The Malware.AI.4210225086 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.
Gridinsoft Anti-Malware
Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
What Malware.AI.4210225086 virus can do?
- Behavioural detection: Executable code extraction – unpacking
- Yara rule detections observed from a process memory dump/dropped files/CAPE
- Creates RWX memory
- Anomalous file deletion behavior detected (10+)
- Dynamic (imported) function loading detected
- At least one IP Address, Domain, or File Name was found in a crypto call
- Enumerates running processes
- Expresses interest in specific running processes
- Reads data out of its own binary image
- CAPE extracted potentially suspicious content
- Unconventionial language used in binary resources: Russian
- The binary contains an unknown PE section name indicative of packing
- Authenticode signature is invalid
- Code injection with CreateRemoteThread in a remote process
- Behavioural detection: Injection (inter-process)
- Behavioural detection: Injection with CreateRemoteThread in a remote process
- Tries to unhook or modify Windows functions monitored by Cuckoo
- Steals private information from local Internet browsers
- Collects and encrypts information about the computer likely to send to C2 server
- Attempts to modify browser security settings
- Harvests credentials from local FTP client softwares
- Collects information to fingerprint the system
- Anomalous binary characteristics
- Clears web history
How to determine Malware.AI.4210225086?
File Info:
name: C261A9090FD2E7D5AD61.mlwpath: /opt/CAPEv2/storage/binaries/fdee5ba6c5ea4393157d18cabf482fd61ce31ec0ea327a6580f2d583f2c3cad8crc32: B1790FB5md5: c261a9090fd2e7d5ad6102fe85a61f68sha1: e7f2f33ec45eed818df278beb80adbe4b61c7adesha256: fdee5ba6c5ea4393157d18cabf482fd61ce31ec0ea327a6580f2d583f2c3cad8sha512: 24f56d77244485fe9f00d9a987979c725fb56264a9a97cd37640ee51aca2202cb8361ec687eb951d8f48e523023c1287d2efaf246572341ae161817985337e9fssdeep: 768:DZqRDF4mkWQfcwGHAfaodnpAHK+f2vV+dBxhvL4YhR4zXOoXrlE:DZmpQEjHKtn0zOd+dphR4rnZtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T13BC3027738D906A7CACF1C7464535436EAB61F24A3D486A4CB80A32F4F3674DE816F09sha3_384: 71a843f4326fd0871ed3052672d1959ae9a022e60fe948b6799bfc630a82d10d9ecb5f533cdc404a6d0421e4216eb68dep_bytes: 0f9fc39966be21a7660fca64a1300000timestamp: 2005-07-30 10:56:51Version Info:
CompanyName: †SOFTWIN龝爋䉾᭓잉똴拳꺋麘쓻ヲ⎖펞뱠᫅○璭⨡鿚䧱午鏳氐䯺혿줉ꗡឯꦢꠕ᭷꒒ud8ceࣗΎ뒗繢㔨㿣 쥉䗧ျ뮱힡ᗟ販蘏鏊밞柠籀쭂udf6b껉嬘蘀Ჱ於搽ﴑﯸ䰾퐕댂禷뒖踕፭測麬ੌ沒뢽靓畈蛓作ᱷ䏧羢籀䎉毌䙪햬햝鳲ꄕ맃udf1f命뷶菮啐໕ֿỒ膆げ㔍㩏Ꮾⓥꑔ섶㗱ɏ抂寫쩅욲읐蚸⇀ẫ틊浜弎詷事쏻ᤗud8d7ᯢ◜蕢ⳙ眳玀爝࣠⦻න䱌ᮩ쬹笢㌂뛗飯Ẓ쓣udf75uda4bꥐபudb9d㱷㿓뫒쁊刉ud94aꎱ븈㱟溞崆㽙膒郉ࡊ鲀雲띺抁癛䐌ᾆ䝔迏宾캌ᘂ禒嬪왟駩䂖由㻥ྀudcbb㊜惂ᮎ娋鰦졝چ荒犑袽╖찚凗䈸쵢깿뻉ై쁉⊀倜먒䌼廅ꨄᏼ馂뫒ud8d1㫳䎔〪ᐤȷꃔ䪄᳟㳀㔔欐別餱Ԓኽ郜䤧⢋₃똺롬⣩툸䤗燆㐷맳哬蠬뫥帺ꄓꘊ䍘쀟땽旍ᄌ흵㤚偭㼼浸敶獲潩㵮ㄢ〮•湥潣楤杮∽呕ⵆ∸猠慴摮污湯㵥礢獥㼢ാ㰊獡敳扭祬砠汭獮∽牵㩮捳敨慭業牣獯景潣㩭獡ㅶ•慭楮敦瑳敖獲潩㵮ㄢ〮㸢†愼獳浥汢䥹敤瑮瑩൹ ††瘠牥楳湯∽⸱⸰⸰∰†††牰捯獥潳䅲捲楨整瑣牵㵥堢㘸ഢ ††渠浡㵥䴢物湡慤䴮物湡慤䴮物湡慤ഢ ††琠灹㵥眢湩㈳ഢ ⼠ാ 㰠敤捳楲瑰潩㹮䥑㱐搯獥牣灩楴湯ാ 㰠牴獵䥴普浸湬㵳產湲猺档浥獡洭捩潲潳瑦挭浯愺浳瘮∲ാ †㰠敳畣楲祴ാ ††㰠敲畱獥整偤楲楶敬敧㹳††††爼煥敵瑳摥硅捥瑵潩䱮癥汥†††††敬敶㵬愢䥳癮歯牥ഢ ††††甠䅩捣獥㵳昢污敳⼢ാ ††㰠爯煥敵瑳摥牐癩汩来獥ാ †㰠猯捥牵瑩㹹†⼼牴獵䥴普㹯⼼獡敳扭祬>:
Malware.AI.4210225086 also known as:
| Bkav | W32.AIDetect.malware1 |
| Lionic | Trojan.Win32.Generic.4!c |
| Elastic | malicious (high confidence) |
| Cynet | Malicious (score: 100) |
| FireEye | Generic.mg.c261a9090fd2e7d5 |
| CAT-QuickHeal | TrojanPWS.Zbot.Y10 |
| McAfee | PWS-Zbot.gen.avx |
| Cylance | Unsafe |
| VIPRE | Trojan.Win32.Zbot.im (v) |
| Sangfor | Trojan.Win32.Save.a |
| K7AntiVirus | Trojan ( 005110401 ) |
| Alibaba | Trojan:Win32/Kryptik.2af17899 |
| K7GW | Trojan ( 005110401 ) |
| CrowdStrike | win/malicious_confidence_100% (W) |
| VirIT | Trojan.Win32.Generic.BLFB |
| Cyren | W32/FakeAlert.OG.gen!Eldorado |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | a variant of Win32/Kryptik.ASLG |
| APEX | Malicious |
| ClamAV | Win.Trojan.4965888-1 |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| BitDefender | Trojan.Brsecmon.1 |
| NANO-Antivirus | Virus.Win32.Gen.ccmw |
| SUPERAntiSpyware | Trojan.Agent/Gen-Backdoor[Softwin] |
| MicroWorld-eScan | Trojan.Brsecmon.1 |
| Avast | Win32:MalOb-CK [Cryp] |
| Tencent | Win32.Trojan.Generic.Swkf |
| Ad-Aware | Trojan.Brsecmon.1 |
| Emsisoft | Trojan.Brsecmon.1 (B) |
| Comodo | Packed.Win32.Krap.hd@2nkc7n |
| DrWeb | Trojan.PWS.Panda.487 |
| Zillya | Trojan.Zbot.Win32.50227 |
| TrendMicro | TROJ_KRYPTK.SMM |
| McAfee-GW-Edition | BehavesLike.Win32.ZBot.ch |
| Sophos | Mal/Generic-R + Mal/Zbot-IM |
| SentinelOne | Static AI – Malicious PE |
| GData | Trojan.Brsecmon.1 |
| Jiangmin | Trojan/Generic.bdop |
| Webroot | W32.InfoStealer.Zeus |
| Avira | TR/Drop.Agent.awd.8 |
| MAX | malware (ai score=100) |
| Antiy-AVL | Trojan/Win32.AGeneric |
| Arcabit | Trojan.Brsecmon.1 |
| ZoneAlarm | HEUR:Trojan.Win32.Generic |
| Microsoft | PWS:Win32/Zbot |
| Acronis | suspicious |
| BitDefenderTheta | Gen:NN.ZexaF.34212.hW0@aapLbngI |
| ALYac | Trojan.Brsecmon.1 |
| VBA32 | Trojan.Zeus.EA.01000 |
| Malwarebytes | Malware.AI.4210225086 |
| TrendMicro-HouseCall | TROJ_KRYPTK.SMM |
| Rising | Trojan.Generic!8.C3 (CLOUD) |
| Yandex | Trojan.GenAsa!82C/2Sb/pGI |
| Ikarus | Trojan-Spy.Win32.Zbot |
| MaxSecure | Trojan.Malware.1487117.susgen |
| Fortinet | W32/Kryptik.AJ!tr |
| AVG | Win32:MalOb-CK [Cryp] |
| Cybereason | malicious.90fd2e |
| Panda | Generic Malware |
How to remove Malware.AI.4210225086?
- Download and install GridinSoft Anti-Malware.
- Open GridinSoft Anti-Malware and perform a “Standard scan“.
- “Move to quarantine” all items.
- Open “Tools” tab – Press “Reset Browser Settings“.
- Select proper browser and options – Click “Reset”.
- Restart your computer.
Leave a Comment