Malware

Malware.AI.4197860002 (file analysis)

Malware Removal

The Malware.AI.4197860002 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4197860002 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Malware.AI.4197860002?



File Info:

name: 805047051FFC7D692BFA.mlw
path: /opt/CAPEv2/storage/binaries/fedac65198af60340935d399c48d380e919e0225dadc570376ff2127cb6bbc33
crc32: ECA94F5E
md5: 805047051ffc7d692bfaa962299f2792
sha1: 50e2d1042200145956bad6bfcbf41dca08a6d911
sha256: fedac65198af60340935d399c48d380e919e0225dadc570376ff2127cb6bbc33
sha512: 207b1ae550c3d9143fef1112e953f8178d10fc456c27b0bfc65fdab8079f5d8a5b1847770b2a14767ada990a9520cb7153863f90f21cf722d54915ca5d2d346b
ssdeep: 3072:8sKYYGxb1rEODOuvCtl+mWmDYg9RpnjGqfsI6UgeFBAjSZB:LhBfgITSXYg9RNj7ktsB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T135E302501B47BE6AEFF167F8DC8BA82C442C470EA75C1E72076C29291478967EC365F8
sha3_384: 845c0949ccd2e8eb1f0e0aff156cab675b9ff6d5496f35440af11258c4b925ba52967ef4f00cbd9fbf3cde53c45b1335
ep_bytes: 6a6068c0304000e84e02000033db538b
timestamp: 2012-06-19 23:40:49


Version Info:

0: [No Data]

Malware.AI.4197860002 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Zbot.l!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Symmi.1722
FireEyeGeneric.mg.805047051ffc7d69
McAfeePWS-Zbot.gen.bgh
CylanceUnsafe
VIPRETrojan.Win32.Dofoil.sd (v)
SangforSuspicious.Win32.Save.a
K7AntiVirusSpyware ( 0055e3db1 )
AlibabaTrojanPSW:Win32/Kuluoz.e1881fe2
K7GWSpyware ( 0055e3db1 )
Cybereasonmalicious.51ffc7
BitDefenderThetaGen:NN.ZexaF.34232.jqW@aa@4zuoi
VirITTrojan.Win32.Panda.DMC
CyrenW32/S-041f8947!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Spy.Zbot.AAO
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Symmi.1722
NANO-AntivirusTrojan.Win32.Zbot.ufxzt
AvastWin32:Citadel-T [Trj]
TencentWin32.Trojan.Generic.Dxme
Ad-AwareGen:Variant.Symmi.1722
EmsisoftGen:Variant.Symmi.1722 (B)
ComodoTrojWare.Win32.Zbot.RUA@4x90nk
DrWebTrojan.PWS.Panda.2342
ZillyaTrojan.Zbot.Win32.62684
TrendMicroTROJ_GEN.R002C0DB822
McAfee-GW-EditionBehavesLike.Win32.Trojan.cc
SophosMal/Generic-R + Mal/Kuluoz-A
IkarusTrojan-Spy.Win32.Zbot
GDataGen:Variant.Symmi.1722
JiangminTrojanSpy.Zbot.btkg
WebrootW32.Malware.Gen
AviraTR/Crypt.XPACK.Gen7
MAXmalware (ai score=99)
Antiy-AVLTrojan[Spy]/Win32.Zbot
KingsoftWin32.Troj.Zbot.(kcloud)
GridinsoftRansom.Win32.Zbot.sa
ArcabitTrojan.Symmi.D6BA
ViRobotTrojan.Win32.A.Zbot.155648.CP
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot!CI
CynetMalicious (score: 100)
Acronissuspicious
VBA32BScope.Trojan-Spy.Zbot
TACHYONTrojan-Spy/W32.ZBot.155648.AZ
MalwarebytesMalware.AI.4197860002
TrendMicro-HouseCallTROJ_GEN.R002C0DB822
RisingSpyware.Zbot!8.16B (CLOUD)
YandexTrojan.GenAsa!Np2euEzUjaE
SentinelOneStatic AI – Malicious PE
eGambitGeneric.Malware
FortinetW32/Kryptik.DV!tr
AVGWin32:Citadel-T [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.4179281.susgen

How to remove Malware.AI.4197860002?

Malware.AI.4197860002 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment