Malware

What is “Malware.AI.4242595214”?

Malware Removal

The Malware.AI.4242595214 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4242595214 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • .NET file is packed/obfuscated with SmartAssembly
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup
  • CAPE detected the NetWire malware family
  • Unusual version info supplied for binary

How to determine Malware.AI.4242595214?



File Info:

name: 6F1D5C57B3B415EDC376.mlw
path: /opt/CAPEv2/storage/binaries/f9f90557fca9b219f73f55e987ba8d5ff40e623143a3a05c77287634a9708486
crc32: BF5314FB
md5: 6f1d5c57b3b415edc3767b079999dd50
sha1: 4c93812daff305a4a9942613f0a9f2ee2120d187
sha256: f9f90557fca9b219f73f55e987ba8d5ff40e623143a3a05c77287634a9708486
sha512: 67e03f909bb6ae0361c80e3c4921e86f38d67237f8da22fd83e3ee51dc70b7a9f6859f990810de2fd9dc5823f6771d0ef37cf231c6bf3af433863e203958c59c
ssdeep: 6144:X6d30w6+NhJWgmRA5OzXlppA4ro/R+nXEUiwgk86mCdyEFN2:X6d16HA5OzxroAnXEjY86HlN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18B84BF5133EB1F56E3AB1B31D6B011644B39A494A5CDEB0F408905B87C623DBFAA3B17
sha3_384: 317b01581aa73d8c402edf34d1537202ed8f6ac2a91b25e00dbf84c3dbb1b425622ba6337325d29206e2f599c5decb0e
ep_bytes: ff250020400000000000000000000000
timestamp: 2016-05-29 14:11:29


Version Info:

CompanyName: Msc Info
FileDescription: Msc Info
FileVersion: 11.25.1.21
InternalName: File.exe
LegalCopyright: Copyright ©  Msc Info Microsoft 2016
LegalTrademarks: File
OriginalFilename: File .exe
ProductName: File
ProductVersion: 11.25.1.21
Assembly Version: 22.11.32.85
Comments: Modified by an unpaid evaluation copy of Resource Tuner 2 (www.heaventools.com)
Translation: 0x0000 0x04b0

Malware.AI.4242595214 also known as:

LionicTrojan.Win32.Generic.lWDB
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Tedy.176746
FireEyeGeneric.mg.6f1d5c57b3b415ed
McAfeeGeneric.dvp
CylanceUnsafe
ZillyaTrojan.Weecnaw.Win32.424
SangforSuspicious.Win32.Save.a
K7AntiVirusSpyware ( 0055e3db1 )
AlibabaBackdoor:Win32/NetWiredRC.2e9fc1c0
K7GWSpyware ( 0055e3db1 )
Cybereasonmalicious.7b3b41
SymantecTrojan.Netweird.B
ESET-NOD32Win32/Spy.Weecnaw.A
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Netwire-6601932-1
KasperskyBackdoor.Win32.NetWiredRC.cou
BitDefenderGen:Variant.Tedy.176746
NANO-AntivirusTrojan.Win32.KeyLogger.dbtqtm
AvastWin32:Malware-gen
TencentWin32.Backdoor.Netwire.Auto
Ad-AwareGen:Variant.Tedy.176746
EmsisoftTrojan.Generic (A)
ComodoMalware@#s8cbdl9pfh9f
F-SecureTrojan.TR/Spy.Weecnaw.kgztt
DrWebTrojan.PWS.Spy.19759
VIPREGen:Variant.Tedy.176746
TrendMicroBKDR_NETWIRED.AUVO
McAfee-GW-EditionGeneric.dvp
Trapminemalicious.high.ml.score
SophosMal/Generic-R + Troj/NetWire-ON
IkarusTrojan-Spy.Agent
GDataGen:Variant.Tedy.176746
JiangminBackdoor.NetWiredRC.ps
WebrootW32.Trojan.GenKD
AviraTR/Spy.Weecnaw.kgztt
Antiy-AVLTrojan/Generic.ASMalwS.2FFF
KingsoftWin32.Hack.NetWiredRC.c.(kcloud)
ArcabitTrojan.Tedy.D2B26A
ViRobotTrojan.Win32.S.Netwiredrc.388096
ZoneAlarmBackdoor.Win32.NetWiredRC.cou
MicrosoftTrojanSpy:Win32/Skeeyah.A!rfn
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Pwstealer.C2154537
BitDefenderThetaGen:NN.ZemsilF.34582.xm0@aGjwMjn
ALYacBackdoor.RAT.Netwire
MAXmalware (ai score=100)
VBA32Backdoor.NetWiredRC
MalwarebytesMalware.AI.4242595214
TrendMicro-HouseCallBKDR_NETWIRED.AUVO
RisingBackdoor.NetWiredRC!8.2AF (CLOUD)
YandexBackdoor.NetWiredRC!OD89ffqyEzM
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Generic.DN.4A3E1F!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.4242595214?

Malware.AI.4242595214 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment