Malware

Malware.AI.4187609156 removal guide

Malware Removal

The Malware.AI.4187609156 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4187609156 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Traditional)
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup

Related domains:

wpad.local-net

How to determine Malware.AI.4187609156?



File Info:

name: 11DD5C7DE5D8EAE5459C.mlw
path: /opt/CAPEv2/storage/binaries/6a64ea08126b1b9c715e1fbe27414dd155c6adc975683b4c4541b41a9828e44f
crc32: 06E30BEC
md5: 11dd5c7de5d8eae5459cf9655a433d85
sha1: 9befeb3ef84708c51be4add89aef7cef5ab95343
sha256: 6a64ea08126b1b9c715e1fbe27414dd155c6adc975683b4c4541b41a9828e44f
sha512: 61db5502d1ca19a2a5a05a10b9bd6dbab4358e74c2bf05ef82edf8335cbd15756b8ddd03d544e6c51e14d362d90631b18f7ec64b9003ee1cf29faed2efb0e3d8
ssdeep: 24576:vTunbqg2yelSu5HknIl3LGFzM6XkaKvs/0BLZzHBUt:bunb92y05EINEWfBdzhUt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16B95E0D4FE1A5CCEF71424F55745CCA80EE528EA456781CF09C99E9CEB3E6809D203EA
sha3_384: 05f9036620bedcf3e707a49abb756eedce348d6dbcdc30e8a3983df178a55aff1deb9cfaab3b0d8461476c285b74869f
ep_bytes: 68e0134000e8eeffffff000000000000
timestamp: 2019-03-19 09:05:24


Version Info:

Translation: 0x0404 0x04b0
Comments:    
CompanyName: Microsoft Corporation 
FileDescription: Win32 Cabinet Self-Extractor                                              
LegalCopyright: © Microsoft Corporation. All rights reserved.   
ProductName: Microsoft® Windows® Operating System   
FileVersion: 6.00.2900
ProductVersion: 6.00.2900
InternalName: WEXTRACT
OriginalFilename: WEXTRACT.EXE

Malware.AI.4187609156 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.NetWire.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.PonyStealer.Zn0@kaNmudcb
FireEyeGeneric.mg.11dd5c7de5d8eae5
ALYacGen:Heur.PonyStealer.Zn0@kaNmudcb
CylanceUnsafe
ZillyaTrojan.Injector.Win32.639368
SangforTrojan.Win32.Gen.Zn0@kaNmudcb
K7AntiVirusTrojan ( 0054af311 )
AlibabaTrojan:Win32/NetWire.d039f6f7
K7GWTrojan ( 0054af311 )
Cybereasonmalicious.de5d8e
CyrenW32/VBInject.ABE.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Injector.EENU
TrendMicro-HouseCallTrojan.Win32.BAMAPANO.SM3.hp
Paloaltogeneric.ml
KasperskyTrojan.Win32.NetWire.cqr
BitDefenderGen:Heur.PonyStealer.Zn0@kaNmudcb
NANO-AntivirusTrojan.Win32.NetWire.fpsekl
AvastWin32:Trojan-gen
TencentWin32.Trojan.Netwire.Dygz
Ad-AwareGen:Heur.PonyStealer.Zn0@kaNmudcb
SophosMal/Generic-S
ComodoMalware@#3swh852v8djdq
VIPRETrojan.Win32.Generic!BT
TrendMicroTrojan.Win32.BAMAPANO.SM3.hp
McAfee-GW-EditionBehavesLike.Win32.DistTrack.th
EmsisoftGen:Heur.PonyStealer.Zn0@kaNmudcb (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.NetWire.gl
eGambitUnsafe.AI_Score_99%
AviraTR/Crypt.FKM.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.2B2DBF3
MicrosoftTrojan:Win32/Occamy.C6A
GDataGen:Heur.PonyStealer.Zn0@kaNmudcb
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/VBKrand.Gen
McAfeeArtemis!11DD5C7DE5D8
VBA32TScope.Trojan.VB
MalwarebytesMalware.AI.4187609156
APEXMalicious
YandexTrojan.Injector!td9/28QwYGQ
IkarusTrojan.Win32.Formbook
MaxSecureTrojan.Malware.1728101.susgen
FortinetW32/GenKryptik.FGZN!tr
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Malware.AI.4187609156?

Malware.AI.4187609156 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment