Malware

Malware.AI.4178727022 (file analysis)

Malware Removal

The Malware.AI.4178727022 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4178727022 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Steals private information from local Internet browsers
  • CAPE detected the Tefosteal malware family
  • Detects Bochs through the presence of a registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Harvests cookies for information gathering
  • Collects information to fingerprint the system

How to determine Malware.AI.4178727022?



File Info:

name: C09880F5AF57A2D9E234.mlw
path: /opt/CAPEv2/storage/binaries/b33ecc1ecd2b108fa26406b3673b45ceb90b260c3c6ddf69f16e3f5b52bb133d
crc32: B307E52E
md5: c09880f5af57a2d9e234e8b5380354bf
sha1: cbbd91aab2a4ae54a903a37a26b341ce41980a05
sha256: b33ecc1ecd2b108fa26406b3673b45ceb90b260c3c6ddf69f16e3f5b52bb133d
sha512: 7518e0a67e867888825bfe12c63533935996eb053337acc720edba24231004be440b9087d05741be96ecf58703b468952f7e80d1be79773ac2c1c8e0e9cd4bab
ssdeep: 98304:WdGNegun/FgIK3ZDwbFGI1uE4ZVPJEdjZ2tx1:FgTK8Gp/PJEVZ25
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11C569D12B3859036D0660B3F587BD6B9593B76211B12DCD76BF40D4C8E3A6C07E3A39A
sha3_384: 74624f646240c938e14a4e4f617b3bcdb472484d5d70bbac1c233d8550c26d16c4bc838e446221c8685ca058ac935751
ep_bytes: 558becb9870000006a006a004975f953
timestamp: 2021-04-24 22:59:37


Version Info:

0: [No Data]

Malware.AI.4178727022 also known as:

LionicRiskware.Win32.PassView.1!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.444526
McAfeeGenericRXAA-AA!C09880F5AF57
MalwarebytesMalware.AI.4178727022
VIPRETrojan.Win32.Generic!BT
K7AntiVirusSpyware ( 00558f031 )
AlibabaTrojanSpy:Win32/PassView.5013a220
K7GWSpyware ( 00558f031 )
CyrenW32/Trojan.ROJL-6093
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Spy.Delf.QWF
Paloaltogeneric.ml
Kasperskynot-a-virus:UDS:PSWTool.Win32.PassView
BitDefenderGen:Variant.Bulz.444526
AvastWin32:MalwareX-gen [Trj]
RisingTrojan.Generic@ML.84 (RDML:JBG3IIVO4exi+9GewzqO6A)
Ad-AwareGen:Variant.Bulz.444526
EmsisoftGen:Variant.Bulz.444526 (B)
F-SecureHeuristic.HEUR/AGEN.1144312
DrWebTrojan.Siggen13.15382
ZillyaTrojan.Delf.Win32.136684
TrendMicroTROJ_GEN.R002C0PL521
McAfee-GW-EditionBehavesLike.Win32.Backdoor.th
FireEyeGeneric.mg.c09880f5af57a2d9
SophosMal/Generic-S
IkarusPUA.PSWTool.Agent
GDataGen:Variant.Bulz.444526
JiangminPSWTool.PassView.ff
eGambitUnsafe.AI_Score_98%
AviraHEUR/AGEN.1144312
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASMalwS.32B0F03
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Bulz.D6C86E
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R454376
VBA32BScope.TrojanDownloader.Banload
ALYacGen:Variant.Bulz.444526
CylanceUnsafe
TrendMicro-HouseCallTROJ_GEN.R002C0PL521
TencentWin32.Trojan-spy.Delf.Swui
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Delf
AVGWin32:MalwareX-gen [Trj]
Cybereasonmalicious.ab2a4a
PandaTrj/GdSda.A

How to remove Malware.AI.4178727022?

Malware.AI.4178727022 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment