Malware

Malware.AI.4272559546 removal

Malware Removal

The Malware.AI.4272559546 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Malware.AI.4272559546 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Executed a command line with /V argument which modifies variable behaviour and whitespace allowing for increased obfuscation options
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • CAPE detected the CryptBot malware family
  • Attempts to identify installed AV products by installation directory
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.4272559546?


File Info:

name: 20DE5CA9D6817F20C207.mlw
path: /opt/CAPEv2/storage/binaries/b33d92b435994ad3cd39673964fbace28f9aeec97d9edfa89a61f8f1d6bfaa0e
crc32: 211B1FEC
md5: 20de5ca9d6817f20c2073de3abcb5317
sha1: 563c5a43dc094c1bafe32671e8bbe124dec67d74
sha256: b33d92b435994ad3cd39673964fbace28f9aeec97d9edfa89a61f8f1d6bfaa0e
sha512: 1beae1977656dfb48a761015c6d59d0d4ef8497ccede44784829239352fd1621cb4621a2341b04a39e6dce5d8d62fe35a9ad48f27dd606d0d1c6fff6d402c4eb
ssdeep: 12288:9UQMHVHsVDAqQ7D0HzUGHX6h6wpRUuADO:WQMHZoO7D+zUxxnADO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E7C51BCAD63ACDF9F50A5930689666E9E708EE14514F42095BB27F73B8FB584F036038
sha3_384: a29ece87e1e7164a6d3afd933c1e56b6673f03c862adaff327933cd78471d1dd722bfcde553563c38ca7b30b68072a7c
ep_bytes: 89c8ff15e0a44b00e93819000068d01d
timestamp: 2021-12-10 02:46:37

Version Info:

FileVersion: 4.0.0.651
FileDescription:
LegalCopyright: © Panda 2016
Comments:
CompanyName: Panda Security, S.L.
InternalName:
LegalTrademarks:
OriginalFilename:
ProductName: Panda Cloud Antivirus
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04e4

Malware.AI.4272559546 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.SelfDel.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen16.3577
MicroWorld-eScanGen:Variant.Lazy.83633
FireEyeGeneric.mg.20de5ca9d6817f20
McAfeeArtemis!20DE5CA9D681
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.3654657
SangforTrojan.Win32.SelfDel.hvza
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/SelfDel.c39b8a4c
K7GWTrojan ( 0058bab61 )
K7AntiVirusTrojan ( 0058bab61 )
BitDefenderThetaGen:NN.ZexaF.34160.Es1@aualGfji
VirITTrojan.Win32.Agent.BWB
CyrenW32/Qbot.HR.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNQE
TrendMicro-HouseCallTROJ_GEN.R002C0WLD21
Paloaltogeneric.ml
KasperskyTrojan.Win32.SelfDel.hvza
BitDefenderGen:Variant.Lazy.83633
AvastWin32:Trojan-gen
Ad-AwareGen:Variant.Lazy.83633
SophosMal/Generic-S
F-SecureTrojan.TR/AD.GenSteal.kquan
TrendMicroTROJ_GEN.R002C0WLD21
McAfee-GW-EditionArtemis!Trojan
EmsisoftGen:Variant.Lazy.83633 (B)
IkarusTrojan.Win32.Crypt
GDataGen:Variant.Lazy.83633
eGambitPE.Heur.InvalidSig
AviraTR/AD.GenSteal.kquan
MAXmalware (ai score=87)
GridinsoftTrojan.Win32.Kryptik.oa
ArcabitTrojan.Lazy.D146B1
MicrosoftTrojan:Win32/Mamson.A!ac
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.CryptBot.C4830709
VBA32BScope.Trojan.Injuke
ALYacGen:Variant.Lazy.83633
MalwarebytesMalware.AI.4272559546
APEXMalicious
RisingTrojan.Kryptik!8.8 (CLOUD)
YandexTrojan.Hancitor!5GChmJtrS+o
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.HNQE!tr
AVGWin32:Trojan-gen
PandaGeneric Suspicious

How to remove Malware.AI.4272559546?

Malware.AI.4272559546 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment