Malware

What is “Malware.AI.4284230446”?

Malware Removal

The Malware.AI.4284230446 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4284230446 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Code injection with CreateRemoteThread in a remote process
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to modify desktop wallpaper
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the DarkComet malware family
  • Anomalous binary characteristics

How to determine Malware.AI.4284230446?



File Info:

name: 0D5DE9E2FFE520B96567.mlw
path: /opt/CAPEv2/storage/binaries/d1bb15cbb0627ce112c622f5a0fa54287a49f0b8c24a13879a9afd379fb0db80
crc32: 52410130
md5: 0d5de9e2ffe520b96567ab4e2a1e12b6
sha1: 142eb55f0eb4936969ffcb620d33e0dffd20cce5
sha256: d1bb15cbb0627ce112c622f5a0fa54287a49f0b8c24a13879a9afd379fb0db80
sha512: a74e96d660552bcd1372bfcb6a235f0dbe257a0fd1830358ae99e2d9cd4c8ae6d2568c588fa3203a36ee0dd20051ba33ca0d05dfb4b816b3dae4ead7e4aed634
ssdeep: 24576:knbA6Lho/cGfCjydBTZc6YiSluZVklQOWp8:kn1L6Vd7c6YfWklbo8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17A0523645C957037D7DEC3FE690CE8A88C5AA0630A865EAD593F3B1879DD32203E4F58
sha3_384: 002d774b3ba19b78929f7a60dc1818953f9b47cb882639b2ed08e3cdd329766af2a488d405b069ffeac8f92cc5c09867
ep_bytes: 68a8074c00e8f0ffffff000000000000
timestamp: 2016-05-31 12:51:15


Version Info:

Translation: 0x0409 0x04b0
CompanyName: MirSoft
ProductName: Timogon
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Xc
OriginalFilename: Xc.exe

Malware.AI.4284230446 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.PonyStealer.Xm0@c8CvLpoi
FireEyeGeneric.mg.0d5de9e2ffe520b9
CAT-QuickHealTrojan.VBObfuscator.A3
ALYacGen:Heur.PonyStealer.Xm0@c8CvLpoi
CylanceUnsafe
ZillyaBackdoor.DarkKomet.Win32.41456
K7AntiVirusTrojan ( 004f0e911 )
K7GWTrojan ( 004f0e911 )
Cybereasonmalicious.2ffe52
BitDefenderThetaGen:NN.ZevbaF.34294.Xm0@a8CvLpoi
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.EMKR
TrendMicro-HouseCallTrojanSpy.Win32.FAREIT.SMS0.hp
KasperskyBackdoor.Win32.DarkKomet.guxt
BitDefenderGen:Heur.PonyStealer.Xm0@c8CvLpoi
NANO-AntivirusTrojan.Win32.DarkKomet.eigfdl
SUPERAntiSpywareTrojan.Agent/Gen-VB
AvastWin32:Malware-gen
Ad-AwareGen:Heur.PonyStealer.Xm0@c8CvLpoi
EmsisoftGen:Heur.PonyStealer.Xm0@c8CvLpoi (B)
TrendMicroTrojanSpy.Win32.FAREIT.SMS0.hp
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.bc
SophosML/PE-A + Mal/FareitVB-F
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.DarkKomet.fsq
AviraHEUR/AGEN.1121352
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASMalwS.1C66B52
MicrosoftTrojan:Win32/VBInject.EA!MTB
GDataGen:Heur.PonyStealer.Xm0@c8CvLpoi
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/VBKrypt.RP.X1764
McAfeePWSZbot-FARW!0D5DE9E2FFE5
VBA32TScope.Trojan.VB
MalwarebytesMalware.AI.4284230446
APEXMalicious
RisingTrojan.Injector!1.B459 (CLASSIC)
FortinetW32/Injector.CZOJ!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_80% (D)

How to remove Malware.AI.4284230446?

Malware.AI.4284230446 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment