Categories: Malware

Malware.AI.4229417596 (file analysis)

The Malware.AI.4229417596 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Malware.AI.4229417596 virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Telugu
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
Accessed credential storage registry keys
Collects information to fingerprint the system
Anomalous binary characteristics

How to determine Malware.AI.4229417596?


File Info:
name: 4619FAB1EFD626A39C00.mlwpath: /opt/CAPEv2/storage/binaries/f850d65be53a92ab12c2bf3c6242f8df16ec7a59025c7cc17773252062d6bbf9crc32: 35BAC6DBmd5: 4619fab1efd626a39c0089051a5ce06csha1: 0a456bb2c9ed30c7eae69c0cd1049bcdc0f1b8b5sha256: f850d65be53a92ab12c2bf3c6242f8df16ec7a59025c7cc17773252062d6bbf9sha512: 3869c7fbd5cc0465fa488cb600bcb938587558d8093ca384c7f4bad9d0d39a9265efad26a13678d0b5a7f9a07a9ccc0ae7c409d1dff43e3179851aa3b29b1264ssdeep: 3072:B8nfZHyUIq/I8niI7Uz9/6V8oYJlP5CC5+83i:QIUIf8ipz9yeLrPQwMtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T176D3010BE5C5E1B5F1984E70C9579EF623A58C13F679A13FA84C3E49B97ACE20C420A1sha3_384: ed970c10ee46f152c2c3d0c801b922069efe9e678376833e26aae433d5a75312b48a9c6eb8cc74bb5735004d94f3804cep_bytes: b9005006005135eebeaadedbf19203c4timestamp: 2010-10-18 17:01:44
Version Info:
Comments: Credits: Ravi, Ragu Raja, Build RaoCompanyName: WebToGo Mobiles Internet GmbHFileDescription: Internet EverywhereFileVersion: 1, 0, 0, 1InternalName: Internet EverywhereLegalCopyright: Copyright (C) 2006LegalTrademarks: OriginalFilename: OneClickAssistant.exePrivateBuild: 02 March 2007ProductName: Internet EverywhereProductVersion: 1, 0, 0, 1SpecialBuild: Translation: 0x0409 0x04b0

Malware.AI.4229417596 also known as:

Lionic	Worm.Win32.Ardurk.kYSj
ClamAV	Win.Trojan.Kazy-22
FireEye	Generic.mg.4619fab1efd626a3
Cylance	Unsafe
Zillya	Trojan.Zbot.Win32.32581
Sangfor	Trojan.Win32.Generic.ky
Alibaba	TrojanSpy:Win32/Inject.9ade1a68
Cybereason	malicious.1efd62
VirIT	Trojan.Win32.Panda.UM
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Spy.Zbot.YW
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
NANO-Antivirus	Trojan.Win32.Panda.dhaur
Avast	Win32:Konar-B [Trj]
Tencent	Malware.Win32.Gencirc.114b543b
TACHYON	Trojan-Spy/W32.ZBot.131584.BS
Comodo	Malware@#2d4ln43c3vqh3
DrWeb	Trojan.PWS.Panda.532
TrendMicro	TSPY_OBFUSCATED_CD1030CB.RDXN
McAfee-GW-Edition	Artemis!Trojan
Trapmine	suspicious.low.ml.score
Sophos	ATK/Behav-321
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanSpy.Zbot.aqfi
Webroot	Vir.Tool.Gen
Avira	TR/VB.Inject.ajax
Antiy-AVL	Trojan/Generic.ASMalwS.31
Kingsoft	Win32.Troj.Zbot.mk.(kcloud)
Microsoft	VirTool:Win32/VBInject
Google	Detected
AhnLab-V3	Spyware/Win32.Zbot.R2562
McAfee	GenericRXAA-AA!4619FAB1EFD6
VBA32	Malware-Cryptor.Inject.gen
Malwarebytes	Malware.AI.4229417596
TrendMicro-HouseCall	TSPY_OBFUSCATED_CD1030CB.RDXN
Rising	Trojan.Generic@AI.100 (RDML:uWuC+j90HW3F9QSkTgmSmA)
Yandex	TrojanSpy.Zbot!DXRntGcD1+c
Ikarus	Trojan-Dropper.SuspectCRC
Fortinet	W32/Kryptik.HTQ!tr
BitDefenderTheta	Gen:NN.ZexaF.34592.im0@aq2COVfO
AVG	Win32:Konar-B [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (D)