-gen
RisingDownloader.Agent!8.B23 (CLOUD)
EmsisoftTrojan.GenericKDZ.39135 (B)
ComodoTrojWare.Win32.Delikle.A@7ggjbu
VIPRETrojan.Win32.Generic!BT
TrendMicroTSPY_EMOTET.SMQ
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
SophosMal/Generic-S
IkarusTrojan.Win32.Neurevt
JiangminTrojanSpy.Zbot.fjry
MaxSecureTrojan.Malware.300983.susgen
AviraHEUR/AGEN.1126296
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASMalwS.204BD60
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojanSpy:Win32/Ursnif
ViRobotTrojan.Win32.PSW-Fareit.228352
ZoneAlarmTrojan-Downloader.Win32.Agent.hhme
GDataTrojan.GenericKDZ.39135
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Crypt.R201141
McAfeeRansomware-GCF!DD8FBDC96FD0
VBA32BScope.Trojan.MulDrop
CylanceUnsafe
APEXMalicious
TencentMalware.Win32.Gencirc.10bba792
YandexTrojan.GenAsa!h2GG2HJSh/s
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Kryptik.FSQN!tr
WebrootW32.Trojan.Gen
AVGWin32:Malware-gen
PandaTrj/Agent.AAF
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.4121318528?

Malware.AI.4121318528 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment