Malware

Malware.AI.4178244849 information

Malware Removal

The Malware.AI.4178244849 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4178244849 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Queries information on disks, possibly for anti-virtualization
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks for the presence of known windows from debuggers and forensic tools
  • Collects information about installed applications
  • Attempts to identify installed analysis tools by registry key
  • Detects VirtualBox through the presence of a registry key
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Malware.AI.4178244849?



File Info:

name: F3437167460D32E1B2F9.mlw
path: /opt/CAPEv2/storage/binaries/00101d00be4b2872b5f7cb4a497eb17b5eec2d683271dd064ef0cef734de8b1d
crc32: 63E8B96A
md5: f3437167460d32e1b2f9324ab92e5d39
sha1: 7d5dc28ca2d2bf71e80bb80877edc1a30eaac9bf
sha256: 00101d00be4b2872b5f7cb4a497eb17b5eec2d683271dd064ef0cef734de8b1d
sha512: 4ba9ceac95ae01b4f2996a68c36b61a5012b6df52b450fca6cf02b66e3f2199c0a333c6c119203f888c61ad319f29443d8ecb9f25cffff009010b2af81e79aa8
ssdeep: 24576:oLaa2vc02o2HaQzhoxoJt8ThZlMUBlmEVnMP45v/LnPs/M6:oP2vclo2HCniEpd/TPg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10A352302BF1E89D5D01111388C8FC2AA2578BE617E6ADA07B5053FAFFDB1F019962753
sha3_384: e5af011f94ae7c94d9211b849c56a056f9df06e74e6b2908a3a3a6fa0bf08753f63ba4528e50840d98916c1c67cfee2f
ep_bytes: 83ec0483242400c70424000000005783
timestamp: 2005-08-11 05:12:56


Version Info:

CompanyName: Daniel Pistelli
FileDescription: Common File Format Explorer
FileVersion: 4.0.0.1
InternalName: CFF Explorer.exe
LegalCopyright: © 2006 Ntoskrnl (Daniel Pistelli).  All rights reserved.
OriginalFilename: CFF Explorer.exe
ProductName: CFF Explorer
ProductVersion: 4.0.0.1
Translation: 0x0409 0x04e4

Malware.AI.4178244849 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
DrWebTrojan.Rodricter.86
MicroWorld-eScanGen:Variant.Zbot.116
FireEyeGeneric.mg.f3437167460d32e1
CAT-QuickHealBackdoor.Simda.9599
ALYacGen:Variant.Zbot.116
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusBackdoor ( 0040f6c01 )
AlibabaBackdoor:Win32/Simda.7b980f2f
K7GWBackdoor ( 0040f6c01 )
Cybereasonmalicious.7460d3
BitDefenderThetaGen:NN.ZexaF.34582.cr0@ambKmGfi
VirITBackdoor.Win32.Generic.CDGG
CyrenW32/A-075ebd96!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Simda.B
TrendMicro-HouseCallTROJ_GEN.R002C0DG122
Paloaltogeneric.ml
ClamAVWin.Trojan.Simda-456
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zbot.116
NANO-AntivirusTrojan.Win32.Simda.cqtsvv
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b1ab30
Ad-AwareGen:Variant.Zbot.116
SophosML/PE-A + Troj/Simda-BK
ComodoMalware@#2wkche5769lbd
VIPREGen:Variant.Zbot.116
TrendMicroTROJ_GEN.R002C0DG122
McAfee-GW-EditionBehavesLike.Win32.Dropper.th
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Zbot.116 (B)
IkarusBackdoor.Win32.Simda
GDataGen:Variant.Zbot.116
JiangminTrojan/Generic.babtu
AviraTR/Crypt.XPACK.Gen2
Antiy-AVLTrojan/Generic.ASMalwS.360
KingsoftWin32.Hack.Simda.ab.(kcloud)
ViRobotTrojan.Win32.Z.Simda.1091072
MicrosoftBackdoor:Win32/Simda
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Simda.R86910
McAfeeCorrupt-EZ!F3437167460D
TACHYONBackdoor/W32.Simda.1091072
MalwarebytesMalware.AI.4178244849
APEXMalicious
RisingTrojan.Generic@AI.90 (RDML:bGcSEqYybjC+F+5qC9NvoA)
YandexTrojan.GenAsa!ATYfQBViMW8
MAXmalware (ai score=99)
FortinetW32/Krap.STI!tr
AVGWin32:Malware-gen
PandaTrj/Genetic.gen

How to remove Malware.AI.4178244849?

Malware.AI.4178244849 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment