Malware

Malware.AI.4222945293 removal instruction

Malware Removal

The Malware.AI.4222945293 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4222945293 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Behavioural detection: Injection (inter-process)
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Installs itself for autorun at Windows startup
  • Attempts to modify Explorer settings to prevent file extensions from being displayed
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.4222945293?



File Info:

name: 2650D10DBF9DD24A209A.mlw
path: /opt/CAPEv2/storage/binaries/a19c104fdef788747a7bf5461b451c2b05768588bf7c4c6aded63074d662c7ac
crc32: 1BFB79D2
md5: 2650d10dbf9dd24a209a3ba8d54144b8
sha1: 18b8a10e2bc8d6622e966fe2797ceb273edf125e
sha256: a19c104fdef788747a7bf5461b451c2b05768588bf7c4c6aded63074d662c7ac
sha512: d9277c680d0737507fa1ddd436d01a36b95994bcb788572e81c47371f5efd4361ae6672aac51ed5ae39f3634da011013db52be581b173a6eba4e11e8d0cadc2c
ssdeep: 6144:tafSjIQMCNb7VDCNDFRBXAVDCNDFRBXAVDCNDFRBXAVDCNDFRBXAVDCNDFRBXAV9:tVEQNXVCDiVCDiVCDiVCDiVCDiVCDiVp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14F74F1A32F80171AE38C83BA1DF189797E377F211606CA50717CA715FB753A5A6E4322
sha3_384: 0d07e7e1ffb5b33af6bcdd9ab2f32b6d87ea554f50f478916eab20bd2507ddc3e42bc669da9a312c9529900f33db0b4d
ep_bytes: 68a0184000e8f0ffffff000000000000
timestamp: 2010-07-25 05:15:22


Version Info:

0: [No Data]

Malware.AI.4222945293 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Doina.36444
FireEyeGeneric.mg.2650d10dbf9dd24a
McAfeeArtemis!2650D10DBF9D
CylanceUnsafe
Sangfor[MICROSOFT VISUAL BASIC V6.0]
K7AntiVirusNetWorm ( 700000151 )
BitDefenderGen:Variant.Doina.36444
K7GWNetWorm ( 700000151 )
Cybereasonmalicious.dbf9dd
BitDefenderThetaAI:Packer.FE2E6ED91F
CyrenW32/Staget.B.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Spy.Chekafev.AG
BaiduWin32.Trojan.Inject.j
TrendMicro-HouseCallTROJ_CHEKAF.SMIA
ClamAVWin.Trojan.Staget-174
KasperskyTrojan.Win32.SelfDel.hkcd
NANO-AntivirusTrojan.Win32.KillProc.eeogga
APEXMalicious
RisingSpyware.Chekafev!8.1194 (RDMK:cmRtazqQbC1V3CPCWSeefQC7AF/m)
Ad-AwareGen:Variant.Doina.36444
SophosML/PE-A + Mal/Behav-216
ComodoPacked.Win32.MPEC.Gen@2oey7k
DrWebBackDoor.Generic.3106
ZillyaTrojan.Genome.Win32.131261
TrendMicroTROJ_CHEKAF.SMIA
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
EmsisoftGen:Variant.Doina.36444 (B)
IkarusTrojan-PSW.OnlineGames
GDataGen:Variant.Doina.36444
JiangminTrojan/Genome.cuge
AviraTR/Dropper.Gen
MAXmalware (ai score=82)
KingsoftWin32.Heur.KVM006.a.(kcloud)
ArcabitTrojan.Doina.D8E5C
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.SelfDel.R488499
VBA32BScope.Trojan.KillProc
MalwarebytesMalware.AI.4222945293
PandaTrj/Genetic.gen
YandexTrojan.Genome!R1vHueP7BWU
SentinelOneStatic AI – Malicious PE
FortinetW32/Chekafev.AG!tr
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.4222945293?

Malware.AI.4222945293 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment