Malware

Should I remove “Malware.AI.4251911924”?

Malware Removal

The Malware.AI.4251911924 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4251911924 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Attempts to modify proxy settings

How to determine Malware.AI.4251911924?



File Info:

name: 7C40D48FBA3A14D645B9.mlw
path: /opt/CAPEv2/storage/binaries/2264fe1976b8b250b304d08ddd966f257987d3e7b1af96807d53d86487683903
crc32: 0D737045
md5: 7c40d48fba3a14d645b93a9f703291a7
sha1: 424c8d5ff5f719f33289aefc23267c33e4d2761e
sha256: 2264fe1976b8b250b304d08ddd966f257987d3e7b1af96807d53d86487683903
sha512: de831256317f3314122d335f768afd1682db51f5a9586fc83b891fe1929732888f54e2875d1aceb8ea1232b1d2504ccfb6f229049a0fee3cb9ac87572eb400a3
ssdeep: 12288:nbMEIMW21KBLJnx04mw68o/jf1pYF1P4hakJFr4/frtKm7t6ccJ+nMeeeNceeeeg:QEINoX8if1pU1P4kk/cfh5QJi/I
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AF15D07DDBD76E4CD2408874A704906EA6B2D24585FFE3A3AC1997394A3C3D24F81B27
sha3_384: eda20cf1811e76987aff0090f05c6aaed37a7287a0cd5502c718502e88a3e503f6ac7a26638469f970ede50552b36774
ep_bytes: 60be000064008dbe0010dcff5783cdff
timestamp: 2022-11-12 11:07:56


Version Info:

CompanyName: 
FileDescription: ShipDemo Microsoft 基础类应用程序
FileVersion: 1, 0, 0, 1
InternalName: ShipDemo
LegalCopyright: 版权所有 (C) 2000
LegalTrademarks: 
OriginalFilename: ShipDemo.EXE
ProductName: ShipDemo 应用程序
ProductVersion: 1, 0, 0, 1
Translation: 0x0804 0x04b0

Malware.AI.4251911924 also known as:

LionicTrojan.Win32.Babar.4!c
FireEyeGen:Variant.Babar.118765
McAfeeArtemis!7C40D48FBA3A
CylanceUnsafe
VIPREGen:Variant.Babar.118765
SangforTrojan.Win32.Agent.Vls0
K7AntiVirusTrojan ( 00515ade1 )
BitDefenderGen:Variant.Babar.118765
K7GWTrojan ( 00515ade1 )
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Kryptik.FVMQ
APEXMalicious
CynetMalicious (score: 99)
KasperskyBackdoor.Win32.Farfli.cfej
AlibabaBackdoor:Win32/Farfli.b789fd3c
MicroWorld-eScanGen:Variant.Babar.118765
AvastWin32:RATX-gen [Trj]
TencentWin32.Backdoor.Farfli.Etgl
Ad-AwareGen:Variant.Babar.118765
EmsisoftGen:Variant.Babar.118765 (B)
F-SecureHeuristic.HEUR/AGEN.1230362
TrendMicroTROJ_GEN.R002C0PKL22
McAfee-GW-EditionRDN/Generic BackDoor
Trapminesuspicious.low.ml.score
SophosMal/Generic-S
IkarusTrojan.Win32.Injector
GDataGen:Variant.Babar.118765
JiangminHeur:Backdoor/Agent
AviraHEUR/AGEN.1230362
MAXmalware (ai score=85)
Antiy-AVLTrojan/Win32.Kryptik
ArcabitTrojan.Babar.D1CFED
ZoneAlarmBackdoor.Win32.Farfli.cfej
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
BitDefenderThetaGen:NN.ZexaF.34796.1mKfaCBPLPpj
ALYacGen:Variant.Babar.118765
MalwarebytesMalware.AI.4251911924
TrendMicro-HouseCallTROJ_GEN.R002C0PKL22
RisingTrojan.Kryptik!8.8 (CLOUD)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.FVMQ!tr
AVGWin32:RATX-gen [Trj]
PandaTrj/Chgt.AA
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.4251911924?

Malware.AI.4251911924 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment