Malware

Malware.AI.4154001112 removal guide

Malware Removal

The Malware.AI.4154001112 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4154001112 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.4154001112?



File Info:

name: 4FBFC6539A7D368430B0.mlw
path: /opt/CAPEv2/storage/binaries/04f3f52c72f939fb959db185de2ddca4e64c044da6a8272affab8590c8278b14
crc32: D3764512
md5: 4fbfc6539a7d368430b0e7b9ebaefe94
sha1: 72f3689ca56526dce7bc7807a4d8eaa6a146f49d
sha256: 04f3f52c72f939fb959db185de2ddca4e64c044da6a8272affab8590c8278b14
sha512: 895e48a629fa463cba587b3f0f00bc6f1fe588e6186d24e30f3915bd0675203df9a6abf9f36df5fa42cae969250ce36d6816cf286850e4ea2cf91a66dad3207e
ssdeep: 49152:2zI82e8kxjLz0TTB5L1362plAsnY7O8NHR3S3IfTTB5L1362plAsnY72:2h2e8KIy20snybxlQay20sny2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T124A5128984C23018C6AF8F7D652757D1CCB74BFA46FA83EBA8E07E4D252B258530E5D1
sha3_384: 16999bff5e264efc843a490a63aef20f63df2d89a56d9030848133727e7ca6c6bdc322a4c4528f1e9002479ddf0d5c25
ep_bytes: b90000000050684fd021a58b142483c4
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Malware.AI.4154001112 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.883920
FireEyeGeneric.mg.4fbfc6539a7d3684
ALYacGen:Variant.Razy.883920
K7AntiVirusTrojan ( 00577ea11 )
BitDefenderGen:Variant.Razy.883920
K7GWTrojan ( 00577ea11 )
Cybereasonmalicious.39a7d3
ArcabitTrojan.Razy.DD7CD0
BitDefenderThetaGen:NN.ZexaF.34062.!vZ@a4vdIlp
CyrenW32/Kryptik.ECA.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.GJIX
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusVirus.Win32.Gen.ccmw
RisingTrojan.Kryptik!1.BF57 (CLASSIC)
Ad-AwareGen:Variant.Razy.883920
SophosML/PE-A + Troj/Agent-BGOS
ComodoMalCrypt.Indus!@1qrzi1
SentinelOneStatic AI – Malicious PE
EmsisoftGen:Variant.Razy.883920 (B)
APEXMalicious
JiangminTrojan.Generic.hdubm
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Generic.ASMalwS.33A8E43
GDataGen:Variant.Razy.883920
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R299848
MAXmalware (ai score=80)
VBA32BScope.Trojan.Wacatac
MalwarebytesMalware.AI.4154001112
TencentMalware.Win32.Gencirc.11c5432a
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Kryptik.ECM!tr
AVGWin32:Evo-gen [Susp]
AvastWin32:Evo-gen [Susp]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Malware.AI.4154001112?

Malware.AI.4154001112 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment