Malware

About “Malware.AI.4222276729” infection

Malware Removal

The Malware.AI.4222276729 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4222276729 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities
  • Suspicious wmic.exe use was detected

Related domains:

wpad.local-net

How to determine Malware.AI.4222276729?



File Info:

name: 521E4B5FF016AEADCDE3.mlw
path: /opt/CAPEv2/storage/binaries/bb187f392cfd3e3ea4600c41a1d798d404b6600d44203636e0972ca149acdf33
crc32: A0B26580
md5: 521e4b5ff016aeadcde3f81869804317
sha1: 2a26684365993fec7ccada791622374961193ed7
sha256: bb187f392cfd3e3ea4600c41a1d798d404b6600d44203636e0972ca149acdf33
sha512: 257c346da3626e2dd9909d95c886e9debb5f799eba6e38dea2906e792cfaf7c8fd160c61f89d23c68d106337ee7b91c87bffe72b91c42cbebf8a9d782a928bd2
ssdeep: 12288:GYTQTYTYVRbtxoNY4pfPHM7NT/LnqsyoZgJ:BhYFuJ30Zjco
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EBB4E0A2BB42C462C15485F0CD3B9867E672BD4217104243B3DCFB9F2FB12D6E8669D6
sha3_384: 8100a9aeb0e40608918c5786122fa06ef608d90089360bc8c5f88d42deacea0950d1b99734430bd69a792712afa7edf0
ep_bytes: 68c800000068000000006818c34000e8
timestamp: 2011-03-25 13:17:42


Version Info:

0: [No Data]

Malware.AI.4222276729 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanDropped:Trojan.Generic.23060561
FireEyeGeneric.mg.521e4b5ff016aead
ALYacDropped:Trojan.Generic.23060561
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0048c3ee1 )
AlibabaWorm:Win32/Tiggre.69c4e8f8
K7GWTrojan ( 0048c3ee1 )
Cybereasonmalicious.ff016a
CyrenW32/Cerbu.P.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32VBS/Agent.NLU
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Agent.qwfdoz
BitDefenderDropped:Trojan.Generic.23060561
NANO-AntivirusTrojan.Win32.Generic.fdfrey
SUPERAntiSpywareTrojan.Agent/Generic
AvastWin32:Malware-gen
TencentWin32.Trojan.Agent.Srxe
Ad-AwareDropped:Trojan.Generic.23060561
SophosMal/Generic-S
ComodoTrojWare.Win32.CoinMiner.IEGT@57p1bc
DrWebTrojan.MulDrop8.29477
TrendMicroTrojan.Win32.DAPATO.AL
McAfee-GW-EditionBehavesLike.Win32.Kudj.hc
EmsisoftDropped:Trojan.Generic.23060561 (B)
IkarusPacked.Win32.Krap
GDataDropped:Trojan.Generic.23060561
WebrootW32.Trojan.GenKD
MAXmalware (ai score=99)
KingsoftWin32.Heur.KVM007.a.(kcloud)
MicrosoftTrojan:Win32/Tiggre!rfn
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.C2600065
Acronissuspicious
McAfeeArtemis!521E4B5FF016
VBA32Trojan.Witch
MalwarebytesMalware.AI.4222276729
TrendMicro-HouseCallTrojan.Win32.DAPATO.AL
RisingTrojan.Generic@ML.97 (RDMK:N8vAxYX5VJfQRcdvDtIY9Q)
YandexTrojan.GenAsa!Zi7ep0Wcoso
SentinelOneStatic AI – Malicious PE
FortinetW32/Agent.NLU!tr
AVGWin32:Malware-gen
PandaTrj/CI.A
MaxSecureTrojan.Malware.300983.susgen

How to remove Malware.AI.4222276729?

Malware.AI.4222276729 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment