Malware.AI.4139198239 information

The Malware.AI.4139198239 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.4139198239 virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Malware.AI.4139198239?


File Info:
name: 8011C3DA56B37FAA39BF.mlw
path: /opt/CAPEv2/storage/binaries/520c47ec1ec2d393a119593eddb84ed5b0457ec5cea5f0426e118c30d00d4786
crc32: 27737013
md5: 8011c3da56b37faa39bf3e8f3e817a81
sha1: 03ce5a1b6d00b7ab5242a76d743aaa514020c589
sha256: 520c47ec1ec2d393a119593eddb84ed5b0457ec5cea5f0426e118c30d00d4786
sha512: dc215073aa38bc329ad8fde0534b5230ec0a5ab76b48ef9a1dacb9acbce7a4918eeddbc64c4fe8600983d126f643c6ad1b91ee5219b7da4df4d1cb1273e17d71
ssdeep: 12288:k16fxZhihZxxfHShX9Eqsdi4uh75TzyK8vw2xyz77:k1UHhSZxxfHS7EqsuhdTzyK8vw2Q7
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T155253A2267FB59CBE673D23B96A7A4D3E633F401DB35C68B6105800E1D766D4AE38321
sha3_384: edcf5e1bef64f3023e575188b53b948f3c80d782d6815bba19c832a2d99eece28d13694e0e2dce9deed203f3a003e5d6
ep_bytes: 475150455243b96000000065498b0145
timestamp: 2081-06-19 23:31:08

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Virtual Disk Service
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
InternalName: vds.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: vds.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

Malware.AI.4139198239 also known as:

Elastic	malicious (high confidence)
DrWeb	Win64.Expiro.132
MicroWorld-eScan	Win64.Expiro.Gen.6
FireEye	Generic.mg.8011c3da56b37faa
ALYac	Win64.Expiro.Gen.6
Malwarebytes	Malware.AI.4139198239
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Virus ( 00535e4a1 )
K7GW	Virus ( 00535e4a1 )
Cybereason	malicious.b6d00b
Cyren	W64/Expiro.AH.gen!Eldorado
ESET-NOD32	a variant of Win64/Expiro.CO
TrendMicro-HouseCall	Virus.Win64.EXPIRO.MR
ClamAV	Win.Virus.Ulise-9879616-0
Kaspersky	HEUR:Virus.Win64.Expiro.gen
BitDefender	Win64.Expiro.Gen.6
Avast	Win64:Xpirat [Inf]
Ad-Aware	Win64.Expiro.Gen.6
Emsisoft	Win64.Expiro.Gen.6 (B)
TrendMicro	Virus.Win64.EXPIRO.MR
Sophos	ML/PE-A + W64/Expiro-AX
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Bingoml.akq
MaxSecure	virus.win64.expiro.gen
Avira	TR/Patched.Gen
MAX	malware (ai score=86)
Antiy-AVL	Trojan/Generic.ASVirus.30B
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Arcabit	Win64.Expiro.Gen.6
GData	Win64.Expiro.Gen.6
Cynet	Malicious (score: 100)
Cylance	Unsafe
APEX	Malicious
Ikarus	Virus.Win64.Expiro
Fortinet	W64/Expiro.BS
AVG	Win64:Xpirat [Inf]
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Malware.AI.4139198239?

Malware.AI.4139198239 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X