Malware

Should I remove “Malware.AI.438758471”?

Malware Removal

The Malware.AI.438758471 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.438758471 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • CAPE detected the Formbook malware family
  • Uses suspicious command line tools or Windows utilities

How to determine Malware.AI.438758471?



File Info:

name: 851DFA1D7B84F4398C71.mlw
path: /opt/CAPEv2/storage/binaries/46c6e99d59ab3164c5150d2f938c78330377a7afb81dd6d76b78eb0517bae6a9
crc32: F4188400
md5: 851dfa1d7b84f4398c714d0b69c4d881
sha1: fd9affad371a3d953f62d683e4f6cffc95c3b037
sha256: 46c6e99d59ab3164c5150d2f938c78330377a7afb81dd6d76b78eb0517bae6a9
sha512: 2deca5920319d8f00de921460801dc82b0a155f5cc43c32396b1b08213514a6427922ca63c177cdb86eff46935999bb7e2eaf8dcd7e810400e09aeeeef530f6d
ssdeep: 6144:jGiNJ2rmgva5Pq4H+luH/58qmeUh5ZBwPwD0ZBUa:n2SgvJE+luHqh/BwPwD0Aa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19C74121EE3D10C5BE6E11B3019BB1DB4E3FBFEB42A71A90256157D3B5BB3287291A011
sha3_384: c95435422733df9382da33712b7d25c8274fb65187c301df3ec8b2d61cc84b0cc25fc1d5fa51614c46cb3e801c98d9e3
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2008-10-10 21:49:01


Version Info:

0: [No Data]

Malware.AI.438758471 also known as:

LionicTrojan.Win32.Inject.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.47569180
FireEyeTrojan.GenericKD.47569180
CAT-QuickHealTrojanspy.Noon
ALYacTrojan.GenericKD.47569180
CylanceUnsafe
ZillyaTrojan.Noon.Win32.22236
K7AntiVirusTrojan ( 0058b69a1 )
AlibabaTrojanSpy:Win32/SpyNoon.6d320aa8
K7GWTrojan ( 0058b69a1 )
Cybereasonmalicious.d7b84f
VirITTrojan.Win32.PSWStealer.DDW
CyrenW32/Injector.ANJ.gen!Eldorado
SymantecPacked.Generic.606
ESET-NOD32Win32/Formbook.AA
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Inject.anzcs
BitDefenderTrojan.GenericKD.47569180
NANO-AntivirusTrojan.Win32.Noon.jklzmu
SUPERAntiSpywareTrojan.Agent/Gen-Siggen
AvastWin32:PWSX-gen [Trj]
TencentWin32.Trojan.Inject.Dxwn
Ad-AwareTrojan.GenericKD.47569180
EmsisoftTrojan.GenericKD.47569180 (B)
ComodoMalware@#2udqugtj4m6bw
DrWebTrojan.Siggen15.63195
TrendMicroTrojanSpy.Win32.NOON.UHBAZCLQW
McAfee-GW-EditionRDN/Generic PWS.y
SophosMal/Generic-S + Troj/Formbo-BRB
IkarusTrojan.NSIS.Agent.S
JiangminTrojan.Inject.cckj
AviraTR/Agent.yue
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/SpyNoon.SM!MTB
ViRobotTrojan.Win32.Z.Noon.343040
GDataWin32.Trojan-Stealer.FormBook.66Q5OL
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4817289
McAfeeRDN/Generic PWS.y
MAXmalware (ai score=88)
VBA32TrojanSpy.Noon
MalwarebytesMalware.AI.438758471
TrendMicro-HouseCallTrojanSpy.Win32.NOON.UHBAZCLQW
RisingTrojan.Injector!8.C4 (CLOUD)
YandexTrojan.Igent.bXeYVv.27
FortinetW32/Kryptik.D881!tr
AVGWin32:PWSX-gen [Trj]
PandaTrj/WLT.G
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.11973.susgen

How to remove Malware.AI.438758471?

Malware.AI.438758471 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment