Malware

About “NSIS/Injector.AYK” infection

Malware Removal

The NSIS/Injector.AYK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What NSIS/Injector.AYK virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config

How to determine NSIS/Injector.AYK?


File Info:

name: A0543A35D411C4E97535.mlw
path: /opt/CAPEv2/storage/binaries/15cbf6b00f606ae64173259bf0c5b623b5916903de9b97a8afcc5eb074ac49de
crc32: A0E22B1A
md5: a0543a35d411c4e97535c217f9c88d01
sha1: f47ede787329aed9d2a850dd8061f733108ecbf2
sha256: 15cbf6b00f606ae64173259bf0c5b623b5916903de9b97a8afcc5eb074ac49de
sha512: ca4ac938f7a92d8e1da278211f68467983830f26b8de3282bed9a8a671c2db07d9e5e09d6a529f9993d8c72e5ce56cf5964403a4174d8ac5f493ee22d881777f
ssdeep: 12288:OY6qE6Lrcc1aTVCwCwTHHxHHtHHinnQHHznnewiwiHnnngHH5HHXnnLHJ:OY460caLHHtHHinnQHHCnnngHHBnnLHJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16936D5F0F83AFD57F326D438A424F668C6D91091E706D07AB02AFAA455B3390255DB2F
sha3_384: f8f615d51c8926704964e8831e3fbf28175b27d43fa8c247d83df7bee390d97f2013d9660ea2c743abccf85746e8db30
ep_bytes: 558bec81ecf40300005356576a205f33
timestamp: 2021-09-25 21:56:47

Version Info:

Comments: Rbartplejesbri
CompanyName: Earvinprotestat249
FileDescription: SOFISTISKOPMRKS
FileVersion: 17.30.24
LegalCopyright: Gimmickenenurs226
LegalTrademarks: IDOLDUK
ProductName: Kaste223
Translation: 0x0409 0x04b0

NSIS/Injector.AYK also known as:

LionicTrojan.Win32.Androm.m!c
MicroWorld-eScanTrojan.GenericKD.39850644
FireEyeTrojan.GenericKD.39850644
ALYacTrojan.GenericKD.39850644
CylanceUnsafe
K7AntiVirusTrojan ( 00594a0a1 )
AlibabaTrojanDownloader:Win32/GuLoader.8cd05ebf
K7GWTrojan ( 00594a0a1 )
CyrenW32/Ninjector.CR.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32NSIS/Injector.AYK
TrendMicro-HouseCallTROJ_GEN.R002H0CFO22
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Downloader.Win32.GuLoader.gen
BitDefenderTrojan.GenericKD.39850644
AvastNSIS:InjectorX-gen [Trj]
Ad-AwareTrojan.GenericKD.39850644
EmsisoftTrojan.GenericKD.39850644 (B)
McAfee-GW-EditionArtemis
SophosGeneric ML PUA (PUA)
AviraTR/AD.Nekark.paboh
MAXmalware (ai score=83)
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Generic.D2601294
ZoneAlarmHEUR:Trojan-Downloader.Win32.GuLoader.gen
GDataWin32.Trojan-Downloader.Dunilaber.3O2CXT
CynetMalicious (score: 100)
McAfeeArtemis!A0543A35D411
MalwarebytesTrojan.GuLoader
APEXMalicious
IkarusTrojan.Inject
MaxSecureTrojan.Malware.121218.susgen
FortinetNSIS/Injector.AOW!tr
AVGNSIS:InjectorX-gen [Trj]

How to remove NSIS/Injector.AYK?

NSIS/Injector.AYK removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment