Malware

How to remove “NSIS/Injector.HF”?

Malware Removal

The NSIS/Injector.HF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What NSIS/Injector.HF virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Starts servers listening on 127.0.0.1:32767, 127.0.0.1:32768
  • Reads data out of its own binary image
  • Queries information on disks, possibly for anti-virtualization
  • Attempts to remove evidence of file being downloaded from the Internet
  • Executed a process and injected code into it, probably while unpacking
  • A process attempted to delay the analysis task by a long amount of time.
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Clears Windows events or logs
  • Creates a copy of itself
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent file extensions from being displayed
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine NSIS/Injector.HF?



File Info:

crc32: E95AB515
md5: 9ad9a8d1ba6c0440edaafe81b7934db2
name: 9AD9A8D1BA6C0440EDAAFE81B7934DB2.mlw
sha1: 8bba2a011f72d2016b65d3c4e9e7cbee9a4cf27f
sha256: 0c22dbc5e7f67c0bbd1cccc57472b03ce4f9da81e3e5a2d90309e382021e3831
sha512: 6faa0b8000d6969fa3997ace614737b0981b33d448c64b3a1a4d2525773b41bae3afb6925b721b82e1b992bad33934d3906a5d3ac291b1ade9a2e13459548443
ssdeep: 6144:0W+7+eMnFVjJetPYvAP7mAYFkrhUerTti0lvUWDYuxwivrQyASsUm90pBLi5Fc7U:0RuFVNe6lAYFkrhRNlvUHuxw0rQtSsth
type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive


Version Info:

LegalCopyright: (C) 2016 Oracle
InternalName: VBoxWindowsAdditions-x86.exe
FileVersion: VBox 5.0.1.0
CompanyName: Oracle
ProductName: VBox Guest Additions
ProductVersion: 5.0.1.0
FileDescription: VBox Guest Additions
Translation: 0x040c 0x04e4

NSIS/Injector.HF also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 004fb47d1 )
DrWebTrojan.DownLoader23.11526
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Generic
ALYacGen:Variant.Ransom.2019
CylanceUnsafe
ZillyaTrojan.GenericKD.Win32.128264
SangforBackdoor.Win32.Konus.8
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaTrojan:Win32/Injector.16b77291
K7GWTrojan ( 004fb47d1 )
Cybereasonmalicious.1ba6c0
SymantecML.Attribute.HighConfidence
ESET-NOD32NSIS/Injector.HF
APEXMalicious
AvastWin32:Malware-gen
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Ransom.2019
NANO-AntivirusTrojan.Win32.Blocker.eijwlg
SUPERAntiSpywareRansom.Locky/Variant
MicroWorld-eScanGen:Variant.Ransom.2019
TencentWin32.Trojan.Generic.Hxgj
Ad-AwareGen:Variant.Ransom.2019
SophosMal/Generic-R + Mal/Miuref-L
ComodoMalware@#3prpg41gdkyx7
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_NSISRansom.SM001
McAfee-GW-EditionBehavesLike.Win32.Dropper.fc
FireEyeGen:Variant.Ransom.2019
EmsisoftGen:Variant.Ransom.2019 (B)
WebrootTrojan.Dropper.Gen
AviraHEUR/AGEN.1102533
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftBackdoor:Win32/Konus.A
ArcabitTrojan.Ransom.D7E3
AegisLabTrojan.Win32.Generic.4!c
GDataGen:Variant.Ransom.2019
TACHYONRansom/W32.Blocker.392130
AhnLab-V3Trojan/Win32.Locky.C1614510
McAfeeArtemis!9AD9A8D1BA6C
MAXmalware (ai score=89)
VBA32Trojan.Downloader
MalwarebytesRansom.Cerber
PandaTrj/CI.A
TrendMicro-HouseCallRansom_NSISRansom.SM001
FortinetW32/Injector.HC!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Ransom.e0e

How to remove NSIS/Injector.HF?

NSIS/Injector.HF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment