Malware

Malware.AI.4280578054 information

Malware Removal

The Malware.AI.4280578054 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4280578054 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Sniffs keystrokes
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the njRat malware family
  • Creates known Njrat/Bladabindi RAT registry keys

Related domains:

wpad.local-net

How to determine Malware.AI.4280578054?



File Info:

name: AEF6B1C2E9998A62FE38.mlw
path: /opt/CAPEv2/storage/binaries/06a80727d0b6e554cc20da37a783bfd3aba09fe2d6c8e7cdfb5440688d1ed194
crc32: D5FFF0DC
md5: aef6b1c2e9998a62fe381bed06bcebad
sha1: a3a9b91fb9100fd01c5c9e499682802194a8ebf9
sha256: 06a80727d0b6e554cc20da37a783bfd3aba09fe2d6c8e7cdfb5440688d1ed194
sha512: 38f79651e03d46dc742aa79dbd9ab79c268e271b7cb58c852897a5c14586077364802fc4e8578b0ef3038bcf0c09e0f37ad5ca941a93b98a1ca68eb031c0a906
ssdeep: 49152:6shdaxsEbHDsKAvnzEezZBTjKIaJPnoGAc9n8RKES6IZK0IAFebjciz:MsEjAKAvwgKBVodsE3oKp0Sgi
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16AD5339D2871F072FA4F23F681354D7C036DA8546D703B168295C02FF4A8A8A95C7FAE
sha3_384: dad8a8c2a5472838931f7261b9490435315b56bde47481de26ce2d264c8ddc05790d7abd7e19651ff3d5250fa6c01312
ep_bytes: 60be00606e008dbe00b0d1ff57eb0b90
timestamp: 2016-06-01 07:52:52


Version Info:

Translation: 0x0809 0x04b0

Malware.AI.4280578054 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.MSIL.Disfa.4!c
MicroWorld-eScanTrojan.GenericKD.32659595
FireEyeGeneric.mg.aef6b1c2e9998a62
McAfeeArtemis!AEF6B1C2E999
MalwarebytesMalware.AI.4280578054
ZillyaTrojan.Bladabindi.Win32.108053
K7AntiVirusTrojan ( 004f1a7b1 )
AlibabaTrojan:MSIL/Disfa.a7be3e2e
K7GWTrojan ( 004f1a7b1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZemsilF.34294.jq0@a4syzzf
SymantecML.Attribute.HighConfidence
ESET-NOD32MSIL/Bladabindi.AS
TrendMicro-HouseCallTROJ_GEN.R002C0RGL21
Paloaltogeneric.ml
KasperskyTrojan.MSIL.Disfa.jhvc
BitDefenderTrojan.GenericKD.32659595
NANO-AntivirusTrojan.Win32.Bladabindi.edngvr
ViRobotTrojan.Win32.Z.Bladabindi.2856448
Ad-AwareTrojan.GenericKD.32659595
SophosMal/MsilDyn-F
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0RGL21
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.vc
EmsisoftTrojan.GenericKD.32659595 (B)
WebrootW32.Trojan.MSIL.Disfa.jhvc
AviraTR/AD.Bladabindi.vjzrl
MAXmalware (ai score=99)
Antiy-AVLTrojan/Generic.ASMalwS.190F586
KingsoftWin32.Troj.Disfa.jh.(kcloud)
GridinsoftRansom.Win32.Bladabindi.sa
MicrosoftBackdoor:MSIL/Bladabindi
GDataTrojan.GenericKD.32659595
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Generic.C4396556
VBA32Trojan.MSIL.Disfa
ALYacTrojan.GenericKD.32659595
APEXMalicious
TencentMsil.Trojan.Disfa.Lsly
eGambitUnsafe.AI_Score_99%
FortinetMSIL/Generic.AP.19D6344!tr
Cybereasonmalicious.2e9998
PandaTrj/CI.A
MaxSecureTrojan.Malware.300983.susgen

How to remove Malware.AI.4280578054?

Malware.AI.4280578054 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment