Malware

About “Malware.AI.4279449197” infection

Malware Removal

The Malware.AI.4279449197 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4279449197 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Sniffs keystrokes
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.4279449197?



File Info:

name: EDB1996A036B70D6B393.mlw
path: /opt/CAPEv2/storage/binaries/49d9d43573b83fa2c57d3489fe1b96def00e602bcadf031460d66c50bd08405a
crc32: 64C489CB
md5: edb1996a036b70d6b3934506b8f98d4e
sha1: 664dab394ad9fa8773cc03e71ddeba3a594bbaf7
sha256: 49d9d43573b83fa2c57d3489fe1b96def00e602bcadf031460d66c50bd08405a
sha512: 1365dbc9d1233fa757c36185fb7056b1f8f8285930192cfdefe02a63ce1d2cc849221326ba1ada433607fcda70fe1feb67795cf5c073a77c7b4409eeb1dadd32
ssdeep: 49152:pfElo6kt0BL4stOCOFbu5viBEt3YCKv3RUQxP:RJZ6M6wx+9ICmF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DDA5339732D8CBA7DB5B593359220A6617F8A718126E716FC7C8BFADDC300548213F62
sha3_384: 1a74e0887e228bc8a2e1584dffe6a578b2ee4e6970c02c2bedb6e16b25da84a02963a406f63574b1b2d050f040316775
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2009-12-05 22:50:46


Version Info:

0: [No Data]

Malware.AI.4279449197 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Multi.Generic.4!c
DrWebProgram.Unwanted.1152
MicroWorld-eScanTrojan.GenericKD.35103116
FireEyeTrojan.GenericKD.35103116
CAT-QuickHealPUA.NSIS.PCOptimizer.E
ALYacTrojan.GenericKD.35103116
CylanceUnsafe
VIPRETrojan.GenericKD.35103116
SangforRiskware.Win32.Agent.ky
K7AntiVirusAdware ( 004bd8f61 )
K7GWAdware ( 004bd8f61 )
Cybereasonmalicious.a036b7
CyrenW32/Trojan.GHR.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32MSIL/MyPCBackup.G potentially unwanted
ZonerProbably Heur.ExeHeaderL
TrendMicro-HouseCallTROJ_GEN.R007H0CB422
Paloaltogeneric.ml
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderTrojan.GenericKD.35103116
NANO-AntivirusRiskware.Win32.MyPCBackup.ebozmm
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.35103116
EmsisoftTrojan.GenericKD.35103116 (B)
F-SecureHeuristic.HEUR/AGEN.1203192
TrendMicroADW_MyPCBackup.component
McAfee-GW-EditionBehavesLike.Win32.Dropper.vc
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
SophosGeneric PUA GG (PUA)
Ikarusnot-a-virus:RiskTool.BackupMyPC
GDataNSIS.Adware.MyPCBackup.E
WebrootW32.Mypcbackup
AviraHEUR/AGEN.1220205
Antiy-AVLTrojan/Win32.TGeneric
KingsoftWin32.Heur.KVMH008.a.(kcloud)
ArcabitTrojan.Generic.D217A18C
ZoneAlarmnot-a-virus:RiskTool.MSIL.PCOptimizer.b
MicrosoftTrojan:Win32/Occamy.C49
CynetMalicious (score: 100)
McAfeeArtemis!EDB1996A036B
VBA32CIL.HeapOverride.Heur
MalwarebytesMalware.AI.4279449197
APEXMalicious
RisingMalware.Undefined!8.C (CLOUD)
YandexRiskware.PCOptimizer!9TKR/U5ghms
MAXmalware (ai score=87)
FortinetRiskware/PCOptimizer
AVGWin32:Malware-gen
CrowdStrikewin/grayware_confidence_100% (W)

How to remove Malware.AI.4279449197?

Malware.AI.4279449197 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment