Malware

Malware.AI.4294915974 (file analysis)

Malware Removal

The Malware.AI.4294915974 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.4294915974 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Created a service that was not started

How to determine Malware.AI.4294915974?



File Info:

name: 54C1E0CA4D73582AC7D6.mlw
path: /opt/CAPEv2/storage/binaries/2d3a0eaf5317d9df1181c2bf0e9ce88ce74e8a388009a56ab164f3986bc452fe
crc32: 6CE72D3C
md5: 54c1e0ca4d73582ac7d6cb435259362b
sha1: 2169f6e6b54c54150dcfd5fe4579bb301c3c5c00
sha256: 2d3a0eaf5317d9df1181c2bf0e9ce88ce74e8a388009a56ab164f3986bc452fe
sha512: b88d631a26f8d2fda5f63afc4662309898dc1b7ff5a27dcc75a974f4b0ae81f0c9a1583d5273e8b76903dda8b0804ecf976f39ef50e4f81eb2b0fa333a05c8bd
ssdeep: 49152:Pz1VUFWzCJegYMfKfiVZ88kXetY0k+SvNOU3:5OLJXfmirqMMvNOU3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E0A5F12E31C59F67E0D2867E42E6E8F1D017FD93670BF673B600B38E79A92C69511602
sha3_384: 8593ce27b60699922c882058854d3bd6b29de46a946ede0b0cc132c27c7423dea92230e40fb332f5e164d648a717bd60
ep_bytes: e8f8150000e978feffff8bff558bec8b
timestamp: 2018-12-11 10:07:44


Version Info:

CompanyName: Igor Pavlov
FileDescription: 7-Zip GUI
FileVersion: 16.04
InternalName: 7zg
LegalCopyright: Copyright (c) 1999-2016 Igor Pavlov
OriginalFilename: 7zg.exe
ProductName: 7-Zip
ProductVersion: 16.04
Translation: 0x0409 0x04b0

Malware.AI.4294915974 also known as:

BkavW32.AIDetect.malware2
LionicHacktool.Win32.Krap.lKMc
Elasticmalicious (high confidence)
DrWebTrojan.Ssebot.2
MicroWorld-eScanGen:Variant.Zusy.363639
FireEyeGeneric.mg.54c1e0ca4d73582a
CAT-QuickHealTrojan.Mauvaise.SL1
ALYacGen:Variant.Zusy.363639
CylanceUnsafe
ZillyaTrojan.NetStream.Win32.244
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005340621 )
AlibabaTrojan:Win32/Emotet.158
K7GWTrojan ( 005340621 )
Cybereasonmalicious.a4d735
BitDefenderThetaGen:NN.ZexaF.34294.fs1@aCf8WKki
CyrenW32/Agent.AYH.gen!Eldorado
SymantecTrojan.SseBot
ESET-NOD32a variant of Win32/Kryptik.GUSX
TrendMicro-HouseCallRansom.Win32.SHADE.SMB.hp
Paloaltogeneric.ml
ClamAVWin.Dropper.Sodinokibi-9831364-0
KasperskyTrojan.Win32.NetStream.hnk
BitDefenderGen:Variant.Zusy.363639
NANO-AntivirusTrojan.Win32.Ssebot.fmqfkh
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.114928da
Ad-AwareGen:Variant.Zusy.363639
EmsisoftGen:Variant.Zusy.363639 (B)
ComodoTrojWare.Win32.TrojanProxy.Bunitu.PC@803hth
VIPRETrojan.Win32.Generic.pak!cobra
TrendMicroRansom.Win32.SHADE.SMB.hp
McAfee-GW-EditionGenericRXGZ-YC!54C1E0CA4D73
SophosMal/Generic-S
IkarusTrojan.Win32.Crypt
JiangminTrojan.NetStream.apb
MaxSecureTrojan.Malware.74116158.susgen
AviraHEUR/AGEN.1128430
Antiy-AVLTrojan/Generic.ASMalwS.29D9439
GridinsoftRansom.Win32.Sodinokibi.sa
MicrosoftRansom:Win32/Shade.C
ViRobotTrojan.Win32.Z.Netstream.2184968.A
GDataGen:Variant.Zusy.363639
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.R249145
Acronissuspicious
McAfeeGenericRXGZ-YC!54C1E0CA4D73
MAXmalware (ai score=83)
VBA32Trojan.NetStream
MalwarebytesMalware.AI.4294915974
APEXMalicious
YandexTrojan.GenAsa!uItAG59x8wI
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_93%
FortinetW32/Kryptik.GLWT!tr
WebrootW32.Adware.Installcore
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Malware.AI.4294915974?

Malware.AI.4294915974 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment