Malware

Should I remove “AIT.Heur.Injector.1.E7E423DC.Gen”?

Malware Removal

The AIT.Heur.Injector.1.E7E423DC.Gen is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AIT.Heur.Injector.1.E7E423DC.Gen virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Behavioural detection: Transacted Hollowing
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • CAPE detected the NanoCore malware family
  • Binary file triggered YARA rule
  • Deletes executed files from disk
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine AIT.Heur.Injector.1.E7E423DC.Gen?



File Info:

name: 03E42A579391C7BD28FC.mlw
path: /opt/CAPEv2/storage/binaries/62847bc1073a33a7444a21feb0d2493214a9bbf6e4b5a88309a7de9832fb574f
crc32: E84E3347
md5: 03e42a579391c7bd28fc08bff20b4c16
sha1: 80b9c523ed664222baf2186531e1ef71f9e00361
sha256: 62847bc1073a33a7444a21feb0d2493214a9bbf6e4b5a88309a7de9832fb574f
sha512: 9a51edc0cbec4c56359d3366ad4f679fee80b568b34a86fbf90f53909270feb08b6001356a0d7ef0ff7814d254430df22ff76e33e5423b49f7e6f3dfc7e8ff8a
ssdeep: 24576:6AHnh+eWsN3skA4RV1Hom2KXMmHaYDBNkmBRGEMdSR5ADIAsG/jJ45+:Nh+ZkldoPK8YaZSeIAm+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A3659E43B39DC2ADFE5652B3FA3562F246785F27C122401F32D8BD6C79710A9122D6E2
sha3_384: dd54ffb2f509c3288b7e51e9d9d0cefc98dd319eac9d2506e0d69d08ba042c13c3e1427e33638dd619fc50995d0f32c0
ep_bytes: e8c8d00000e97ffeffffcccccccccccc
timestamp: 2019-02-08 15:41:38


Version Info:

Translation: 0x0809 0x04b0

AIT.Heur.Injector.1.E7E423DC.Gen also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanAIT.Heur.Injector.1.E7E423DC.Gen
FireEyeGeneric.mg.03e42a579391c7bd
SkyhighBehavesLike.Win32.TrojanAitInject.th
Cylanceunsafe
SangforVirus.Win32.Save.a
K7AntiVirusTrojan ( 00548c581 )
AlibabaVirTool:Win32/AutInject.370601c6
K7GWTrojan ( 00548c581 )
BitDefenderThetaAI:Packer.80DAC57717
VirITTrojan.Win32.Genus.PFS
SymantecTrojan.Gen.2
tehtrisGeneric.Malware
ESET-NOD32multiple detections
APEXMalicious
TrendMicro-HouseCallTrojan.AutoIt.CRYPTINJECT.SMA
AvastAutoIt:Injector-JF [Trj]
ClamAVWin.Dropper.Nanocore-9988552-0
KasperskyBackdoor.MSIL.NanoBot.bgub
BitDefenderAIT.Heur.Injector.1.E7E423DC.Gen
TencentMsil.Backdoor.Nanobot.Ogil
EmsisoftAIT.Heur.Injector.1.E7E423DC.Gen (B)
F-SecureHeuristic.HEUR/AGEN.1320368
DrWebTrojan.Siggen19.53220
VIPREAIT.Heur.Injector.1.E7E423DC.Gen
TrendMicroTrojan.AutoIt.CRYPTINJECT.SMA
SophosMal/AuItInj-A
VaristW32/AutoIt.IA.gen!Eldorado
AviraHEUR/AGEN.1320368
MAXmalware (ai score=86)
Antiy-AVLTrojan[Injector]/Win32.Autoit
KingsoftWin32.Hack.Undef.a
MicrosoftVirTool:Win32/AutInject!pz
ArcabitAIT.Heur.Injector.1.E7E423DC.Gen [many]
ZoneAlarmBackdoor.MSIL.NanoBot.bgub
GDataAIT.Heur.Injector.1.E7E423DC.Gen (2x)
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/AutoInj.Exp
McAfeeArtemis!03E42A579391
GoogleDetected
VBA32Backdoor.MSIL.NanoBot
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
IkarusTrojan.Autoit
MaxSecureTrojan.Malware.300983.susgen
AVGAutoIt:Injector-JF [Trj]
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/AutInject

How to remove AIT.Heur.Injector.1.E7E423DC.Gen?

AIT.Heur.Injector.1.E7E423DC.Gen removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment