Malware

Malware.AI.4291113765 removal tips

Malware Removal

The Malware.AI.4291113765 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Malware.AI.4291113765 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (5 unique times)
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Spoofs its process name and/or associated pathname to appear as a legitimate process
  • Attempts to create or modify system certificates
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
tttttt.me
apps.identrust.com
yearofthepig.top

How to determine Malware.AI.4291113765?


File Info:

crc32: 492F3EBE
md5: 5b60d41bd93869e36d90775be1ae7830
name: 5B60D41BD93869E36D90775BE1AE7830.mlw
sha1: d3c63b6d2f389c25071ab7bfee6370ae3e11f7d8
sha256: 4fd202b93cc2d13fbf7ca7de657a4c1e2f979a027bc49600604720ff5588f5a0
sha512: 230489316593278d53dc360216185c321604dc61ae6dc699afcec3d2f739b04559d2854f8460e0fdb9f1ab1dc713d237b050828c16a57cad0bf50f1de65e460c
ssdeep: 49152:WMzjnCoR424OTzb09asQ85DOqRpxIT7BV7cH:1jn9R4Ezb09asQ85DOqfxITj
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (C) 2001
InternalName: VisualBCutter
FileVersion: 1, 0, 0, 1
CompanyName:
PrivateBuild:
LegalTrademarks:
Comments:
ProductName: VisualBCutter Application
SpecialBuild:
ProductVersion: 1, 0, 0, 1
FileDescription: VisualBCutter MFC Application
OriginalFilename: VisualBCutter.EXE
Translation: 0x0409 0x04b0

Malware.AI.4291113765 also known as:

BkavW32.AIDetectGBM.malware.01
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.45719034
FireEyeGeneric.mg.5b60d41bd93869e3
CAT-QuickHealTrojanpws.Racealer
Qihoo-360Win32/Trojan.Generic.HwoCOUcA
McAfeeArtemis!5B60D41BD938
CylanceUnsafe
ZillyaTrojan.Racealer.Win32.1207
SangforInfostealer.Win32.Racealer.kqt
K7AntiVirusTrojan ( 00577be01 )
BitDefenderTrojan.GenericKD.45719034
K7GWTrojan ( 00577be01 )
BitDefenderThetaGen:NN.ZexaCO.34574.wA0@amv9L1fi
CyrenW32/Trojan.CQBU-5819
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Generik.CNSILD
APEXMalicious
AvastWin32:Trojan-gen
KasperskyTrojan-PSW.Win32.Racealer.kqt
AlibabaTrojanPSW:Win32/Racealer.131319b5
NANO-AntivirusTrojan.Win32.Sheljector.ilndye
AegisLabTrojan.Win32.Racealer.i!c
Ad-AwareTrojan.GenericKD.45719034
EmsisoftTrojan.GenericKD.45719034 (B)
DrWebBackDoor.Siggen2.247
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R04CC0WBE21
McAfee-GW-EditionBehavesLike.Win32.Dropper.vh
SophosMal/Generic-S
IkarusTrojan.SuspectCRC
JiangminTrojan.Sheljector.i
MicrosoftTrojan:Win32/Ymacco.AA4F
GridinsoftTrojan.Win32.Agent.vb
ArcabitTrojan.Generic.D2B99DFA
AhnLab-V3Malware/Win32.Generic.C4334965
ZoneAlarmTrojan-PSW.Win32.Racealer.kqt
GDataTrojan.GenericKD.45719034
CynetMalicious (score: 100)
VBA32TrojanPSW.Racealer
ALYacTrojan.GenericKD.45719034
MAXmalware (ai score=80)
MalwarebytesMalware.AI.4291113765
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R04CC0WBE21
TencentWin32.Trojan-qqpass.Qqrob.Sxem
FortinetW32/Racealer.KQT!tr.pws
AVGWin32:Trojan-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.114287845.susgen

How to remove Malware.AI.4291113765?

Malware.AI.4291113765 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment