Malware

Should I remove “Malware.AI.4195888488”?

Malware Removal

The Malware.AI.4195888488 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4195888488 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection with SetWindowLong in a remote process
  • Behavioural detection: Injection (inter-process)
  • Collects information to fingerprint the system

How to determine Malware.AI.4195888488?



File Info:

name: FB30134F51E055881803.mlw
path: /opt/CAPEv2/storage/binaries/e8ae1656c225e8de8e57983db87738630d70036aae6cf1c2b486084edb4aa4dc
crc32: E519FE0E
md5: fb30134f51e0558818038737ede9a1b0
sha1: d364682050a1635182dc5abdfb1cc4174b8e333f
sha256: e8ae1656c225e8de8e57983db87738630d70036aae6cf1c2b486084edb4aa4dc
sha512: 60db80ab100ed48f9764a560333bf19feb54232e4b4ebc2244f5eb32eb2092e97d61d912f7cc5b96c54ffbe40d1fd7b116b2724178f0f4e847ce2772e84e550f
ssdeep: 3072:qe3VbrfXktqKtl9CuglSCPTU15Y2Gh3hNyCd6U/5Nzc527JsM:qe3tGwuu6GVN/rQE7JsM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AB047C17B67AF921F07616330C6D8B6A8A187D03273746877A80BFEC75B72C14E25716
sha3_384: 75ca1cc5e28a5e76b9dc992a395ade0785a35bcfab81860e6f9181482d97c1766a6157fc6226f4cec833e18d06fe7bdf
ep_bytes: e88a160000e989feffff6a0c68608940
timestamp: 2013-04-22 06:44:05


Version Info:

CompanyName: ICQ, LLC.
FileDescription: ICQ
FileVersion: 7.8.0.6800
InternalName: ICQ
LegalCopyright: Copyright (c) 1998-2010 ICQ, LLC.
LegalTrademarks: 
OriginalFilename: ICQ.exe
ProductName: ICQ
ProductVersion: 7.8.0.6800
DistId: 30015
Translation: 0x0409 0x04b0

Malware.AI.4195888488 also known as:

LionicTrojan.Win32.Generic.lZ1N
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.fb30134f51e05588
ALYacGen:Variant.Graftor.80710
CylanceUnsafe
VIPRETrojan.Win32.Reveton.a!ag (v)
K7AntiVirusTrojan ( 004587231 )
AlibabaRansom:Win32/Gimemo.3fb8e118
K7GWTrojan ( 004587231 )
Cybereasonmalicious.f51e05
VirITTrojan.Win32.Generic.GSC
SymantecTrojan.Zbot!gen44
ESET-NOD32a variant of Win32/Kryptik.AZMA
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Ransom.Win32.Gimemo.bccr
BitDefenderGen:Variant.Graftor.80710
NANO-AntivirusTrojan.Win32.Gimemo.cqljsp
SUPERAntiSpywareRansom.Gimemo/Variant
MicroWorld-eScanGen:Variant.Graftor.80710
AvastWin32:Cryptor
TencentMalware.Win32.Gencirc.114b1269
Ad-AwareGen:Variant.Graftor.80710
SophosMal/Generic-S
ComodoMalware@#2zm3z8j567h4q
DrWebTrojan.Gapz.9
ZillyaTrojan.Gimemo.Win32.6156
TrendMicroTROJ_KRYPTIK.QCX
McAfee-GW-EditionBehavesLike.Win32.Corrupt.ch
EmsisoftGen:Variant.Graftor.80710 (B)
IkarusTrojan.Win32.Jorik
GDataGen:Variant.Graftor.80710
JiangminTrojan/Generic.awmet
WebrootTrojan.Dropper.Gen
AviraHEUR/AGEN.1242590
Antiy-AVLWorm[IM]/Win32.Skipe
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Graftor.D13B46
ZoneAlarmTrojan-Ransom.Win32.Gimemo.bccr
MicrosoftTrojan:Win32/Alureon.GC
TACHYONTrojan/W32.Gimemo.184320.E
AhnLab-V3Trojan/Win32.ZBot.R115868
Acronissuspicious
McAfeePWS-Zbot-FAXY!FB30134F51E0
MAXmalware (ai score=100)
VBA32TrojanPSW.Panda
MalwarebytesMalware.AI.4195888488
TrendMicro-HouseCallTROJ_KRYPTIK.QCX
RisingMalware.Undefined!8.C (TFE:5:j3UgSC6XEfH)
SentinelOneStatic AI – Malicious PE
FortinetW32/Injector.ZVR!tr
BitDefenderThetaGen:NN.ZexaF.34212.lu1@auQ9pQoO
AVGWin32:Cryptor
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.4195888488?

Malware.AI.4195888488 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment