Categories: Malware

Malware.AI.4157997946 (file analysis)

The Malware.AI.4157997946 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4157997946 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Malware.AI.4157997946?



File Info:

name: 615D43A8B9A3E9DF146B.mlwpath: /opt/CAPEv2/storage/binaries/54906489cceb2e76d85beedb410fe5527d608419e3e7c725eaca4cbcac2ff079crc32: 5AD4B81Dmd5: 615d43a8b9a3e9df146b1f1486aa2983sha1: f80a7d4ee238135cdca2db171d6b6c5af0fc469csha256: 54906489cceb2e76d85beedb410fe5527d608419e3e7c725eaca4cbcac2ff079sha512: 601c3900c91d80bf0a9b02e1268868d683caf188b4172bfbb50f2e214c9d824508ae4a37fb00f6d44fb252584dc5814c9b1285811e70ccafd0dc1f1da38cbb69ssdeep: 49152:UhMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMe:UMtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1A0A502C4F7F513ACC57C0A1ACC02B419371DB24AA9162BCBE87D6ECC5AE674E4B6D124sha3_384: c9b569135479707133b81b7fea27da376bd929d553f30d18ccfff5a46e1ba6161717b3984d8b3e20bd512576b4b6fffeep_bytes: 60be007041008dbe00a0feff57eb0b90timestamp: 2007-12-22 02:58:42

Version Info:

CompanyName: ЦКмваИРяДхнЭзМоДУУВЫмъьШЛЩFileDescription: ЯВеБЩСЭсЮГпчИТяяМюйАжЙАFileVersion: 60.17.53.48InternalName: ЧяртПОнЦЮлКбСэТьХГгфзШЫзЭьШГВLegalCopyright: 1750-6124OriginalFilename: U8w4J2mM.exeProductName: гмЯИбЯЛЬфРМкионЗгщяюуЩХэнProductVersion: 60.17.53.48Translation: 0x04b0 0x0417

Malware.AI.4157997946 also known as:

Bkav W32.AIDetect.malware1
Elastic malicious (moderate confidence)
DrWeb Trojan.Siggen1.62207
MicroWorld-eScan Gen:Variant.Bredo.6
FireEye Generic.mg.615d43a8b9a3e9df
CAT-QuickHeal Trojan.GenericPMF.S20099226
McAfee Artemis!615D43A8B9A3
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 0055e3dd1 )
K7GW Trojan ( 0055e3dd1 )
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta AI:Packer.F9CE228B1F
VirIT Trojan.Win32.SHeur3.AHJR
Cyren W32/Qakbot.A.gen!Eldorado
ESET-NOD32 Win32/Agent.RDE
TrendMicro-HouseCall BKDR_QAKBOT.SMC
ClamAV Win.Trojan.Small-5417
Kaspersky Packed.Win32.Krap.hm
BitDefender Gen:Variant.Bredo.6
NANO-Antivirus Trojan.Win32.Krap.xsvc
Avast FileRepMalware [Cryp]
Tencent Malware.Win32.Gencirc.10b0d4c8
Ad-Aware Gen:Variant.Bredo.6
Emsisoft Gen:Variant.Bredo.6 (B)
Comodo MalCrypt.Indus!@1qrzi1
Baidu Win32.Trojan.Agent.auw
Zillya Trojan.Agent.Win32.445769
TrendMicro BKDR_QAKBOT.SMC
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.vc
SentinelOne Static AI – Malicious PE
Trapmine malicious.high.ml.score
Sophos Mal/Generic-R + Mal/Zbot-U
Ikarus Worm.Win32.Ramnit
GData Gen:Variant.Bredo.6
Jiangmin Packed.Krap.cqoj
Avira TR/Dropper.Gen
Arcabit Trojan.Bredo.6
ViRobot Trojan.Win32.Krap.58368.S
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.ZBot.R196286
Acronis suspicious
VBA32 Trojan.SB.01742
ALYac Gen:Variant.Bredo.6
Malwarebytes Malware.AI.4157997946
APEX Malicious
Rising Trojan.Axespec!1.A74A (CLASSIC)
Yandex Trojan.GenAsa!X1IvfPRZtiQ
MAX malware (ai score=85)
MaxSecure Trojan.Malware.121218.susgen
Fortinet W32/Generic.AC.221D9E!tr
AVG FileRepMalware [Cryp]
Cybereason malicious.8b9a3e
Panda Trj/Sinowal.XEG

How to remove Malware.AI.4157997946?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Malware.AI.4157997946ЧяртПОнЦЮлКбСэТьХГгфзШЫзЭьШГВ
2 years ago

Recent Posts

Midie.66060 (file analysis)

The Midie.66060 is considered dangerous by lots of security experts. When this infection is active,…

5 mins ago

Should I remove “Symmi.6017 (B)”?

The Symmi.6017 (B) is considered dangerous by lots of security experts. When this infection is…

20 mins ago

Zusy.540971 removal tips

The Zusy.540971 is considered dangerous by lots of security experts. When this infection is active,…

20 mins ago

Should I remove “Win32:VB-VBS [Wrm]”?

The Win32:VB-VBS [Wrm] is considered dangerous by lots of security experts. When this infection is…

24 mins ago

AdClicker.Trojan.Clicker.DDS malicious file

The AdClicker.Trojan.Clicker.DDS is considered dangerous by lots of security experts. When this infection is active,…

25 mins ago

Worm.Win32.Vobfus.exhx information

The Worm.Win32.Vobfus.exhx is considered dangerous by lots of security experts. When this infection is active,…

25 mins ago