Malware

Malware.AI.4235325498 removal tips

Malware Removal

The Malware.AI.4235325498 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4235325498 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Attempts to disable UAC
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.4235325498?



File Info:

name: FFB0F8B1066B742E7BB9.mlw
path: /opt/CAPEv2/storage/binaries/0d3eea521cdf10a9b1bfa8d78e39df2431bef44a028fcd08df8d26c802fad087
crc32: 96607795
md5: ffb0f8b1066b742e7bb9eaf5bcf0d25f
sha1: 9adeada466fc5eb76b51238612d89ce5a0337f5b
sha256: 0d3eea521cdf10a9b1bfa8d78e39df2431bef44a028fcd08df8d26c802fad087
sha512: a5e027e82995f7d0fae9ea5d85a52c2b457b88347fcaf565755dcd0cf9067e5771665eec36107360ea0348cd32a29842d3c3ea8a26d842fa98f3be01ec54132d
ssdeep: 6144:ddymWtV751hbG5wf+BAcj0qKHWYt7b4bdL+8tvz4AroSd:L6joBE3HXt70bNQAroSd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12B541297AF9D671BE2148B7059A3A91034B0FD4D8981865E3A1C327F2BF6D403638B7D
sha3_384: e48f7a6e628b957e9326fe3195479bc69964160653e435c56e7830b72650dc50f12f31064be03c83b7f5d493ebabbd61
ep_bytes: 60be000056008dbe0010eaff5789e58d
timestamp: 2011-02-26 03:05:13


Version Info:

Translation: 0x0409 0x04b0
Comments: YVYKEQEBR
CompanyName: HSHUPIBAV
FileDescription: WSLTGEJCN
ProductName: NMRAFFDID
FileVersion: 6.01.0015
ProductVersion: 6.01.0015
InternalName: vvumbzs
OriginalFilename: vvumbzs.exe

Malware.AI.4235325498 also known as:

Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.379
MicroWorld-eScanGen:Heur.ManBat.1
FireEyeGeneric.mg.ffb0f8b1066b742e
McAfeeGenericRXAA-FA!FFB0F8B1066B
CylanceUnsafe
K7AntiVirusTrojan ( 0021a0b51 )
K7GWTrojan ( 0021a0b51 )
Cybereasonmalicious.1066b7
BitDefenderThetaAI:Packer.326B303520
CyrenW32/Trojan.VUXZ-8627
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.EYU
ClamAVWin.Trojan.Vbkrypt-12994
KasperskyWorm.Win32.Shakblades.xrz
BitDefenderGen:Heur.ManBat.1
NANO-AntivirusTrojan.Win32.VBKrypt.eaielk
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b677d3
Ad-AwareGen:Heur.ManBat.1
SophosML/PE-A + Mal/VBCheMan-C
ZillyaTrojan.VBKrypt.Win32.62463
McAfee-GW-EditionBehavesLike.Win32.PWSSpyeye.dc
EmsisoftGen:Heur.ManBat.1 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.ManBat.1
JiangminTrojan/VBKrypt.awww
AviraTR/Dropper.Gen
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASMalwS.559AB8
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.VBKrypt.R174849
VBA32SScope.Trojan.VBRA.6747
ALYacGen:Heur.ManBat.1
MalwarebytesMalware.AI.4235325498
APEXMalicious
YandexTrojan.VBKrypt!3YpbQBSnuuI
IkarusTrojan.Win32.LockScreen
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.MQI!tr
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Malware.AI.4235325498?

Malware.AI.4235325498 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment