Malware

About “Malware.AI.4254677894” infection

Malware Removal

The Malware.AI.4254677894 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4254677894 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Malware.AI.4254677894?



File Info:

name: 16574F105FB9DD2D35E2.mlw
path: /opt/CAPEv2/storage/binaries/f7173b70a72d936154de66e5b781ee3496855469c27758ebae049bdb592f7d9f
crc32: 46B3C080
md5: 16574f105fb9dd2d35e28a481aee16e9
sha1: b5b6ae4a2e13ff65103a7f6085988ef94f5298b2
sha256: f7173b70a72d936154de66e5b781ee3496855469c27758ebae049bdb592f7d9f
sha512: 1a148adfdf61caca8b3534b960a4d05e74034b183d3d24de49592605b49f56abbb0f94a115e7e0b5dd221bf24748052ab651f5851c05dc97ea1ae14ccdb57af0
ssdeep: 196608:HBNX+UscN9nunQ6hV2XX58CTiKmNtLeSwYuaEqYQ43MSstg3iREA5HxVIIh8YBo+:H6WniHb2WJxMS/r9nto8oYL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T150C6336664D223F5ED92AC35190BB0E0598C3C4B7CD830681F5AD6B5AE36DC3DE85E07
sha3_384: 948b3da021a54ace3b804ffc3079e51aa965177b296d97bd64a9bcf529734338186ac6dfe45fffcc14650cf7c9cd615d
ep_bytes: 60be005077008dbe00c0c8ff57eb0b90
timestamp: 2021-07-26 12:28:06


Version Info:

Comments: 
CompanyName: Install Assist
FileDescription: Ms-Zip Install Assistant
FileVersion: 8.5.1.0
InternalName: MsZipInstall.exe
LegalCopyright: Copyright (c) 2021 Ms-Zip
OriginalFilename: MsZipInstall.exe.exe
ProductName: MsZipInstall.exe
ProductVersion: 8.5.1.0
Translation: 0x0804 0x04b0

Malware.AI.4254677894 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Application.Razy.862401
FireEyeGen:Variant.Application.Razy.862401
ALYacGen:Variant.Application.Razy.862401
CylanceUnsafe
ZillyaTool.YouXun.Win32.1459
SangforPUP.Win32.YXdown.baz
AlibabaDownloader:Win32/YXdown.3ce0015e
K7GWRiskware ( 005883931 )
K7AntiVirusRiskware ( 005883931 )
BitDefenderThetaGen:NN.ZexaF.34232.@pLfamV7eDnj
CyrenW32/Trojan.LISE-0973
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/RiskWare.YouXun.AE
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Roxer-9787868-0
Kasperskynot-a-virus:Downloader.Win32.YXdown.baz
BitDefenderGen:Variant.Application.Razy.862401
AvastWin32:Malware-gen
TencentPua:Adware.Win32.Ddlives.16000016
Ad-AwareGen:Variant.Application.Razy.862401
EmsisoftGen:Variant.Application.Razy.862401 (B)
DrWebTrojan.DownLoader43.36440
TrendMicroTROJ_GEN.R002C0WH721
McAfee-GW-EditionArtemis!Trojan
SophosGeneric PUA LF (PUA)
GDataGen:Variant.Application.Razy.862401
JiangminAdWare.KuwanBar.ad
MAXmalware (ai score=77)
GridinsoftTrojan.Win32.Downloader.oa!s2
ZoneAlarmnot-a-virus:Downloader.Win32.YXdown.baz
MicrosoftTrojan:Win32/Sabsik.FL.A!ml
AhnLab-V3Adware/Win.Generic.R434465
McAfeeGenericRXAA-AA!16574F105FB9
VBA32BScope.Trojan.FakeAlert
MalwarebytesMalware.AI.4254677894
TrendMicro-HouseCallTROJ_GEN.R002C0WH721
RisingAdware.Agent!1.D4E5 (CLOUD)
YandexPUA.Downloader!Dhx6wJMXhAI
SentinelOneStatic AI – Suspicious PE
FortinetRiskware/YXdown
AVGWin32:Malware-gen
Cybereasonmalicious.a2e13f
PandaTrj/CI.A
MaxSecureTrojan.Malware.119961929.susgen

How to remove Malware.AI.4254677894?

Malware.AI.4254677894 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment