Malware

Malware.AI.4165139982 malicious file

Malware Removal

The Malware.AI.4165139982 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4165139982 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • A process attempted to delay the analysis task by a long amount of time.
  • Behavior consistent with a dropper attempting to download the next stage.
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings

How to determine Malware.AI.4165139982?



File Info:

name: 6FA158A78744C24AA963.mlw
path: /opt/CAPEv2/storage/binaries/fdae5fbe5969cdee0afe9e53dc1ba594944c912e7d0ba4864318f1044b39f5eb
crc32: 7B3DAD2F
md5: 6fa158a78744c24aa9632bc0512e890c
sha1: 67bccdd5ba4902643079fdd11d7d25b599fcf7ac
sha256: fdae5fbe5969cdee0afe9e53dc1ba594944c912e7d0ba4864318f1044b39f5eb
sha512: 0a6bff4871113ad29d6773893a6ca97880e3e564e41e0ca43a1c45117fac2e3f43e986e7318fbb6e59c4e999ea8e4e657d208f9fbc4301295c01a9e298bc8a36
ssdeep: 1536:zNlRnooRjDTyScbNtulRRfQlnf6wK6zR5kYx2vgzUj:zNQC3OXyKf1zR5kw2vSUj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F073F102B327B467C1694771653B2A8E5CB4CF26174903BB5AD3BD1C4F788D2A873B52
sha3_384: 3ccead09d2c5947cb11ef2b03d8018fd25235da021a3bcbc6f22707ffaa3163cf499a10c429921cce3b944672f7eb8e9
ep_bytes: 558bec6aff6820d5400068c0cb400064
timestamp: 2014-06-08 09:07:42


Version Info:

0: [No Data]

Malware.AI.4165139982 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.makI
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.96064
FireEyeGeneric.mg.6fa158a78744c24a
CAT-QuickHealTrojanDownloadr.Kuluoz.MUE.D6
McAfeeDownloader-FADF!6FA158A78744
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Zortob.B
K7AntiVirusTrojan-Downloader ( 0055e3da1 )
AlibabaTrojanDropper:Win32/dropper.ali1003001
K7GWTrojan-Downloader ( 0055e3da1 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZexaF.34182.euW@aq5qdfgi
CyrenW32/Trojan.QRYZ-5636
SymantecPacked.Generic.463
ESET-NOD32Win32/TrojanDownloader.Zortob.B
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.96064
NANO-AntivirusTrojan.Win32.Aspxor.dazwoh
AvastWin32:Trojan-gen
RisingDownloader.Zortob!8.896 (CLOUD)
Ad-AwareGen:Variant.Zusy.96064
EmsisoftGen:Variant.Zusy.96064 (B)
ComodoMalware@#3snwxhiztqrf0
DrWebBackDoor.Kuluoz.4
ZillyaWorm.Aspxor.Win32.673
TrendMicroTROJ_SPNR.11FD14
McAfee-GW-EditionBehavesLike.Win32.Generic.lh
SophosML/PE-A + Troj/Agent-AHHI
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Zusy.96064
JiangminTrojan.Generic.evqyu
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1125240
MAXmalware (ai score=100)
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Zusy.D17740
ViRobotTrojan.Win32.Z.Aspxor.79872
MicrosoftTrojanDownloader:Win32/Kuluoz
AhnLab-V3Trojan/Win32.Xema.R112617
ALYacGen:Variant.Zusy.96064
TACHYONWorm/W32.Aspxor.79872.B
VBA32Worm.Aspxor
MalwarebytesMalware.AI.4165139982
TrendMicro-HouseCallTROJ_SPNR.11FD14
TencentWin32.Trojan.Generic.Wtdx
IkarusTrojan-Spy.Zbot
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/Aspxor.ARR!worm.im
AVGWin32:Trojan-gen
Cybereasonmalicious.78744c
PandaTrj/Genetic.gen

How to remove Malware.AI.4165139982?

Malware.AI.4165139982 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment