Malware

Malware.AI.4291792622 (file analysis)

Malware Removal

The Malware.AI.4291792622 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4291792622 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Malware.AI.4291792622?



File Info:

name: CB516AA73A887F9E761D.mlw
path: /opt/CAPEv2/storage/binaries/d71322f9f7bc25a4eae92e4cdad7c652d67c6eb89bb59a01ba48e9a8e55400b5
crc32: FC23E36C
md5: cb516aa73a887f9e761d1d7c879bc646
sha1: e825d3b0fa8662bb7f77b53b3655bd09738fe5dc
sha256: d71322f9f7bc25a4eae92e4cdad7c652d67c6eb89bb59a01ba48e9a8e55400b5
sha512: fac21cf4320027cd4786e942174615ce929f8a3716f36b186a064a02c3855a76ce17b7e77129cee4af27c506eb6d3a5c240b3b7dd21eb85a02e80866a788cc28
ssdeep: 6144:b3bCdh+yzFFjIX0zE9NKFEWNFfK4CS0NwI42+fFBFFrkijq:jmd4WjIXxcXNkjN4Zf1FrPq
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13E84F161F8571409E526CE70B93773FC1A6562AE3B0CC5C26350BCC61A5149ACFFEA3A
sha3_384: c0f0d6ba22a8e851f73a9978e9b5d4bde491b36168cf2cca58aea61135b7650cd54056012c28ee677d4df321c0833a67
ep_bytes: 558bec51c745fc36c80000e8d0fcffff
timestamp: 2012-08-31 13:20:15


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Windows Winhlp32 Stub
FileVersion: 5.00.2134.1
InternalName: WINHSTB
LegalCopyright: Copyright (C) Microsoft Corp. 1991-1996
OriginalFilename: WINHLP32.EXE
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 5.00.2134.1
Translation: 0x0409 0x04b0

Malware.AI.4291792622 also known as:

LionicTrojan.Win32.Zbot.lCpQ
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.cb516aa73a887f9e
CAT-QuickHealTrojanPWS.Zbot.Gen
ALYacGen:Variant.Midie.87438
CylanceUnsafe
VIPRETrojan.Win32.Reveton.a (v)
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0040f02a1 )
AlibabaTrojanSpy:Win32/BScope.0ab6f7d5
K7GWTrojan ( 0040f02a1 )
Cybereasonmalicious.73a887
BitDefenderThetaGen:NN.ZexaF.34212.wq1@aynapIji
VirITTrojan.Win32.Generic.ALOX
CyrenW32/Zbot.BJC
SymantecPacked.Generic.459
ESET-NOD32Win32/Spy.Zbot.AAN
BaiduWin32.Trojan.Kryptik.et
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Zbot-7358539-0
KasperskyTrojan-Spy.Win32.Zbot.etev
BitDefenderGen:Variant.Midie.87438
NANO-AntivirusTrojan.Win32.Zbot.whbwd
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
MicroWorld-eScanGen:Variant.Midie.87438
AvastWin32:Crypt-OVT [Trj]
TencentMalware.Win32.Gencirc.10b90e09
Ad-AwareGen:Variant.Midie.87438
EmsisoftGen:Variant.Midie.87438 (B)
ComodoTrojWare.Win32.Kryptik.ALIV@4qldgc
DrWebTrojan.PWS.Panda.2363
ZillyaTrojan.Zbot.Win32.111088
TrendMicroTSPY_ZBOT.SM13
McAfee-GW-EditionPWS-Zbot.gen.aln
SophosMal/Generic-R + Troj/Zbot-DHN
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Midie.87438
JiangminTrojanSpy.Zbot.cbjk
AviraTR/Spy.Zbot.adu
MAXmalware (ai score=100)
Antiy-AVLTrojan[Spy]/Win32.Zbot
KingsoftWin32.Troj.Zbot.et.(kcloud)
ArcabitTrojan.Midie.D1558E
ViRobotTrojan.Win32.A.Zbot.363976
ZoneAlarmTrojan-Spy.Win32.Zbot.etev
MicrosoftPUAAdvertising:Win32/LoadMoney
AhnLab-V3Trojan/Win32.Plosa.R24487
Acronissuspicious
McAfeePWS-Zbot.gen.aln
TACHYONTrojan-Spy/W32.ZBot.371112
VBA32BScope.Trojan.Fuerboos
MalwarebytesMalware.AI.4291792622
TrendMicro-HouseCallTSPY_ZBOT.SM13
RisingSpyware.Zbot!1.652B (CLASSIC)
YandexTrojanSpy.Zbot!F3Foy3M/emM
IkarusTrojan.Crypt_s
eGambitPE.Heur.InvalidSig
FortinetW32/Zbot.APRF!tr
WebrootW32.Infostealer.Zeus
AVGWin32:Crypt-OVT [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.4291792622?

Malware.AI.4291792622 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment