Malware

Malware.AI.4263543258 removal

Malware Removal

The Malware.AI.4263543258 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4263543258 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.4263543258?



File Info:

name: 11462ADCC0C594B6966F.mlw
path: /opt/CAPEv2/storage/binaries/687d9500c9ebb814087745d507bb4b57028915ac5cf1b0260fce7806c3dc62a0
crc32: 80D8E31C
md5: 11462adcc0c594b6966fa694f1b4fb7b
sha1: 434604f2cdc91b786bb875400db3e7cc3960b0f8
sha256: 687d9500c9ebb814087745d507bb4b57028915ac5cf1b0260fce7806c3dc62a0
sha512: f8dcb39e9aff82e671eeb355e07d370105ced4c461e852a4aa2d45db755df2a1fa8635d08e50c4e37d9a666c8021bc70f62177630b4464858534c5107c4bc7b9
ssdeep: 49152:C1bWmHW0ZalyYUbgMrI2i/30w24zplHmsMeUaSv8K/J2rm2mhqWnvQYqArSAzyQW:EX208yYUy30wvzplZbS0Xr/mNKUSwyY2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11FE53352A3D74538ECA21B7499704488BD5B3C7005F610A63EF5E20E5EFA6CB9C7AB12
sha3_384: 6816b0c63d88cc270b23045e61aea0ecbfcd83f56fd45470e27e63cdbd2dcf668e8f247de373daa33c273648888bf49a
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2015-07-16 13:24:20


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: A Software Plus                                             
FileDescription: Cool WMV To 3GP Converter Setup                             
FileVersion: 1.0                 
LegalCopyright: Copyright © 2008-2009 A Software Plus                                                               
ProductName: Cool WMV To 3GP Converter                                   
ProductVersion: 1.0                                               
Translation: 0x0000 0x04b0

Malware.AI.4263543258 also known as:

LionicAdware.Win32.Relevant.2!c
CylanceUnsafe
SangforAdware.Win32.Relevant.gen
K7AntiVirusAdware ( 00524b301 )
K7GWAdware ( 00524b301 )
SymantecPUA.Gen.2
ESET-NOD32multiple detections
Kasperskynot-a-virus:HEUR:AdWare.Win32.Relevant.gen
AvastFileRepMalware
DrWebAdware.Relevant.189
SophosGeneric PUA ED (PUA)
GDataWin32.Application.RelevantKnowledge.G
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftPUA:Win32/Bitrepeyp.A
VBA32Adware.Relevant
MalwarebytesMalware.AI.4263543258
SentinelOneStatic AI – Suspicious PE
AVGFileRepMalware

How to remove Malware.AI.4263543258?

Malware.AI.4263543258 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment