Malware

What is “Malware.AI.4217264585”?

Malware Removal

The Malware.AI.4217264585 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4217264585 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Code injection with CreateRemoteThread in a remote process
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Steals private information from local Internet browsers
  • Collects and encrypts information about the computer likely to send to C2 server
  • Attempts to modify browser security settings
  • Harvests credentials from local FTP client softwares
  • Collects information to fingerprint the system
  • Clears web history

How to determine Malware.AI.4217264585?



File Info:

name: C1B6E818BEFC6E76C7A0.mlw
path: /opt/CAPEv2/storage/binaries/3b4d32e2f865bf866b4060d0430bcd062b93d625e62e05881abe558441d27c97
crc32: BB14C705
md5: c1b6e818befc6e76c7a063caac9ae113
sha1: fb3a92b3798753903564429bd6e46db7639a224b
sha256: 3b4d32e2f865bf866b4060d0430bcd062b93d625e62e05881abe558441d27c97
sha512: b4b39796eb4d75a9eb4a84f59fe80c7f21ffc8cd150a202f1523533e84b309462a964568a39538fbbccfe20c8cda36f22a50eaeb19906d25cc2dfa1d650115e2
ssdeep: 3072:slR6wUyiUjDK6xOqIl3YNwZxWnXonqkL/Vrr:sl+D6Do3YOxgX4L/Vrr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14AB3124FE2627573F43285F60913AEC3D146CC799DB1D58BE4B92AE58C36AC98D2E403
sha3_384: 33ce324ff1c4b9efc810f0c4cdcb3184d013c00009273fef1be74b4ea72bc731931bf69da3dccf45adec3e3d964cd932
ep_bytes: 60be15d043008dbeeb3ffcff5783cdff
timestamp: 2004-02-24 21:10:20


Version Info:

0: [No Data]

Malware.AI.4217264585 also known as:

LionicTrojan.Win32.Zbot.l!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Generic.4838597
FireEyeGeneric.mg.c1b6e818befc6e76
ALYacTrojan.Generic.4838597
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.129190
SangforSpyware.Win32.Zbot.YW
K7AntiVirusSpyware ( 0055e3db1 )
AlibabaTrojanSpy:Win32/MalOb.bf831c1e
K7GWSpyware ( 0055e3db1 )
Cybereasonmalicious.8befc6
BitDefenderThetaAI:Packer.F203045A1F
VirITTrojan.Win32.Generic.WDU
CyrenW32/Zbot.AU.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Spy.Zbot.YW
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Zbot-12363
KasperskyTrojan-Spy.Win32.Zbot.apnb
BitDefenderTrojan.Generic.4838597
NANO-AntivirusTrojan.Win32.Zbot.bpzcx
AvastWin32:Malware-gen
TencentWin32.Trojan-spy.Zbot.Sxxu
Ad-AwareTrojan.Generic.4838597
EmsisoftTrojan.Generic.4838597 (B)
ComodoMalware@#mfxhxj0y9oni
DrWebTrojan.PWS.Panda.460
VIPREPacked.Win32.Zbot.gen.y.7 (v)
TrendMicroTROJ_ZBOT.BVP
McAfee-GW-EditionBehavesLike.Win32.Picsys.cc
SophosMal/Generic-R + Mal/Zbot-U
SentinelOneStatic AI – Malicious PE
GDataTrojan.Generic.4838597
JiangminTrojanSpy.Zbot.anmt
WebrootW32.Malware.Gen
AviraTR/Spy.Zbot.HN.3
Antiy-AVLTrojan/Generic.ASMalwS.9D49D5
KingsoftWin32.Troj.Zbot.YW.(kcloud)
GridinsoftRansom.Win32.Zbot.sa
ViRobotTrojan.Win32.A.Zbot.111616.AA[UPX]
MicrosoftPWS:Win32/Zbot
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zbot.R2049
McAfeePWS-Zbot.gen.pp
MAXmalware (ai score=99)
VBA32Trojan.Zeus.EA.0999
MalwarebytesMalware.AI.4217264585
TrendMicro-HouseCallTROJ_ZBOT.BVP
RisingTrojan.Crypto!8.364 (CLOUD)
YandexTrojan.GenAsa!/Llzp5N3LSI
IkarusTrojan-Spy.Agent
eGambitGeneric.Malware
FortinetW32/Zbot.U!tr
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.4217264585?

Malware.AI.4217264585 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment