Malware

Malware.AI.4190491219 (file analysis)

Malware Removal

The Malware.AI.4190491219 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4190491219 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Uses Windows utilities to enumerate running processes
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Deletes executed files from disk
  • Harvests cookies for information gathering
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.4190491219?



File Info:

name: 36BE0FCD982A7E2988CF.mlw
path: /opt/CAPEv2/storage/binaries/1130117cf07dd8437dcbdce92a89755d4afe8d140c7a59dc0d7b5d569259cd8e
crc32: 1D853CB7
md5: 36be0fcd982a7e2988cfc5c767264afe
sha1: 550edf2e85a26e92e4988f36668d77ba8ab4acf2
sha256: 1130117cf07dd8437dcbdce92a89755d4afe8d140c7a59dc0d7b5d569259cd8e
sha512: c0811ff5bf144a0a749b84720a21fd809fedee785355f399918ff200dc1ff71c0923c05a7cfcdccdf589abe05beeef1b533f75fc8bd7ae41067e9eadd3e5b5e8
ssdeep: 3072:LKol1Ld1V5eJ4fudPM+cm4QXJ04NJCluh3BuKlQHZ:vhxud9PNJC0O5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B5D37C1171C0C472E4BA8A712D64EBB6AD2DFC300B255ADBB394577A0E344D16A72F73
sha3_384: f0ef6d5c6801e14051e5231cdc9ca9c3b4731528dcf0d7ea067c33a8b0faf1f5cd487f1c896ac6bf0a44e60292e1a320
ep_bytes: e868040000e980feffff558bec5156ff
timestamp: 2017-03-02 01:39:15


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Notepad
FileVersion: 6.1.0.0
InternalName: Notepad
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: NOTEPAD.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.0.0
Translation: 0x0409 0x04b0

Malware.AI.4190491219 also known as:

BkavW32.AIDetect.malware2
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.GenericKD.39823509
FireEyeTrojan.GenericKD.39823509
ALYacBackdoor.Agent.BoxCaon
ZillyaDownloader.Agent.Win32.328389
K7AntiVirusTrojan-Downloader ( 005085aa1 )
K7GWTrojan-Downloader ( 005085aa1 )
Cybereasonmalicious.d982a7
SymantecTrojan.Gen
Elasticmalicious (high confidence)
ESET-NOD32Win32/TrojanDownloader.Speccom.K
APEXMalicious
KasperskyTrojan-Downloader.Win32.Agent.hhij
BitDefenderTrojan.GenericKD.39823509
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.1149b8ff
Ad-AwareTrojan.GenericKD.39823509
VIPRETrojan.GenericKD.39823509
Trapminesuspicious.low.ml.score
EmsisoftTrojan.GenericKD.39823509 (B)
SentinelOneStatic AI – Suspicious PE
GDataTrojan.GenericKD.39823509
JiangminTrojanDownloader.Agent.fzpo
AviraTR/Dldr.Speccom.amfcr
Antiy-AVLTrojan/Generic.ASMalwS.13
ArcabitTrojan.Generic.D25FA895
ViRobotTrojan.Win32.Agent.134656.Y
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Malware/Win32.Generic.C1852593
MAXmalware (ai score=80)
VBA32BScope.Trojan.IndigoZebra
MalwarebytesMalware.AI.4190491219
RisingTrojan.Generic@AI.80 (RDMK:cmRtazqfhS0MMqCAfNYrDe61c2uk)
BitDefenderThetaGen:NN.ZexaF.34786.iu1@aGwOympi
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Malware.AI.4190491219?

Malware.AI.4190491219 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment