Malware

What is “Malware.AI.4221984541”?

Malware Removal

The Malware.AI.4221984541 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4221984541 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Enumerates running processes
  • Reads data out of its own binary image
  • Manipulates data from or to the Recycle Bin
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Korean
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to remove evidence of file being downloaded from the Internet
  • Writes a potential ransom message to disk
  • Attempts to delete or modify volume shadow copies
  • Deletes its original binary from disk
  • Exhibits behavior characteristic of Alphacrypt/Teslacrypt ransomware
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Attempts to identify installed AV products by registry key
  • Attempts to modify proxy settings
  • Attempts to ensure mapped drives are available from an elevated prompt or process with UAC enabled
  • Creates a known TeslaCrypt/AlphaCrypt ransomware decryption instruction / key file.
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.4221984541?



File Info:

name: C4AF0FCA9CF1E827CB89.mlw
path: /opt/CAPEv2/storage/binaries/8cd680b3b3984750ff64aa1421db7ccb21459cd02952bba1bf34c72456fb5d43
crc32: 00804656
md5: c558f21781b5dd424e7a00d6e69a27aa
sha1: eb9243785fc7634e859b82d569b6f7012360e8c5
sha256: 8cd680b3b3984750ff64aa1421db7ccb21459cd02952bba1bf34c72456fb5d43
sha512: 13564d86d2681d16f612282ccc354459d78555e54e259b3fa81bbb2aacd513b4c608c7c713ab79f17916ac6cd9fddbd766e7416401ca33404733e7dc99c53f5d
ssdeep: 6144:mZfXLTtD7dm5nq/LO3uJeZjZNlHVzC4RneDfpePsEwPBa2wUz:mZfXLTtD7dwnqCjZX1zC4Rn+p1E2Ba/6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17674BF2A2C113CB5DEEBD8B2DECB8D8887589B70D1711D1F0D48A5FE49C531EAA2C1E5
sha3_384: 00a9b5db7760131bcdb80dbbedb4bea86a234f735423655f3d39f4d205b917668c4c613d6f1aa9c9b53eac245ba6ae7a
ep_bytes: 558bec6aff6840c141006810bb410064
timestamp: 2005-12-15 21:45:30


Version Info:

CompanyName: Scanpoint Software
FileDescription: Scrapping
FileVersion: 15, 98, 233, 26
InternalName: Westernised
LegalCopyright: Sissy © 2050
OriginalFilename: Scoffing.exe
ProductName: Stylish Sunset

Malware.AI.4221984541 also known as:

LionicTrojan.Win32.Yakes.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ransom.1640
FireEyeGeneric.mg.c558f21781b5dd42
CAT-QuickHealRansom.TeslaCrypt.WR4
McAfeeTeslaCrypt!C558F21781B5
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004d41c61 )
AlibabaRansom:Win32/generic.ali2000010
K7GWTrojan ( 004d41c61 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34212.uq3@aGcvyloG
CyrenW32/Filecoder.CY.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.DVSY
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Yakes.nutx
BitDefenderGen:Variant.Ransom.1640
NANO-AntivirusTrojan.Win32.Yakes.eauvrh
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
AvastWin32:Malware-gen
TencentWin32.Trojan.Yakes.Sxee
Ad-AwareGen:Variant.Ransom.1640
SophosMal/Generic-R + Mal/Tinba-L
ComodoMalware@#6qomfyx2nrim
ZillyaTrojan.Kryptik.Win32.931243
TrendMicroTROJ_FRS.0NA103BL20
McAfee-GW-EditionBehavesLike.Win32.Dropper.fc
EmsisoftGen:Variant.Ransom.1640 (B)
IkarusTrojan.Win32.Crypt
GDataGen:Variant.Ransom.1640
JiangminTrojan.Yakes.acjj
WebrootW32.Gen.Bt
AviraHEUR/AGEN.1246129
GridinsoftRansom.Win32.TeslaCrypt.sa
ArcabitTrojan.Ransom.D668
ViRobotTrojan.Win32.Z.Crypt.343317
ZoneAlarmTrojan.Win32.Yakes.nutx
MicrosoftRansom:Win32/Tescrypt.C
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Lockycrypt.Gen
Acronissuspicious
VBA32BScope.Trojan.Yakes
ALYacGen:Variant.Ransom.1640
MAXmalware (ai score=100)
MalwarebytesMalware.AI.4221984541
TrendMicro-HouseCallTROJ_FRS.0NA103BL20
RisingTrojan.Kryptik!8.8 (CLOUD)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Deshacop.XO!tr
AVGWin32:Malware-gen
Cybereasonmalicious.781b5d
PandaTrj/Genetic.gen

How to remove Malware.AI.4221984541?

Malware.AI.4221984541 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment