Malware

What is “Malware.AI.4259435358”?

Malware Removal

The Malware.AI.4259435358 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4259435358 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Starts servers listening on 0.0.0.0:33380, :0
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Detects the presence of Wine emulator via registry key
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Harvests cookies for information gathering
  • Modifies Image File Execution Options, indicative of process injection or persistence

How to determine Malware.AI.4259435358?



File Info:

name: F4C1679DFCD523872A54.mlw
path: /opt/CAPEv2/storage/binaries/dd97b9c6cd102f855a5e604e00a41f8ddbd5830cd9a231ec9d6a52a9cf47b6ec
crc32: B27ECA84
md5: f4c1679dfcd523872a54edd535770480
sha1: 61966e643d23fb570e69090e4b1c07ef571e0c31
sha256: dd97b9c6cd102f855a5e604e00a41f8ddbd5830cd9a231ec9d6a52a9cf47b6ec
sha512: 05bc2e9e1fe29978eb8376db6aea530b0d7a4d29979f6b0b95277cc92ae5443119ce28c5d22196ca0b3e18db189bcdef483fc83a63e42dad7d7e791e1a4679e9
ssdeep: 98304:I7Rx8T/z4z03UVOAPfBBMmkcnPPOoOBV9vgGVO2:ERx8D5UgAPgJcPPOoOBVpge
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10D163380D6B5ED5FC46C11F40A6560DB19339D3EE0255E337BBA343E2AB96A68307E07
sha3_384: ad3baae636078836ccbd3d1690f43100ad2362e3aa6697252fb229faf79c108b849d14d26d97f1ef7d2d7a852ffa0b68
ep_bytes: 81ecd40200005356576a205f33db6801
timestamp: 2019-12-16 00:54:10


Version Info:

Comments: 
CompanyName: BitTorrent Inc.
FileDescription: uTorrent v3.5.5.46200
FileVersion: 3.5.5.46200
LegalCopyright: © BitTorrent Inc.
ProductName: uTorrent v3.5.5.46200
Translation: 0x0409 0x04b0

Malware.AI.4259435358 also known as:

LionicAdware.NSIS.AdPack.2!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Agent
McAfeeArtemis!F4C1679DFCD5
CylanceUnsafe
ZillyaAdware.AdPack.Win32.160
SangforRiskware.Win32.AdPack.gen
K7AntiVirusAdware ( 0057d7a31 )
BitDefenderTrojan.GenericKD.48263740
K7GWAdware ( 0057d7a31 )
SymantecPUA.Gen.2
ESET-NOD32a variant of Win32/uTorrent.E potentially unwanted
APEXMalicious
Kasperskynot-a-virus:UDS:AdWare.NSIS.AdPack.gen
AlibabaAdWare:Win32/uTorrent.26406030
ViRobotAdware.Adpack.4205994
MicroWorld-eScanTrojan.GenericKD.48263740
AvastWin32:Adware-gen [Adw]
RisingPUA.uTorrent!8.F60A (CLOUD)
EmsisoftTrojan.GenericKD.48263740 (B)
McAfee-GW-EditionBehavesLike.Win32.Dropper.rc
FireEyeGeneric.mg.f4c1679dfcd52387
SophosGeneric PUA GB (PUA)
IkarusTrojan.Win32.Adrepack
JiangminTrojan.Generic.gwsls
WebrootW32.Trojan.GenKD
MAXmalware (ai score=80)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Generic.D2E0723C
ZoneAlarmnot-a-virus:HEUR:AdWare.NSIS.AdPack.gen
GDataTrojan.GenericKD.48263740
ALYacTrojan.GenericKD.48263740
VBA32Adware.AdPack
MalwarebytesMalware.AI.4259435358
YandexPUA.AdPack!L5ckwPRtKbc
FortinetRiskware/uTorrent.E6A1
AVGWin32:Adware-gen [Adw]
PandaTrj/CI.A

How to remove Malware.AI.4259435358?

Malware.AI.4259435358 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment