Malware

Malware.AI.4259319010 removal tips

Malware Removal

The Malware.AI.4259319010 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Malware.AI.4259319010 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Deletes its original binary from disk

How to determine Malware.AI.4259319010?


File Info:

name: 21F7E4B57BE2336793D9.mlw
path: /opt/CAPEv2/storage/binaries/c49531a612193d3c2500655491278d48efc25c7193347de9d98917d53309cbae
crc32: 4AA25D73
md5: 21f7e4b57be2336793d96fe6444d6b69
sha1: ecd864c1ce81e1441ac0a4a8da7a9ffc594875d9
sha256: c49531a612193d3c2500655491278d48efc25c7193347de9d98917d53309cbae
sha512: 32e5022ba54984ea164736fbd592c648e1ecb5e35fb4a8d6caf52557a615e59589392c5b0bd436ee573f9a387bed787fe5bb975d405b14ed67a2bfcbe3727984
ssdeep: 98304:o05uSZMAcQeqkNKaHOAu2sDLhd8A6ewtccbTX9yvNNwma:okuocJ0gOAuZDLhuFjccbpyha
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C746022722107284C0654D795A37FE74B2F58B1E0DA1C87B7AE9FED13A6E462D702B07
sha3_384: e21fe1956db528aae60afe7e473047b6d3b97334459e5e79168ed797e01a03711806cdbfd6529ed91ba5503bd646fd18
ep_bytes: e9f5d64d00c341e9530a4f00c3909090
timestamp: 2021-12-23 03:23:32

Version Info:

0: [No Data]

Malware.AI.4259319010 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Lazy.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Lazy.158457
FireEyeGeneric.mg.21f7e4b57be23367
McAfeeGenericRXAA-FA!21F7E4B57BE2
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
BitDefenderThetaGen:NN.ZexaF.34666.@BX@aqVtjngb
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallTROJ_GEN.R002H09EB22
AvastWin64:Trojan-gen
ClamAVWin.Dropper.Tiggre-9845940-0
BitDefenderGen:Variant.Lazy.158457
RisingTrojan.MalCert!1.BB39 (CLOUD)
Ad-AwareGen:Variant.Lazy.158457
EmsisoftGen:Variant.Lazy.158457 (B)
McAfee-GW-EditionBehavesLike.Win32.Injector.tc
SophosMal/Generic-S
Paloaltogeneric.ml
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataGen:Variant.Lazy.158457
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R479970
VBA32BScope.Trojan.Blamon
ALYacGen:Variant.Lazy.158457
MAXmalware (ai score=82)
MalwarebytesMalware.AI.4259319010
APEXMalicious
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/PossibleThreat
AVGWin64:Trojan-gen

How to remove Malware.AI.4259319010?

Malware.AI.4259319010 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment