Malware

Malware.AI.4229417596 (file analysis)

Malware Removal

The Malware.AI.4229417596 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Malware.AI.4229417596 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Telugu
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Accessed credential storage registry keys
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Malware.AI.4229417596?


File Info:

name: 4619FAB1EFD626A39C00.mlw
path: /opt/CAPEv2/storage/binaries/f850d65be53a92ab12c2bf3c6242f8df16ec7a59025c7cc17773252062d6bbf9
crc32: 35BAC6DB
md5: 4619fab1efd626a39c0089051a5ce06c
sha1: 0a456bb2c9ed30c7eae69c0cd1049bcdc0f1b8b5
sha256: f850d65be53a92ab12c2bf3c6242f8df16ec7a59025c7cc17773252062d6bbf9
sha512: 3869c7fbd5cc0465fa488cb600bcb938587558d8093ca384c7f4bad9d0d39a9265efad26a13678d0b5a7f9a07a9ccc0ae7c409d1dff43e3179851aa3b29b1264
ssdeep: 3072:B8nfZHyUIq/I8niI7Uz9/6V8oYJlP5CC5+83i:QIUIf8ipz9yeLrPQwM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T176D3010BE5C5E1B5F1984E70C9579EF623A58C13F679A13FA84C3E49B97ACE20C420A1
sha3_384: ed970c10ee46f152c2c3d0c801b922069efe9e678376833e26aae433d5a75312b48a9c6eb8cc74bb5735004d94f3804c
ep_bytes: b9005006005135eebeaadedbf19203c4
timestamp: 2010-10-18 17:01:44

Version Info:

Comments: Credits: Ravi, Ragu Raja, Build Rao
CompanyName: WebToGo Mobiles Internet GmbH
FileDescription: Internet Everywhere
FileVersion: 1, 0, 0, 1
InternalName: Internet Everywhere
LegalCopyright: Copyright (C) 2006
LegalTrademarks:
OriginalFilename: OneClickAssistant.exe
PrivateBuild: 02 March 2007
ProductName: Internet Everywhere
ProductVersion: 1, 0, 0, 1
SpecialBuild:
Translation: 0x0409 0x04b0

Malware.AI.4229417596 also known as:

LionicWorm.Win32.Ardurk.kYSj
ClamAVWin.Trojan.Kazy-22
FireEyeGeneric.mg.4619fab1efd626a3
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.32581
SangforTrojan.Win32.Generic.ky
AlibabaTrojanSpy:Win32/Inject.9ade1a68
Cybereasonmalicious.1efd62
VirITTrojan.Win32.Panda.UM
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Spy.Zbot.YW
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Panda.dhaur
AvastWin32:Konar-B [Trj]
TencentMalware.Win32.Gencirc.114b543b
TACHYONTrojan-Spy/W32.ZBot.131584.BS
ComodoMalware@#2d4ln43c3vqh3
DrWebTrojan.PWS.Panda.532
TrendMicroTSPY_OBFUSCATED_CD1030CB.RDXN
McAfee-GW-EditionArtemis!Trojan
Trapminesuspicious.low.ml.score
SophosATK/Behav-321
SentinelOneStatic AI – Malicious PE
JiangminTrojanSpy.Zbot.aqfi
WebrootVir.Tool.Gen
AviraTR/VB.Inject.ajax
Antiy-AVLTrojan/Generic.ASMalwS.31
KingsoftWin32.Troj.Zbot.mk.(kcloud)
MicrosoftVirTool:Win32/VBInject
GoogleDetected
AhnLab-V3Spyware/Win32.Zbot.R2562
McAfeeGenericRXAA-AA!4619FAB1EFD6
VBA32Malware-Cryptor.Inject.gen
MalwarebytesMalware.AI.4229417596
TrendMicro-HouseCallTSPY_OBFUSCATED_CD1030CB.RDXN
RisingTrojan.Generic@AI.100 (RDML:uWuC+j90HW3F9QSkTgmSmA)
YandexTrojanSpy.Zbot!DXRntGcD1+c
IkarusTrojan-Dropper.SuspectCRC
FortinetW32/Kryptik.HTQ!tr
BitDefenderThetaGen:NN.ZexaF.34592.im0@aq2COVfO
AVGWin32:Konar-B [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Malware.AI.4229417596?

Malware.AI.4229417596 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment