Malware

Malware.AI.4157997946 (file analysis)

Malware Removal

The Malware.AI.4157997946 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Malware.AI.4157997946 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Malware.AI.4157997946?


File Info:

name: 615D43A8B9A3E9DF146B.mlw
path: /opt/CAPEv2/storage/binaries/54906489cceb2e76d85beedb410fe5527d608419e3e7c725eaca4cbcac2ff079
crc32: 5AD4B81D
md5: 615d43a8b9a3e9df146b1f1486aa2983
sha1: f80a7d4ee238135cdca2db171d6b6c5af0fc469c
sha256: 54906489cceb2e76d85beedb410fe5527d608419e3e7c725eaca4cbcac2ff079
sha512: 601c3900c91d80bf0a9b02e1268868d683caf188b4172bfbb50f2e214c9d824508ae4a37fb00f6d44fb252584dc5814c9b1285811e70ccafd0dc1f1da38cbb69
ssdeep: 49152:UhMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMe:UM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A0A502C4F7F513ACC57C0A1ACC02B419371DB24AA9162BCBE87D6ECC5AE674E4B6D124
sha3_384: c9b569135479707133b81b7fea27da376bd929d553f30d18ccfff5a46e1ba6161717b3984d8b3e20bd512576b4b6fffe
ep_bytes: 60be007041008dbe00a0feff57eb0b90
timestamp: 2007-12-22 02:58:42

Version Info:

CompanyName: ЦКмваИРяДхнЭзМоДУУВЫмъьШЛЩ
FileDescription: ЯВеБЩСЭсЮГпчИТяяМюйАжЙА
FileVersion: 60.17.53.48
InternalName: ЧяртПОнЦЮлКбСэТьХГгфзШЫзЭьШГВ
LegalCopyright: 1750-6124
OriginalFilename: U8w4J2mM.exe
ProductName: гмЯИбЯЛЬфРМкионЗгщяюуЩХэн
ProductVersion: 60.17.53.48
Translation: 0x04b0 0x0417

Malware.AI.4157997946 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (moderate confidence)
DrWebTrojan.Siggen1.62207
MicroWorld-eScanGen:Variant.Bredo.6
FireEyeGeneric.mg.615d43a8b9a3e9df
CAT-QuickHealTrojan.GenericPMF.S20099226
McAfeeArtemis!615D43A8B9A3
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055e3dd1 )
K7GWTrojan ( 0055e3dd1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaAI:Packer.F9CE228B1F
VirITTrojan.Win32.SHeur3.AHJR
CyrenW32/Qakbot.A.gen!Eldorado
ESET-NOD32Win32/Agent.RDE
TrendMicro-HouseCallBKDR_QAKBOT.SMC
ClamAVWin.Trojan.Small-5417
KasperskyPacked.Win32.Krap.hm
BitDefenderGen:Variant.Bredo.6
NANO-AntivirusTrojan.Win32.Krap.xsvc
AvastFileRepMalware [Cryp]
TencentMalware.Win32.Gencirc.10b0d4c8
Ad-AwareGen:Variant.Bredo.6
EmsisoftGen:Variant.Bredo.6 (B)
ComodoMalCrypt.Indus!@1qrzi1
BaiduWin32.Trojan.Agent.auw
ZillyaTrojan.Agent.Win32.445769
TrendMicroBKDR_QAKBOT.SMC
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.vc
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
SophosMal/Generic-R + Mal/Zbot-U
IkarusWorm.Win32.Ramnit
GDataGen:Variant.Bredo.6
JiangminPacked.Krap.cqoj
AviraTR/Dropper.Gen
ArcabitTrojan.Bredo.6
ViRobotTrojan.Win32.Krap.58368.S
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.ZBot.R196286
Acronissuspicious
VBA32Trojan.SB.01742
ALYacGen:Variant.Bredo.6
MalwarebytesMalware.AI.4157997946
APEXMalicious
RisingTrojan.Axespec!1.A74A (CLASSIC)
YandexTrojan.GenAsa!X1IvfPRZtiQ
MAXmalware (ai score=85)
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Generic.AC.221D9E!tr
AVGFileRepMalware [Cryp]
Cybereasonmalicious.8b9a3e
PandaTrj/Sinowal.XEG

How to remove Malware.AI.4157997946?

Malware.AI.4157997946 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment