Malware

Malware.AI.4191923766 (file analysis)

Malware Removal

The Malware.AI.4191923766 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4191923766 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Creates known Njrat/Bladabindi RAT registry keys
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.4191923766?



File Info:

name: D812FB8DF6D47509C5C2.mlw
path: /opt/CAPEv2/storage/binaries/99c877539b99b58dd7962c011599d68f0fa6221adceaa11feb87a54fc3464f68
crc32: 1038D81A
md5: d812fb8df6d47509c5c247582eb9a2df
sha1: b978edf47107cedc198e7ad6e735a0ee68b34297
sha256: 99c877539b99b58dd7962c011599d68f0fa6221adceaa11feb87a54fc3464f68
sha512: 709136c1c1ba9e36bac298b38e1e01168045725e01447add48373e3bae4eac004f8b4669967fc9ab5f5077a98debd669172597e172f1a76a7c87af7b3b9a7b7d
ssdeep: 49152:VzUx2YWmdIQtC4b9+02QNE1kPRu1foB1Mk7kePT0AxDzZ/tiGrozgxkUhdN7GuvB:2xJE8C1gEmCOMZ7CtF06LoXABlqLxj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E81623112AEA1436F1B7AF345BF46551DD6FBA3226E6902D1CB0C30E8736A82DCB1375
sha3_384: 32e625487426147195acda67a871754a84d851deb06f54fc57f7ab95c7f3c6f7fd23782a3a6d20f0744f20957cfced01
ep_bytes: ff250020400000000000000000000000
timestamp: 2019-07-05 23:44:54


Version Info:

Translation: 0x0000 0x04b0
FileDescription: wifiguard_windows_setup
FileVersion: 1.0.0.0
InternalName: wifiguard_windows_setup.exe
LegalCopyright: Copyright ©  2019
OriginalFilename: wifiguard_windows_setup.exe
ProductName: wifiguard_windows_setup
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Malware.AI.4191923766 also known as:

LionicTrojan.MSIL.AntiAV.4!c
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop13.45926
MicroWorld-eScanGen:Variant.Johnnie.121182
FireEyeGeneric.mg.d812fb8df6d47509
McAfeeArtemis!D812FB8DF6D4
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Bladabindi.rfn
K7AntiVirusTrojan ( 004de9b41 )
AlibabaTrojan:MSIL/AntiAV.d8022296
K7GWTrojan ( 004de9b41 )
Cybereasonmalicious.df6d47
BitDefenderThetaGen:NN.ZemsilF.34294.@t0@aeqUwBn
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDropper.Agent.CGN
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Filerepmalware-7614212-0
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Variant.Johnnie.121182
NANO-AntivirusTrojan.Win32.AntiAV.hzjlez
AvastWin32:Malware-gen
TencentMsil.Trojan.Antiav.Wpss
Ad-AwareGen:Variant.Johnnie.121182
EmsisoftGen:Variant.Johnnie.121182 (B)
ComodoMalware@#2wgyqvjfcog5d
F-SecureTrojan.TR/Dropper.Gen
ZillyaDropper.Agent.Win32.437668
TrendMicroTROJ_GEN.R002C0GIG21
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
IkarusVirus.Win32.Madang
GDataGen:Variant.Johnnie.121182
AviraTR/Dropper.Gen
Antiy-AVLTrojan/MSIL.AntiAV
ArcabitTrojan.Johnnie.D1D95E
MicrosoftTrojan:Win32/Bladabindi!rfn
CynetMalicious (score: 99)
VBA32TScope.Trojan.MSIL
ALYacGen:Variant.Johnnie.121182
MAXmalware (ai score=82)
MalwarebytesMalware.AI.4191923766
TrendMicro-HouseCallTROJ_GEN.R002C0GIG21
YandexTrojan.AntiAV!/B9+KqUPP+Y
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/GenKryptik.BVPX!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Malware.AI.4191923766?

Malware.AI.4191923766 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment