Malware

What is “Malware.AI.4231622848”?

Malware Removal

The Malware.AI.4231622848 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4231622848 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Terminates another process
  • Possible date expiration check, exits too soon after checking local time
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • Anomalous file deletion behavior detected (10+)
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Behavioural detection: PlugX
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Creates known PlugX mutexes
  • Anomalous binary characteristics

How to determine Malware.AI.4231622848?



File Info:

name: B6A853121B4DDC325542.mlw
path: /opt/CAPEv2/storage/binaries/a44e6fa472b3d5e0b09fdd2a2b92a70179c13287d6c30f3d798c2814c113315b
crc32: 85CFEBF5
md5: b6a853121b4ddc325542ab60442452b5
sha1: 348bb5122cda39fc2d949c42c1ec8bd7146113d8
sha256: a44e6fa472b3d5e0b09fdd2a2b92a70179c13287d6c30f3d798c2814c113315b
sha512: 77f1756ea7209bef2059f655a84dc9a6128401531620fbdc9165f60d819c2cf5c33faba0b8081fc9ba541837a8ab4ca1115a2a13d64d1f21d7e43bbac4ffaf09
ssdeep: 6144:su2urzh9xu/XkauF5JgPTj+u03Xte7eDzMgW31KIC/QYOwCXws:sutrzh9xOXkWXX0NbzMgWwIC/Q7wFs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16444016776D180BBD9412030AFAC33AAE2BCD6345665A907FBA1190D7F207D3970E993
sha3_384: 8589643358dff74bb92ad32d361bf485b3f7f5ba8ba37e9d4c692c2039b59beb740068de6c33893ee42b62497d42800c
ep_bytes: e8e3feffff33c050505050e8be2b0000
timestamp: 2010-03-15 06:27:50


Version Info:

0: [No Data]

Malware.AI.4231622848 also known as:

LionicTrojan.Win32.Gulpix.m!c
Elasticmalicious (moderate confidence)
MicroWorld-eScanTrojan.GenericKD.61031205
ALYacTrojan.GenericKD.61031205
CylanceUnsafe
VIPRETrojan.GenericKD.61031205
SangforBackdoor.Win32.Gulpix.V98x
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.GenericKD.61031205
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.21b4dd
ArcabitTrojan.Generic.D3A34325
VirITBackdoor.Win32.Genus.VTA
CyrenW32/ABRisk.QJXA-3492
SymantecTrojan.Gen.MBT
ESET-NOD32Win32/Korplug.AT
AvastVBS:Malware-gen
ClamAVWin.Trojan.Mikey-9958102-0
KasperskyBackdoor.Win32.Gulpix.ir
AlibabaBackdoor:Win32/Gulpix.e32f96d9
NANO-AntivirusTrojan.Win32.Gulpix.brltdj
ViRobotBackdoor.Win32.Z.Gulpix.260842
RisingBackdoor.Gulpix!8.3DA (CLOUD)
Ad-AwareTrojan.GenericKD.61031205
SophosMal/Generic-S
ComodoMalware@#3l96om7380x9
DrWebTrojan.Click2.57518
ZillyaBackdoor.Gulpix.Win32.480
TrendMicroBKDR_PLUGX.BT
McAfee-GW-EditionBackDoor-FBUS!dat
Trapminemalicious.high.ml.score
FireEyeTrojan.GenericKD.61031205
EmsisoftTrojan.GenericKD.61031205 (B)
IkarusTrojan.Win32.Turla
JiangminBackdoor/Gulpix.o
AviraBDS/Rogue.791674
Antiy-AVLTrojan/Generic.ASMalwS.18EA
KingsoftWin32.Hack.Gulpix.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataTrojan.GenericKD.61031205
CynetMalicious (score: 99)
AhnLab-V3Win-Trojan/Agent.251282
McAfeeArtemis!B6A853121B4D
VBA32Backdoor.Gulpix
MalwarebytesMalware.AI.4231622848
PandaTrj/Chgt.AD
TrendMicro-HouseCallBKDR_PLUGX.BT
TencentWin32.Backdoor.Gulpix.Pgmq
MAXmalware (ai score=82)
FortinetW32/Gulpix.IR!tr.bdr
BitDefenderThetaGen:NN.ZedlaF.34582.dq4@aKSxFCk
AVGVBS:Malware-gen
Paloaltogeneric.ml

How to remove Malware.AI.4231622848?

Malware.AI.4231622848 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment