Categories: Malware

Malware.AI.4237424912 malicious file

The Malware.AI.4237424912 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Malware.AI.4237424912 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Attempts to connect to a dead IP:Port (1 unique times)
Scheduled file move on reboot detected
Yara rule detections observed from a process memory dump/dropped files/CAPE
Presents an Authenticode digital signature
Dynamic (imported) function loading detected
Enumerates running processes
CAPE extracted potentially suspicious content
Drops a binary and executes it
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Deletes its original binary from disk
Installs itself for autorun at Windows startup
CAPE detected the Zegost malware family

Related domains:

crl.verisign.com

How to determine Malware.AI.4237424912?


File Info:
name: 820718AF2639E946489C.mlwpath: /opt/CAPEv2/storage/binaries/11267a2abb2846c3e7bd6f6b69bef1a1958b4e40180548262df6e16d333e9950crc32: 368F54C3md5: 820718af2639e946489c35182266a30csha1: 479e8a71370a51f2dc07e4f19ebcf5c5e00c52casha256: 11267a2abb2846c3e7bd6f6b69bef1a1958b4e40180548262df6e16d333e9950sha512: cbe2a536e6eba1cb2ebb7e5bcd1efd1220508e3e65c36e84eebdef734557ac85e624bd0edc27e8f33b2186e2cb27ca9bd0ab9502d9ceeec76fc64e853b97f7e6ssdeep: 12288:PGXqG/H1k6hUvoNUrIE33T5zTTlL9O3ZO6epkflNaGD0u74tt+3hJLGgFqLh:PZwk6hUv/sEnnL6zLaGD46LLGnNtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1DCF423C1EB53E7E1C8EF4D38920FFB6546742502AE00095779E68E58BDFC3A2335568Asha3_384: 2b91bf013a65893ed2637dd0a42882b1afc3f1bf155c12f7905eb48cffe849a9b2fa60db667ec650be682fe6ed0f47e5ep_bytes: 60be00204c008dbe00f0f3ff5783cdfftimestamp: 2019-11-09 18:24:07
Version Info:
FileVersion: 1.0.0.0FileDescription: Windows 配置程序ProductName: Windows 核心进程ProductVersion: 1.0.0.0LegalCopyright: 作者版权所有 请尊重并使用正版Comments: 本程序使用易语言编写(http://www.eyuyan.com)Translation: 0x0804 0x04b0

Malware.AI.4237424912 also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Convagent.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.820718af2639e946
CAT-QuickHeal	Trojan.GenericRI.S23102915
McAfee	GenericRXAA-AA!820718AF2639
Cylance	Unsafe
Zillya	Trojan.Siscos.Win32.6092
Sangfor	Trojan.Win32.Convagent.gen
K7AntiVirus	Trojan ( 00521b151 )
Alibaba	Trojan:Win32/Starter.ali2000005
K7GW	Trojan ( 00521b151 )
Cybereason	malicious.f2639e
Cyren	W32/FlyAgent.C.gen!Eldorado
Symantec	Backdoor.Zegost
ESET-NOD32	a variant of Win32/Flyagent.NGX
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Dropper.Gh0stRAT-9789289-0
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Trojan.GenericKD.38161731
NANO-Antivirus	Virus.Win32.Agent.dvixmz
MicroWorld-eScan	Trojan.GenericKD.38161731
Avast	FileRepMalware
Tencent	Malware.Win32.Gencirc.10cf88b3
Ad-Aware	Trojan.GenericKD.38161731
Emsisoft	Trojan.GenericKD.38161731 (B)
DrWeb	Trojan.DownLoader30.33448
TrendMicro	TROJ_GEN.R049C0DKR21
McAfee-GW-Edition	BehavesLike.Win32.Generic.bc
Sophos	Mal/Generic-S
SentinelOne	Static AI – Malicious PE
GData	Win32.Application.PUPStudio.A
Jiangmin	Trojan.Generic.creop
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.34D1069
Gridinsoft	Ransom.Win32.Sabsik.sa
ViRobot	Trojan.Win32.Z.Fragtor.792288.A
Microsoft	Backdoor:Win32/Zegost.CI!bit
TACHYON	Trojan/W32.Siscos.1328352
AhnLab-V3	Trojan/Win32.Generic.C1664814
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.34062.WmMfaC19gaab
ALYac	Trojan.GenericKD.38161731
MAX	malware (ai score=83)
VBA32	BScope.Trojan.Dynamer
Malwarebytes	Malware.AI.4237424912
TrendMicro-HouseCall	TROJ_GEN.R049C0DKR21
Rising	Trojan.Kryptik!1.AAD1 (CLASSIC)
Yandex	Trojan.Siscos!w+S2K7z1Mhs
Ikarus	Trojan.Win32.FlyAgent
eGambit	Unsafe.AI_Score_100%
Fortinet	W32/CoinMiner.BELF!tr
AVG	FileRepMalware
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_60% (D)
MaxSecure	Dropper.Dinwod.frindll