Malware

About “Malware.AI.4241182415” infection

Malware Removal

The Malware.AI.4241182415 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4241182415 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Creates a copy of itself

How to determine Malware.AI.4241182415?



File Info:

name: EB24D56C04A677A8E78E.mlw
path: /opt/CAPEv2/storage/binaries/63c0c8062ad00a280190504d94565d4d48f3c48942ac08decc8be565587604ab
crc32: 73E24944
md5: eb24d56c04a677a8e78e6dd7eb14de9f
sha1: 9dee16f38ab74a48e8d507c641e50df2390ade49
sha256: 63c0c8062ad00a280190504d94565d4d48f3c48942ac08decc8be565587604ab
sha512: 5c2240dfa9a920712d41e23090010c86ece1878ff347e39798d0242aafe71ef6dbf6bb5fab17b994a205743e34d688e43cb0008dba1dcd15e08708951df97de0
ssdeep: 12288:vOQlxsC3Fs6i1TDIZnGU1bAuoM8Saw4EWoop0MSD/4h6sHhAEUWVQmcLPqF4y/yV:mQTsC3O31fIU0bxoq4EWlpa4htAEM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18CE423AF3B80CD4FD16D0871C26796F8644DFD2B5C99B1716280DABA7F62E449D8303A
sha3_384: 19a5f964f17f475746e1eda6c820d26e3a1d979fefddbda79ebfed324770dffc30bedc83cf5443a36e9f72f35059e8e5
ep_bytes: 60be00304d008dbe00e0f2ff5783cdff
timestamp: 2006-06-01 01:00:05


Version Info:

CompanyName: AVG Technologies CZ, s.r.o.
FileDescription: AVG Tray Monitor
FileVersion: 9.0.0.871
InternalName: avgtray
LegalCopyright: Copyright © 2010 AVG Technologies CZ, s.r.o.
OriginalFilename: avgtray.exe
ProductName: AVG Internet Security
ProductVersion: 9.0.0.871
PrivateBuild: Win32 Release_Unicode
SpecialBuild: Avg8VC8_2010_1109_133319(871), SVNRev 145063 (/branches/release/SmallUpdate9-12)
Translation: 0x0409 0x04e4

Malware.AI.4241182415 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader5.31223
CynetMalicious (score: 99)
FireEyeGeneric.mg.eb24d56c04a677a8
CAT-QuickHealWorm.SlenfBot.Gen
McAfeeArtemis!EB24D56C04A6
MalwarebytesMalware.AI.4241182415
VIPRETrojan.Win32.Kryptik.lbu (v)
SangforTrojan.Win32.Generic.137115
K7AntiVirusTrojan ( 0055dd191 )
AlibabaVirTool:Win32/Obfuscator.a2294ab9
K7GWTrojan ( 0055dd191 )
CrowdStrikewin/malicious_confidence_60% (W)
ArcabitTrojan.Ser.Razy.D2ECC
BitDefenderThetaGen:NN.ZexaF.34212.RmNfa8SRyojc
VirITTrojan.Win32.Generic.LJW
CyrenW32/Sefnit.G.gen!Eldorado
SymantecW32.Qakbot!gen5
ESET-NOD32a variant of Win32/Kryptik.LPD
TrendMicro-HouseCallWORM_KOLAB.SMB
ClamAVWin.Spyware.Zbot-1279
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Ser.Razy.11980
NANO-AntivirusTrojan.Win32.Pincav.jjuxi
SUPERAntiSpywareTrojan.Agent/Gen-FakeAVG
MicroWorld-eScanGen:Variant.Ser.Razy.11980
AvastWin32:Sefnit-O [Trj]
TencentMalware.Win32.Gencirc.11496d1e
Ad-AwareGen:Variant.Ser.Razy.11980
EmsisoftGen:Variant.Ser.Razy.11980 (B)
ComodoTrojWare.Win32.TrojanSpy.Zbot.G@2tckk5
ZillyaTrojan.Kryptik.Win32.1810967
TrendMicroWORM_KOLAB.SMB
McAfee-GW-EditionW32/Pinkslipbot.gen.ae
SophosMal/Generic-S
IkarusTrojan-PWS.Win32.Zbot
JiangminPacked.Krap.gpwm
WebrootW32.Infostealer.Gen
AviraTR/Agent.733808
Antiy-AVLTrojan[Packed]/Win32.Krap
KingsoftHeur.SSC.2809744.1216.(kcloud)
MicrosoftTrojan:Win32/Sefnit.G
ViRobotWorm.Win32.A.Net-Kolab.958976[UPX]
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Ser.Razy.11980
SentinelOneStatic AI – Malicious PE
AhnLab-V3Worm/Win32.Kolab.R3715
VBA32Trojan.Zeus.EA.0999
ALYacGen:Variant.Ser.Razy.11980
CylanceUnsafe
APEXMalicious
RisingWorm.Kolab!8.1C4D (CLOUD)
YandexTrojan.GenAsa!aj/jMlpwICk
MAXmalware (ai score=100)
MaxSecureTrojan.Malware.1728868.susgen
FortinetW32/Kryptik.NAS!tr
AVGWin32:Sefnit-O [Trj]
Cybereasonmalicious.c04a67
PandaBck/Qbot.AO

How to remove Malware.AI.4241182415?

Malware.AI.4241182415 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment