Malware

Malware.AI.4137365463 removal guide

Malware Removal

The Malware.AI.4137365463 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Malware.AI.4137365463 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Mimics the system’s user agent string for its own requests
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Installs itself for autorun at Windows startup
  • Checks the system manufacturer, likely for anti-virtualization
  • Creates Zeus (Banking Trojan) mutexes
  • Zeus P2P (Banking Trojan)
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Creates a copy of itself
  • Attempts to disable browser security warnings
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

lollipopp.pw
yandex.ru

How to determine Malware.AI.4137365463?


File Info:

crc32: BBCD8EAF
md5: 6b536b973d64b341c945aca3856bd0e3
name: 6B536B973D64B341C945ACA3856BD0E3.mlw
sha1: 904f679d207730cc0530d0549239089ea9986aee
sha256: 152145f5d01fd0b462efc118184fd2f702f4c09594a49fb9a932447e61eaf8ef
sha512: 9fea90f6e5dd7dea75eb29d499ca9c1fe86a297078c9db06d47ae7dad95f58bed3cd459bc2312ed26178ee96cd687fd4f889bf2a17dde321cf99d8d283eab87c
ssdeep: 6144:AvZX7dqXA8Ol0HSQsxbwSVQDGzZFOz+TMZFQW:4rQXAZ0yLbbVQyFe+IZ
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright Xara Ltd xa9 1997-2002
InternalName: X3D
FileVersion: 6.00
CompanyName: Xara Ltd.
ProductName: X3D Application
ProductVersion: 6.00
FileDescription: X3D Application
OriginalFilename: X3D.exe
Translation: 0x0409 0x04b0

Malware.AI.4137365463 also known as:

BkavW32.AIDetect.malware1
K7AntiVirusSpyware ( 004c3acc1 )
LionicTrojan.Win32.Zbot.lIQJ
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.8839
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Teerac.100350
ALYacTrojan.GenericKD.2598109
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.184781
SangforTrojan.Win32.Agent.atgen
CrowdStrikewin/malicious_confidence_60% (W)
AlibabaTrojanSpy:Win32/Generic.3759daf8
K7GWSpyware ( 004c3acc1 )
Cybereasonmalicious.73d64b
CyrenW32/Trojan.UCVA-0179
SymantecW32.Pilleuz
ESET-NOD32Win32/Spy.Zbot.ACF
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Spy.Win32.Zbot.vtii
BitDefenderTrojan.GenericKD.2598109
NANO-AntivirusTrojan.Win32.Zbot.efheaz
ViRobotTrojan.Win32.Agent.250368.J
MicroWorld-eScanTrojan.GenericKD.2598109
TencentWin32.Trojan-spy.Zbot.Wptj
Ad-AwareTrojan.GenericKD.2598109
SophosML/PE-A + Troj/Zbot-JXZ
ComodoApplication.Win32.LoadMoney.BFA@6bdn2a
BitDefenderThetaGen:NN.ZexaF.34266.pu0@aaXMz8ki
VIPREWin32.Malware!Drop
TrendMicroTSPY_ZBOT.YUYAFY
McAfee-GW-EditionBehavesLike.Win32.Generic.dh
FireEyeGeneric.mg.6b536b973d64b341
EmsisoftTrojan.GenericKD.2598109 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojanSpy.Zbot.esxy
WebrootW32.InfoStealer.Zeus
AviraTR/AD.Zbot.Y.45
eGambitGeneric.Downloader
Antiy-AVLTrojan/Generic.ASBOL.2894
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftPWS:Win32/Zbot!VM
SUPERAntiSpywareTrojan.Agent/Generic
GDataWin32.Trojan.Agent.5IW7RF
TACHYONTrojan-Spy/W32.ZBot.250368.CO
AhnLab-V3Trojan/Win32.ZBot.R160045
McAfeeGeneric.wv
MAXmalware (ai score=100)
VBA32TrojanSpy.Zbot
MalwarebytesMalware.AI.4137365463
PandaTrj/Agent.IVN
TrendMicro-HouseCallTSPY_ZBOT.YUYAFY
RisingTrojan.Spy.Win32.Zbot.gvc (CLASSIC)
YandexTrojan.GenAsa!VaUqrXNVW8Q
IkarusTrojan-Spy.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Zbot.VTII!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Malware.AI.4137365463?

Malware.AI.4137365463 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment