Malware

Malware.AI.4140765220 (file analysis)

Malware Removal

The Malware.AI.4140765220 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4140765220 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Creates a copy of itself
  • Unusual version info supplied for binary

How to determine Malware.AI.4140765220?



File Info:

name: 13830DE0AAA67581084F.mlw
path: /opt/CAPEv2/storage/binaries/1340671f71ff4eeec8d1ffbd09cf4a0dcf46f78ecd985085391380e2f8de3bc3
crc32: 5330BBF5
md5: 13830de0aaa67581084fc315c46a7071
sha1: e4e2c472e34221c4fab6b09c7a2702bcaba9c595
sha256: 1340671f71ff4eeec8d1ffbd09cf4a0dcf46f78ecd985085391380e2f8de3bc3
sha512: 0a29711dfa57bc96743e42a6bce754691971c601d3d0c8ea8f71f920fe6b27c95dfeda0c42a62509b58bb9307f6e1ad761fe904cf10b0f5b7c2c7af3da5eef1c
ssdeep: 1536:jqICVOGbtRIyP70CzONAZxByjvD85qTqIeUJ:jqIQbteyPwCywvA5+LUJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C4358361683239D4C024E09D631D44DE90B7F8AA7F380D20E5729EDBD9A7CDC84B5BDA
sha3_384: 5be6fe77e67de6218cf8159e3f86d93e746879137e2f64b79ac06a3e0ab1e5f58106204975a6cdcc2a722f25eda3ef5e
ep_bytes: 60be002041008dbe00f0feff5783cdff
timestamp: 2019-10-09 22:58:11


Version Info:

Comments: 
CompanyName: 大众斗地主协会
FileDescription: Outlook Express Migration 5.0
FileVersion: 6.0.3790.3959
InternalName: OEMIG50
LegalCopyright: 版权所有(C) 2013 C Microsoft Corporation. All rights reserved.
LegalTrademarks: 
OriginalFilename: OEMIG50.EXE
PrivateBuild: 
ProductName:   Microsoft(R) Windows(R) 大众斗地主协会
ProductVersion: 6, 0, 3, 1
SpecialBuild: 
Translation: 0x0804 0x04b0

Malware.AI.4140765220 also known as:

MicroWorld-eScanGen:Variant.Razy.864717
ClamAVWin.Keylogger.Deepscan-9189466-0
FireEyeGeneric.mg.13830de0aaa67581
CAT-QuickHealTrojan.Mauvaise.SL1
McAfeeGenericRXAA-AA!13830DE0AAA6
CylanceUnsafe
VIPREGen:Variant.Razy.864717
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004fb2411 )
K7GWTrojan ( 004fb2411 )
Cybereasonmalicious.0aaa67
VirITBackdoor.Win32.Generic.INX
CyrenW32/Zegost.EA.gen!Eldorado
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Kryptik.FHSE
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Farfli.cegk
BitDefenderGen:Variant.Razy.864717
NANO-AntivirusTrojan.Win32.Kryptik.eofuql
AvastFileRepMalware [Misc]
TencentMalware.Win32.Gencirc.10b8abcb
Ad-AwareGen:Variant.Razy.864717
EmsisoftGen:Variant.Razy.864717 (B)
ComodoBackdoor.Win32.Zegost.FH@7qyj9h
DrWebTrojan.Damaged.1
ZillyaDownloader.PsDownload.Win32.465
TrendMicroBKDR_ZEGOST.SM34
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Razy.864717
JiangminBackdoor.Farfli.cno
AviraTR/Dropper.Gen7
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASMalwS.26E9
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Backdoor/Win32.RL_Zegost.R300697
Acronissuspicious
VBA32Backdoor.Farfli
ALYacGen:Variant.Razy.864717
TACHYONBackdoor/W32.Farfli.1163264
MalwarebytesMalware.AI.4140765220
TrendMicro-HouseCallBKDR_ZEGOST.SM34
RisingTrojan.Kryptik!1.AAD1 (CLASSIC)
YandexTrojan.GenAsa!Vw68EO0Xzeo
IkarusWin32.Outbreak
FortinetW32/Kryptik.FHSE!tr
BitDefenderThetaGen:NN.ZexaF.34698.cnNfaCj7lpfb
AVGFileRepMalware [Misc]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Malware.AI.4140765220?

Malware.AI.4140765220 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment