Malware

Malware.AI.4160009548 (file analysis)

Malware Removal

The Malware.AI.4160009548 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4160009548 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Reads data out of its own binary image
  • A process created a hidden window
  • Unconventionial language used in binary resources: Spanish (Modern)
  • Executed a process and injected code into it, probably while unpacking
  • Sniffs keystrokes
  • A process attempted to delay the analysis task by a long amount of time.
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates known SpyNet mutexes and/or registry changes.
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
clientes1.no-ip.org

How to determine Malware.AI.4160009548?



File Info:

crc32: B8994E98
md5: 12cbc9e13dddb11b75a716adfc0108e3
name: 12CBC9E13DDDB11B75A716ADFC0108E3.mlw
sha1: 60211d87604ccdec0c6559fa0390c99c1d10af41
sha256: 76a77768135ea4d1663758ddf513c4f970eda99c6b06575914f0d6c461cd6e02
sha512: 5612ba7507cb95b54ae660d799e16c81f46e8a1b21a40e8f8112da77e5dcd8f4f3df5312cdc2609466b74789d3e0135393ccb593a1238e0cbc11b630fda7e45e
ssdeep: 6144:VFMc++HVYp5MTuswjciGt3BDtMsx5VJST6a5pub90Fz9/NWeH:VFi+1U60wt5lJSv5obqFz9/UeH
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0c0a 0x04b0
InternalName: LDK
FileVersion: 1.00
ProductName: crYCGQb3xwWAApZ7NRJUgGlWeVwWJnTsZGc
ProductVersion: 1.00
FileDescription: LeonDk
OriginalFilename: LDK.exe

Malware.AI.4160009548 also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Johnnie.283153
FireEyeGeneric.mg.12cbc9e13dddb11b
McAfeeArtemis!12CBC9E13DDD
MalwarebytesMalware.AI.4160009548
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Llac.4!c
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderGen:Variant.Johnnie.283153
K7GWTrojan ( 004b89cf1 )
K7AntiVirusTrojan ( 004b89cf1 )
BitDefenderThetaGen:NN.ZevbaF.34804.ym3@aWwf2HU
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.ASCQ
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Trojan.Llac-9810839-0
KasperskyTrojan.Win32.Llac.drcw
AlibabaTrojan:Win32/Injector.35234081
NANO-AntivirusTrojan.Win32.SpyNet.cosqrf
ViRobotTrojan.Win32.Z.Llac.397911
RisingWorm.Rebhip!8.B31 (CLOUD)
Ad-AwareGen:Variant.Johnnie.283153
EmsisoftGen:Variant.Johnnie.283153 (B)
ComodoMalware@#3g0c4zyericar
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.PWS.Stealer.15081
ZillyaTrojan.Llac.Win32.46627
TrendMicroTROJ_GEN.R002C0OLE20
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
SophosMal/Generic-S
IkarusBackdoor.Win32.Xtreme
GDataGen:Variant.Johnnie.283153
JiangminTrojan/Llac.wmj
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Win32.Llac
KingsoftWin32.Troj.Generic_a.a.(kcloud)
ArcabitTrojan.Johnnie.D45211
AhnLab-V3Trojan/Win32.Llac.R91918
ZoneAlarmTrojan.Win32.Llac.drcw
MicrosoftWorm:Win32/Rebhip.A
CynetMalicious (score: 100)
TotalDefenseWin32/Rebhip.XUTSJcC
VBA32Trojan.Llac
ALYacGen:Variant.Johnnie.283153
MAXmalware (ai score=100)
PandaTrj/Dtcontx.I
TrendMicro-HouseCallTROJ_GEN.R002C0OLE20
TencentMalware.Win32.Gencirc.10c4ec79
YandexTrojan.Llac!/sIkVzw+h9Q
SentinelOneStatic AI – Malicious PE
eGambitGeneric.Malware
FortinetW32/Filecoder_CTBLocker.A!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Llac.HwMA6dwA

How to remove Malware.AI.4160009548?

Malware.AI.4160009548 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment