Malware

What is “Malware.AI.4257269397”?

Malware Removal

The Malware.AI.4257269397 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4257269397 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk

How to determine Malware.AI.4257269397?



File Info:

name: CBA9EBDF6B08045BE4B5.mlw
path: /opt/CAPEv2/storage/binaries/322d83af451e44caa669471c720f8023b7ef523b5336bc406987d4f3c5ab333b
crc32: A3C3A796
md5: cba9ebdf6b08045be4b53ba5947ae3a5
sha1: 333c0ce386ef746bafcd15931ca81b00d2b80cb2
sha256: 322d83af451e44caa669471c720f8023b7ef523b5336bc406987d4f3c5ab333b
sha512: b361807e4e120f1e4b824a4116bc924066c2d888e45748789e588176916a9d0a09faa4586ec99a5b7ae413abb11478700031bf178e52ccb11f6375f40594d656
ssdeep: 3072:IvhdXhqpk04hBBim1QKwetZ+STDX6kzsOd3EAdoNoutcJT:I3hq3iB44QPetZTTDX6kIOuAdkoSc9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T144F323CA4268123DC81AC07B36F9552B352ADABFE0469FFF07C8221E0586B42FD59775
sha3_384: 3e075c2708090b3372da7d6f107d1b02e9f83d827ce4cbe59bef7d9e5d9cdb1d6beff12c05fdeb129fb35acb13b8b004
ep_bytes: 60be000043008dbe0010fdff5789e58d
timestamp: 2011-02-27 20:29:56


Version Info:

CompanyName: Belkin Corporation
FileDescription: Tiled Ring Kodak
FileVersion: 5.9
InternalName: Ions Throw Mason
LegalCopyright: Rents (Twig Flavor) 1996-2008
OriginalFilename: Q3rmqfpay7phdbs.exe
ProductName: Freon
ProductVersion: 5.9
Translation: 0x0409 0x04b0

Malware.AI.4257269397 also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGenPack:Trojan.Agent.EGXI
FireEyeGeneric.mg.cba9ebdf6b08045b
CAT-QuickHealTrojanPWS.Zbot.Y
McAfeeW32/Pinkslipbot.gen.aw
CylanceUnsafe
VIPRETrojan.Win32.Reveto.D (v)
K7AntiVirusTrojan ( 004cac0f1 )
AlibabaTrojan:Win32/Kryptik.446a5a9d
K7GWTrojan ( 004cac0f1 )
Cybereasonmalicious.f6b080
CyrenW32/Zbot.DP.gen!Eldorado
SymantecInfostealer.Banker.C
ESET-NOD32a variant of Win32/Kryptik.AJLP
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Zbot-7003059-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGenPack:Trojan.Agent.EGXI
NANO-AntivirusTrojan.Win32.Inject.kthac
AvastWin32:Zbot-OAE [Trj]
TencentMalware.Win32.Gencirc.1161022c
Ad-AwareGenPack:Trojan.Agent.EGXI
SophosMal/Generic-R + Mal/Zbot-EZ
ComodoMalware@#3brglevspq2d0
DrWebTrojan.PWS.Panda.547
ZillyaDropper.Injector.Win32.15038
McAfee-GW-EditionBehavesLike.Win32.Trojan.cc
EmsisoftGenPack:Trojan.Agent.EGXI (B)
IkarusTrojan.Win32.Reveton
GDataGenPack:Trojan.Agent.EGXI
JiangminTrojan/Generic.wwpa
eGambitUnsafe.AI_Score_99%
AviraTR/Crypt.ULPM.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.4982ED
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot!CI
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Menti.R20738
Acronissuspicious
BitDefenderThetaAI:Packer.EB5647A916
ALYacGenPack:Trojan.Agent.EGXI
TACHYONTrojan/W32.Agent.221696.SN
VBA32Malware-Cryptor.ImgChk
MalwarebytesMalware.AI.4257269397
TrendMicro-HouseCallTROJ_ZBOCHEMAN_0000004.TOMA
RisingTrojan.Generic!8.C3 (CLOUD)
YandexTrojan.GenAsa!zVFKSygT0ao
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.3650076.susgen
FortinetW32/ZboCheMan.A!tr.pws
WebrootW32.Trojan.Gen
AVGWin32:Zbot-OAE [Trj]
PandaBck/Qbot.AO
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Malware.AI.4257269397?

Malware.AI.4257269397 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment