What is “Malware.AI.4215031340”?

The Malware.AI.4215031340 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.4215031340 virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Malware.AI.4215031340?


File Info:
name: D525CBA1913928FFF410.mlw
path: /opt/CAPEv2/storage/binaries/f78e0f247ebdbf34d5d58ec29a0896d8382189d1dba7d5d71ebf23d5d5cf85ed
crc32: E6A3AFD3
md5: d525cba1913928fff41012adef6b6ab1
sha1: ea1aca18fc2c562bf59e5c73feb0877122c69569
sha256: f78e0f247ebdbf34d5d58ec29a0896d8382189d1dba7d5d71ebf23d5d5cf85ed
sha512: 38c179c432389c243e7313d1d2e7cf7fe1c9f1e20a63857f220370eac12bbdb4b8270b7bc7c2dcc79784d7b77dfaf7d52c6ae55550445dd177a2b5f4aa90ca08
ssdeep: 24576:9sZba8vUqftx+y3Nr2JkNce4l2DiiZgvqhxL:oG4UMx+2pOkNce4qii6g
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T1C265AE1BAB55AAE5F17ECD30C933A203F772B4488A31934B09B8D56F1E674E01E79319
sha3_384: 6376956c098655d70faa2f86577d74af71d31c178830e301293e2ad73dc1e6eef35cf64c91f34a3962a3590a7805b3c8
ep_bytes: 90554889e55648ffce57415441554156
timestamp: 1992-07-21 04:31:44

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Microsoft Application Virtualization Client Service
FileVersion: 10.0.17134.1276 (WinBuild.160101.0800)
InternalName: AppVClient.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: AppVClient.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1276
Translation: 0x0409 0x04b0

Malware.AI.4215031340 also known as:

Elastic	malicious (high confidence)
FireEye	Generic.mg.d525cba1913928ff
McAfee	W64/Expiro.a
Cylance	Unsafe
Zillya	Virus.Expiro.Win64.34
K7AntiVirus	Virus ( 0040f8071 )
K7GW	Virus ( 0040f8071 )
Cybereason	malicious.191392
Cyren	W64/Expiro.D!gen
Symantec	W64.Xpiro.F
ESET-NOD32	Win64/Expiro.AG
Baidu	Win64.Virus.Expiro.r
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Virus.Win64.Expiro.g
BitDefender	Win64.Expiro.Gen.3
NANO-Antivirus	Virus.Win64.Expiro.dtfhve
MicroWorld-eScan	Win64.Expiro.Gen.3
Avast	Win32:Expiro-DD
Tencent	Virus.Win64.Expiro.ad
Ad-Aware	Win64.Expiro.Gen.3
Sophos	ML/PE-A + W64/Expiro-S
DrWeb	Win64.Expiro.108
VIPRE	Virus.Win64.Expiro.gen.a (v)
TrendMicro	PE64_EXPIRO.AR
McAfee-GW-Edition	W64/Expiro.a
Emsisoft	Win64.Expiro.Gen.3 (B)
SentinelOne	Static AI – Malicious PE
GData	Win64.Expiro.Gen.3
Avira	W64/Expiro.AF
MAX	malware (ai score=87)
Antiy-AVL	Virus/Win64.Expiro.x
Arcabit	Win64.Expiro.Gen.3
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
AhnLab-V3	Win64/Expiro2.Gen
Acronis	suspicious
ALYac	Win64.Expiro.Gen.3
TACHYON	Virus/W64.Expiro.C
Malwarebytes	Malware.AI.4215031340
TrendMicro-HouseCall	PE64_EXPIRO.AR
Rising	Virus.Expiro!1.A140 (CLASSIC)
Ikarus	Virus.Win32.Expiro
MaxSecure	virus.win64.expiro.gen
Fortinet	W64/Expiro.Q
AVG	Win32:Expiro-DD
Panda	W32/Expiro.gen
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Malware.AI.4215031340?

Malware.AI.4215031340 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X