What is “Malware.AI.4260950461”?

The Malware.AI.4260950461 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Malware.AI.4260950461 virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Malware.AI.4260950461?


File Info:
name: 47FF2E0021C8D96E82F5.mlw
path: /opt/CAPEv2/storage/binaries/777db99db728e3109c06c38ece94d23497680d1e8187de5bbd2aeb24e012866b
crc32: 9CA2E69C
md5: 47ff2e0021c8d96e82f50c4f44d5f745
sha1: d56919510b9651fce444957746b4626cbf0447c7
sha256: 777db99db728e3109c06c38ece94d23497680d1e8187de5bbd2aeb24e012866b
sha512: 7cd7bd4c989c2d3028c0e7f9fb898d774cc5c57fbc22307afd5563b68dc51c9ddb300fac0f1bd43d36839b7cb1368c914cd9a6d84703fd8c36665aeb751e916e
ssdeep: 24576:kHKxGy3+AwH+aIOoPyZ4Fb1q6zP2BwRhOQt8+eyyBc5IO21e:kHoL31weaIOyyKTAwRhOQC+eTK+re
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T11C952901A7EA5284E9B2FAB1C56EA515BA327C70DD38F6DF0AC18D3A1D32AD1D434F11
sha3_384: 12da06905a0390f0641e2f7f081ee872ed50f9752027c6e4b9cea230c16ba755ff275e90f4b642c0305e7a5e290a8e6c
ep_bytes: 415757534bbf6000000000000000654b
timestamp: 1971-03-28 15:34:34

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Microsoft® Volume Shadow Copy Service
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
InternalName: VSSVC.EXE
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: VSSVC.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

Malware.AI.4260950461 also known as:

Lionic	Virus.Win32.Expiro.n!c
MicroWorld-eScan	Win64.Expiro.Gen.6
FireEye	Generic.mg.47ff2e0021c8d96e
ALYac	Win64.Expiro.Gen.6
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Alibaba	Virus:Win64/Expiro.e449c06f
Cybereason	malicious.021c8d
VirIT	Win64.Expiro.AH
Cyren	W64/Expiro.CK
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Expiro.DH
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Virus.Expiro-9892046-0
BitDefender	Win64.Expiro.Gen.6
Avast	Win64:Xpirat [Inf]
Ad-Aware	Win64.Expiro.Gen.6
Emsisoft	Win64.Expiro.Gen.6 (B)
VIPRE	Win64.Expiro.Gen.6
TrendMicro	Virus.Win64.EXPIRO.MR
McAfee-GW-Edition	Artemis!Virus
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
GData	Win64.Expiro.Gen.6
Jiangmin	Trojan.Bingoml.etq
Google	Detected
Avira	TR/Patched.Gen
MAX	malware (ai score=82)
Antiy-AVL	Trojan/Generic.ASVirus.32C
Arcabit	Win64.Expiro.Gen.6
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Virus/Win.Expiro.X2151
Acronis	suspicious
Malwarebytes	Malware.AI.4260950461
TrendMicro-HouseCall	Virus.Win64.EXPIRO.MR
Rising	Virus.Expiro!8.375 (CLOUD)
Ikarus	Virus.Win64.Expiro
Fortinet	W64/Expiro.CE
AVG	Win64:Xpirat [Inf]
Panda	W64/Expiro.AK
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Malware.AI.4260950461?

Malware.AI.4260950461 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X