Malware

Malware.AI.4294700178 removal

Malware Removal

The Malware.AI.4294700178 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4294700178 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the njRat malware family
  • Deletes executed files from disk
  • Creates known Njrat/Bladabindi RAT registry keys
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.4294700178?



File Info:

name: 2DA97BFD042DFA42D1F9.mlw
path: /opt/CAPEv2/storage/binaries/5fbba6e5bebeb367e4914748af26fcd053cdbfc0bf80178e94ad554be80d680b
crc32: EEB224D4
md5: 2da97bfd042dfa42d1f91f7b15870a4f
sha1: 3a00fb13c4d3f1fd1bde9b49f2f54def4f0fab0a
sha256: 5fbba6e5bebeb367e4914748af26fcd053cdbfc0bf80178e94ad554be80d680b
sha512: daf7e726b7f0c07aaf6fa88a647ef19af3678ac331e17047b8d586bf4b999683ffed8949892026425bc72943f5850e909d03f22b367affc535cc7bdadeb61f3a
ssdeep: 6144:SjbeiGkGc+HGcPCaik+4RI8ZD9zkCVzTtnGK:SuTc+FPCaikXp7xT4K
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AA44F11356D1413BF8E5273499F922630B3DBCE16F74A3BF920955D95CB22C0A8783AB
sha3_384: 81c2a9a0add6b7043e4766aacccc47b6ea2e2b598276d5ecd7f0bfd25b625574e25153ae3cd6191467681be35ee14f15
ep_bytes: e80a000000e97affffffcccccccccc8b
timestamp: 2004-08-04 06:01:37


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: Wextract                
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.00.2900.2180
Translation: 0x0409 0x04b0

Malware.AI.4294700178 also known as:

MicroWorld-eScanDropped:Trojan.Generic.17356790
FireEyeGeneric.mg.2da97bfd042dfa42
ALYacDropped:Trojan.Generic.17356790
CylanceUnsafe
VIPREDropped:Trojan.Generic.17356790
K7AntiVirusTrojan ( 0055e3991 )
K7GWTrojan ( 0055e3991 )
Cybereasonmalicious.d042df
BitDefenderThetaGen:NN.ZexaF.34726.hmKfaKfs!JAb
CyrenW32/Symmi.CC.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Injector.CYSV
TrendMicro-HouseCallBKDR_BLADABINDI.YYQS
ClamAVWin.Trojan.Yakes-6985779-0
KasperskyTrojan.Win32.Yakes.psvj
BitDefenderDropped:Trojan.Generic.17356790
NANO-AntivirusTrojan.Win32.MlwGen.efxtgn
CynetMalicious (score: 100)
AvastWin32:Trojan-gen
Ad-AwareDropped:Trojan.Generic.17356790
SophosTroj/MDrop-GWI
ComodoMalware@#hwzlqr0287fw
DrWebTrojan.DownLoader21.51512
TrendMicroBKDR_BLADABINDI.YYQS
Trapminemalicious.high.ml.score
EmsisoftDropped:Trojan.Generic.17356790 (B)
APEXMalicious
GDataDropped:Trojan.Generic.17356790
JiangminTrojan.Yakes.jvp
AviraTR/AD.CeeInject.leoxj
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.CC
KingsoftWin32.Troj.Yakes.ps.(kcloud)
ArcabitTrojan.Generic.D108D7F6
MicrosoftTrojan:Win32/Woreflint.A!cl
GoogleDetected
McAfeeGenericRXAA-AA!D22C97B55BB2
VBA32BScope.Trojan.Tiggre
MalwarebytesMalware.AI.4294700178
RisingTrojan.Injector!8.C4 (CLOUD)
YandexTrojan.Yakes!RLxek86uWfg
IkarusTrojan.Win32.Injector
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.DOUM!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A

How to remove Malware.AI.4294700178?

Malware.AI.4294700178 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment