Malware

Malware.AI.4243950279 (file analysis)

Malware Removal

The Malware.AI.4243950279 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4243950279 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the EnigmaStub malware family
  • Anomalous binary characteristics

How to determine Malware.AI.4243950279?



File Info:

name: A4038F542977B25E857C.mlw
path: /opt/CAPEv2/storage/binaries/f95f15f8c78cc8eca5fcf1462799824a357c88a55cce3a82fd55edaa3c49358a
crc32: 0798D7B5
md5: a4038f542977b25e857cc4bb1bafd1f7
sha1: 27deef9b9f4fd2853237fd421b5f5baad18cd9e2
sha256: f95f15f8c78cc8eca5fcf1462799824a357c88a55cce3a82fd55edaa3c49358a
sha512: e5c1f8fbbea44a5ba5418e621315648acee03b0969e587bad575da849d956d22959801ddee2cb391161b6e9f2bf2811e5dc74d03d437b039cb3403d99ceb4eb9
ssdeep: 24576:jyZpYKXewt0LJ1+q7QRaa9rtdN7O0jaGYP2WZWQgb7IzV87Isf:jyZpTewi9keQYurN7TjaGYP3ZWQg8CIU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17155E1BEAE31C765D1288FB7AF9432BC19E68CEA9D9D325C769814DD05CF00D4863B84
sha3_384: f7f97d67910e1b59d9ba38e12dc7a61f47773f0754325cea84be65ef9331ad6597de2a13d6d8d7f623c2364f0ae0b0be
ep_bytes: 558bec83c4f0b800104000e801000000
timestamp: 2013-04-01 07:08:22


Version Info:

Translation: 0x0409 0x04b0
ProductName: Project1
FileVersion: 1.00
ProductVersion: 1.00
InternalName: TJprojMain
OriginalFilename: TJprojMain.exe

Malware.AI.4243950279 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.leZI
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Fragtor.17897
FireEyeGeneric.mg.a4038f542977b25e
McAfeeGenericRXAA-FA!A4038F542977
CylanceUnsafe
ZillyaTrojan.Generic.Win32.1049376
SangforTrojan.Win32.Save.a
K7AntiVirusP2PWorm ( 000dfe321 )
K7GWP2PWorm ( 000dfe321 )
Cybereasonmalicious.b9f4fd
BitDefenderThetaGen:NN.ZevbaF.34062.qz3@aSCOIudi
CyrenW32/SysVenFak.C.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.EnigmaProtector.J suspicious
TrendMicro-HouseCallTROJ_GEN.R002C0RL721
AvastWin32:MalwareX-gen [Trj]
ClamAVWin.Packed.Enigma-9831270-0
KasperskyVHO:Trojan.Win32.Writos.gen
BitDefenderGen:Variant.Fragtor.17897
TencentWin32.Trojan.Generic.Lizr
Ad-AwareGen:Variant.Fragtor.17897
SophosML/PE-A + Mal/Agent-AUZ
TrendMicroTROJ_GEN.R002C0RL721
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
EmsisoftGen:Variant.Fragtor.17897 (B)
Paloaltogeneric.ml
GDataGen:Variant.Fragtor.17897
JiangminTrojan.Generic.ficaq
AviraTR/Patched.Ren.Gen
Antiy-AVLTrojan/Generic.ASBOL.C669
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Fragtor.D45E9
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
Acronissuspicious
VBA32Trojan.Inject
ALYacGen:Variant.Fragtor.17897
MAXmalware (ai score=80)
MalwarebytesMalware.AI.4243950279
APEXMalicious
RisingPUF.Pack-Enigma!1.BA33 (CLASSIC)
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_100%
FortinetRiskware/Application
AVGWin32:MalwareX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (W)
MaxSecureVirus.W32.Agent.xjgj

How to remove Malware.AI.4243950279?

Malware.AI.4243950279 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment