Malware

Malware.AI.4237754430 information

Malware Removal

The Malware.AI.4237754430 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4237754430 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Performs HTTP requests potentially not found in PCAP.
  • Starts servers listening on 0.0.0.0:30091, :0, 127.0.0.1:21855
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Code injection with CreateRemoteThread in a remote process
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system

How to determine Malware.AI.4237754430?



File Info:

name: 392176A271009B007FD6.mlw
path: /opt/CAPEv2/storage/binaries/ff64d3b3ab8c21b3cf72c78043d1c34b8184f08a902bcabf985a2adaac8e4a35
crc32: 09554503
md5: 392176a271009b007fd66014be6fd3ae
sha1: 46ff887a8cd68c4b47010d8b0714243b0ce39361
sha256: ff64d3b3ab8c21b3cf72c78043d1c34b8184f08a902bcabf985a2adaac8e4a35
sha512: 934a92a0c398de876ddd2219521f80df7835e7c16fe796b75c53b4feb81110c9524a1e204f6bbdd9064af02d913f38a1cba34edfe1c7c1e3b6c156ba80a87834
ssdeep: 6144:oVfv2nDzOitZCEsu49lPJMgEZfErdkIyjGrC0y:oZhEq9jbEVEB1yjGrC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16764D162E9149FF9F0971BBB473727738C4D3E6A2E710982D1E0FC28287E590694867D
sha3_384: ca3f91e660ae1ffe2baeb38d68e2a5d66943b737e0602727ee649632690167831d10926a923ad9fcdad28210460eba12
ep_bytes: 558bec83ec48c745e000000000c745e8
timestamp: 2013-05-07 14:04:44


Version Info:

0: [No Data]

Malware.AI.4237754430 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.392176a271009b00
CAT-QuickHealTrojanPWS.Zbot.Y
McAfeePWS-Zbot-FATG!392176A27100
CylanceUnsafe
VIPRETrojan.Win32.Reveton.a (v)
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055dd191 )
AlibabaTrojanSpy:Win32/Kryptik.4ca20bf8
K7GWTrojan ( 0055dd191 )
CrowdStrikewin/malicious_confidence_100% (D)
BaiduWin32.Trojan.Kryptik.as
VirITTrojan.Win32.Crypt.BXQY
SymantecPacked.Generic.459
ESET-NOD32a variant of Win32/Kryptik.BANB
APEXMalicious
KasperskyTrojan-Spy.Win32.Zbot.wpli
BitDefenderTrojan.Agent.ECYO
NANO-AntivirusTrojan.Win32.Luder.dgjeut
MicroWorld-eScanTrojan.Agent.ECYO
AvastWin32:Karagany
TencentWin32.Trojan-spy.Zbot.Ljaf
EmsisoftTrojan.Agent.ECYO (B)
ComodoTrojWare.Win32.Kryptik.BES@4z5u7q
DrWebTrojan.PWS.Panda.4336
TrendMicroTROJ_KRYPTK.SML3
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.fc
SophosML/PE-A + Troj/Ransom-SY
SentinelOneStatic AI – Malicious PE
JiangminTrojanSpy.Zbot.fpmv
WebrootW32.Trojan.GenKDZ
AviraTR/Agent.3220487
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.2C5CF0
KingsoftHeur.SSC.2739014.1216.(kcloud)
MicrosoftPWS:Win32/Zbot!CI
ZoneAlarmTrojan-Spy.Win32.Zbot.wpli
GDataTrojan.Agent.ECYO
AhnLab-V3Worm/Win32.Luder.R66395
BitDefenderThetaGen:NN.ZexaF.34182.tGW@aKsNJLnc
ALYacTrojan.Agent.ECYO
VBA32TScope.Malware-Cryptor.SB
MalwarebytesMalware.AI.4237754430
TrendMicro-HouseCallTROJ_KRYPTK.SML3
RisingTrojan.Kryptik!8.8 (CLOUD)
YandexTrojan.GenAsa!9wKn/vry/+s
IkarusTrojan.Win32.ShipUp
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Lockscreen.LOA!tr
AVGWin32:Karagany
Cybereasonmalicious.271009
PandaTrj/Genetic.gen

How to remove Malware.AI.4237754430?

Malware.AI.4237754430 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment