Malware

About “Malware.AI.4169759778” infection

Malware Removal

The Malware.AI.4169759778 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4169759778 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • NtSetInformationThread: attempt to hide thread from debugger
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Behavioural detection: Injection (inter-process)
  • Checks for the presence of known windows from debuggers and forensic tools
  • Created a process from a suspicious location
  • Steals private information from local Internet browsers
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • CAPE detected the OnlyLogger malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a device
  • Attempts to modify proxy settings
  • Attempts to disable Windows Defender
  • Attempts to modify Windows Defender using PowerShell
  • Harvests cookies for information gathering
  • Attempts to execute suspicious powershell command arguments

How to determine Malware.AI.4169759778?



File Info:

name: 857AD853C2243A84D70A.mlw
path: /opt/CAPEv2/storage/binaries/6ad65f44871e22127dc366526f6b213c0dc62ea3bc7e0d33366a5118cade2f83
crc32: C7FECFBA
md5: 857ad853c2243a84d70af59e8f1f3ca4
sha1: fe444c65e23f1100d3eaf52f11fc757890cfd102
sha256: 6ad65f44871e22127dc366526f6b213c0dc62ea3bc7e0d33366a5118cade2f83
sha512: 4750f945d736da1a66119bb6c8c1ac8484e9b3fe7e7341802af30b6bdafa353ae27a34536ca069ab826ae91ad3db72f51675df385e7fe9865704468f16b044c2
ssdeep: 196608:x/Z1LBlZVapMJ7m98GCwMsi1WzSpGHY3nyBoCG4uq:x/Z1LLaph9FCwMCzSs+nny
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F6763320BBF011FFD5A09DF4450C1B7298A6B328597286B7E3D0DACECA5C4B71B614E9
sha3_384: 6705c6c2708d31f4c3d8cb81c5e698e02070361af0aceb27647a188665bf8b90f26a1aa36a204bd942af85238da662bf
ep_bytes: 558bec6aff6898c24100680691410064
timestamp: 2019-02-21 16:00:00


Version Info:

CompanyName: Igor Pavlov
FileDescription: 7z Setup SFX
FileVersion: 19.00
InternalName: 7zS.sfx
LegalCopyright: Copyright (c) 1999-2018 Igor Pavlov
OriginalFilename: 7zS.sfx.exe
ProductName: 7-Zip
ProductVersion: 19.00
Translation: 0x0409 0x04b0

Malware.AI.4169759778 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.Siggen15.49720
MicroWorld-eScanDropped:Trojan.GenericKD.38671640
FireEyeDropped:Trojan.GenericKD.38671640
CAT-QuickHealTrojan.Win64RI.S25839259
McAfeeArtemis!857AD853C224
CylanceUnsafe
K7AntiVirusTrojan ( 00581cad1 )
AlibabaTrojanPSW:Win32/Stealer.438f3780
K7GWTrojan ( 00581cad1 )
BitDefenderThetaGen:NN.ZexaF.34182.CD0@aKaJOOij
CyrenW32/Agent.DZE.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
TrendMicro-HouseCallHackTool.Win64.NirSoftPT.SM
ClamAVWin.Malware.Barys-9859499-0
KasperskyTrojan-PSW.Win32.Stealer.aema
BitDefenderDropped:Trojan.GenericKD.38671640
NANO-AntivirusRiskware.Win32.PSWTool.hqsnsl
AvastWin32:MiscX-gen [PUP]
RisingTrojan.Starter!1.D93D (CLOUD)
Ad-AwareDropped:Trojan.GenericKD.38671640
EmsisoftDropped:Trojan.GenericKD.38671640 (B)
ComodoMalware@#3excwn0owlbku
TrendMicroHackTool.Win64.NirSoftPT.SM
McAfee-GW-EditionBehavesLike.Win32.HToolPassView.vc
SophosMal/Generic-S
JiangminTrojan.Generic.hezan
eGambitUnsafe.AI_Score_99%
AviraHEUR/AGEN.1208921
Antiy-AVLTrojan/Generic.ASMalwS.30FD5A1
MicrosoftTrojan:Win32/Sabsik.FL.A!ml
ZoneAlarmTrojan-PSW.Win32.Stealer.aema
GDataDropped:Trojan.GenericKD.38671640
CynetMalicious (score: 100)
ALYacDropped:Trojan.GenericKD.38671640
MAXmalware (ai score=80)
MalwarebytesMalware.AI.4169759778
IkarusTrojan-Downloader.Win32.Agent
FortinetW64/Agent.ATS!tr
AVGWin32:MiscX-gen [PUP]
Cybereasonmalicious.3c2243

How to remove Malware.AI.4169759778?

Malware.AI.4169759778 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment