Malware

Should I remove “Malware.AI.4262098888”?

Malware Removal

The Malware.AI.4262098888 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4262098888 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Enumerates services, possibly for anti-virtualization
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself
  • Disables Windows firewall
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.4262098888?



File Info:

name: DE3F4B152C11EFC2A44C.mlw
path: /opt/CAPEv2/storage/binaries/22fe5492dbf49a582ea7355fd2da7c3c44f1867435d1b99ad634ccfb19e9a2d8
crc32: 7FC7CF77
md5: de3f4b152c11efc2a44c797f2d3bd506
sha1: 15d88ed8f93fcf250f18102ce93173d2470e454e
sha256: 22fe5492dbf49a582ea7355fd2da7c3c44f1867435d1b99ad634ccfb19e9a2d8
sha512: 4adb42bfcb79cd7142d2d1279f4c4bf7cbb7d688cb139b5e55ef11b7dde4626839cceeaf459391cba132226f3e33444865e6152311fee92bed88244af612d8bf
ssdeep: 98304:iAqGwgLcyTxETNJ4wDBm9RcyTxETNJ4wDBm9Y:rXwscyTxETNiRcyTxETNiY
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1A11612A675E400E9D47BF079CB86C607F6F1B44503B4A2DF12E845A62F13AD96A3F321
sha3_384: 798784125255f628e2c8ec67d1d0757a270af2dbb464281e48a78c9023b498515894df443d2a119954bcacf13262f29b
ep_bytes: 4883ec28e803a700004883c428e952fe
timestamp: 2012-01-29 21:32:45


Version Info:

FileDescription: 
FileVersion: 3, 3, 8, 1
CompiledScript: AutoIt v3 Script: 3, 3, 8, 1
Translation: 0x0809 0x04b0

Malware.AI.4262098888 also known as:

LionicTrojan.Script.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Midie.80552
FireEyeGeneric.mg.de3f4b152c11efc2
ALYacGen:Variant.Midie.80552
MalwarebytesMalware.AI.4262098888
VIPRETrojan.Win32.Generic!BT
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 004935801 )
K7AntiVirusTrojan ( 004935801 )
BitDefenderThetaAI:Packer.10749FE916
CyrenW64/BitCoin.I.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/CoinMiner.JR
BaiduAutoIt.Trojan.CoinMiner.a
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Coinminer-6690085-0
KasperskyUDS:Trojan.Script.Generic
BitDefenderGen:Variant.Midie.80552
NANO-AntivirusTrojan.Win64.SelfDel.fglrpc
AvastAutoIt:CoinMiner-A [Trj]
TencentWin32.Trojan.Selfdel.Wstz
Ad-AwareGen:Variant.Midie.80552
EmsisoftGen:Variant.Midie.80552 (B)
DrWebTrojan.MulDrop7.62713
TrendMicroPossible_Execit-0
McAfee-GW-EditionBehavesLike.Win64.Trojan.wc
SophosML/PE-A + Troj/AutMine-B
JiangminTrojan.Script.bss
MaxSecureTrojan.Malware.121218.susgen
AviraDR/AutoIt.Gen
MicrosoftTrojan:Win32/Skeeyah.A!rfn
GDataGen:Variant.Midie.80552
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.SelfDel.R230423
Acronissuspicious
McAfeeTrojan-FPMM!DE3F4B152C11
MAXmalware (ai score=85)
VBA32Trojan.Agent
CylanceUnsafe
TrendMicro-HouseCallPossible_Execit-0
RisingTrojan.CoinMiner/Autoit!1.ACFF (CLASSIC)
YandexTrojan.SelfDel!AoyoyxZuPns
IkarusWorm.Win32.AutoIt
FortinetW32/CoinMiner.JR!tr
AVGAutoIt:CoinMiner-A [Trj]

How to remove Malware.AI.4262098888?

Malware.AI.4262098888 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment