Malware

About “NSIS/Injector.ASH” infection

Malware Removal

The NSIS/Injector.ASH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What NSIS/Injector.ASH virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Harvests cookies for information gathering

How to determine NSIS/Injector.ASH?



File Info:

name: FBB4DA03391FE983873A.mlw
path: /opt/CAPEv2/storage/binaries/110f9f6e8ebd8769dac9f63661fa1ffd9b9471f43776ef3237aa5c0453c227cb
crc32: F1C41B55
md5: fbb4da03391fe983873ac32519903d6d
sha1: 9b256da197bcbe8bcb1e691442af799274258c1f
sha256: 110f9f6e8ebd8769dac9f63661fa1ffd9b9471f43776ef3237aa5c0453c227cb
sha512: dbaa710af2117ba33264a96f4d60359aa12b3e573105a1018d713fdc991d2300d8cdc981e5874dc57ad2c2a40ff0efcd504ac7b8527778bbae68442013826bf4
ssdeep: 6144:XYa6OpR9xyBMc+6/FSU78YxjuEcspGz7pSQYq1ydAa:XYk/9xyBMX6/FSU78YxjuX1zQQYqWH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DCB4C46E736096B8F45889B44937DC604A676C084B95C7DBB39CF32F147B9C9C20E8E6
sha3_384: 6d620153ec715c2975e2141b18a36df56e38097d713eb41f16fbd99d6e0bb9a439a60950f98548aa82ee89ed78362283
ep_bytes: 558bec81ecf40300005356576a205f33
timestamp: 2021-09-25 21:56:47


Version Info:

Comments: EGL Inc.
CompanyName: Genuity Inc.
FileDescription: VLC media player 2.1.2
FileVersion: 25.0.27
LegalCopyright: Avnet, Inc.
LegalTrademarks: Brightpoint, Inc.
ProductName: Tiffany & Co
Translation: 0x0409 0x04b0

NSIS/Injector.ASH also known as:

LionicTrojan.Win32.GuLoader.a!c
MicroWorld-eScanTrojan.GenericKD.39541773
FireEyeTrojan.GenericKD.39541773
MalwarebytesTrojan.Dropper.NSIS
SangforTrojan.Win32.GuLoader.gen
AlibabaTrojanDownloader:Win32/GuLoader.176c892f
CyrenW32/GuLoader.I.gen!Eldorado
SymantecTrojan.Gen.2
ESET-NOD32NSIS/Injector.ASH
TrendMicro-HouseCallTROJ_GEN.F0D1C00DM22
AvastNSIS:DropperX-gen [Drp]
ClamAVWin.Dropper.LokiBot-9943146-0
KasperskyHEUR:Trojan-Downloader.Win32.GuLoader.gen
BitDefenderTrojan.GenericKD.39541773
Ad-AwareTrojan.GenericKD.39541773
EmsisoftTrojan.GenericKD.39541773 (B)
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S + Mal/Inject-HC
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/GuLoader.SSS!MTB
ZoneAlarmHEUR:Trojan-Downloader.Win32.GuLoader.gen
GDataTrojan.GenericKD.39541773
McAfeeArtemis!FBB4DA03391F
MAXmalware (ai score=81)
YandexTrojan.Igent.bXR9TF.6
AVGNSIS:DropperX-gen [Drp]

How to remove NSIS/Injector.ASH?

NSIS/Injector.ASH removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment