Malware

Should I remove “Malware.AI.4276592568”?

Malware Removal

The Malware.AI.4276592568 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4276592568 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Malware.AI.4276592568?



File Info:

name: 6AFE0F90BA730C1FFA41.mlw
path: /opt/CAPEv2/storage/binaries/f99603fcc652b8c8d1c333f7c59c086c42e47011ca85a5dccb57daece38a0e76
crc32: 9F076665
md5: 6afe0f90ba730c1ffa41a8e229d6c6b3
sha1: 606f213837fa0f98b89b59c4e1dfff981620b0cf
sha256: f99603fcc652b8c8d1c333f7c59c086c42e47011ca85a5dccb57daece38a0e76
sha512: 35a87a5a5ff35e12ec6b468bceb91e028e0165e1d9169c743630aae7a5ece024e3ad10ac0ae50fec1c17adb9204fcda1dc5a072a19ccc9940a6de2d67ee17703
ssdeep: 24576:0MpBiU5C/RDtu9UnbZc+snaGZ075E0X9Aygr:0tU5GR5UUnlc+f5Bi
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18946236076818073E261923428F1E232857A64B6173848E77B7B1BD76B523C1F2B57EF
sha3_384: 54206935fb97f2bdce51e90ed3418f28ce21bd74797b84e5d0b3bdb44e0cd0bfc486e3284f853f0d4599e639aa51e63d
ep_bytes: e867360000e978feffff8bff558bec81
timestamp: 2017-06-06 10:10:25


Version Info:

CompanyName: XiaoMi Corporation
FileDescription: MiFlash Module
FileVersion: 2016, 04, 01, 0
InternalName: MiFlash
LegalCopyright: XiaoMi Copyright 2011-2015
OriginalFilename: MiFlash.exe
ProductName: MiFlash Module
ProductVersion: 2016, 04, 01, 0(64bit)
Translation: 0x0409 0x04b0

Malware.AI.4276592568 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.GandCrab.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ransom.GandCrab.1212
FireEyeGen:Variant.Ransom.GandCrab.1212
ALYacGen:Variant.Ransom.GandCrab.1212
CylanceUnsafe
SangforTrojan.Win32.Wacatac.B
AlibabaRansom:Win32/RansomX.c6866fae
APEXMalicious
BitDefenderGen:Variant.Ransom.GandCrab.1212
AvastWin32:RansomX-gen [Ransom]
Ad-AwareGen:Variant.Ransom.GandCrab.1212
TrendMicroTROJ_GEN.R002C0PDB22
McAfee-GW-EditionGenericRXSJ-MW!6AFE0F90BA73
Trapminesuspicious.low.ml.score
EmsisoftGen:Variant.Ransom.GandCrab.1212 (B)
GDataGen:Variant.Ransom.GandCrab.1212
AviraTR/AD.APTLazarus.uumrc
ArcabitTrojan.Ransom.GandCrab.D4BC
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
McAfeeGenericRXSJ-MW!6AFE0F90BA73
MAXmalware (ai score=86)
VBA32BScope.Trojan.Ymacco
MalwarebytesMalware.AI.4276592568
TrendMicro-HouseCallTROJ_GEN.R002C0PDB22
RisingTrojan.Generic!8.C3 (CLOUD)
MaxSecureTrojan.Malware.74381794.susgen
FortinetW32/PossibleThreat
AVGWin32:RansomX-gen [Ransom]

How to remove Malware.AI.4276592568?

Malware.AI.4276592568 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment