Malware

NSIS/Injector.IP (file analysis)

Malware Removal

The NSIS/Injector.IP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What NSIS/Injector.IP virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

How to determine NSIS/Injector.IP?



File Info:

name: 768840CE917F3F7ED269.mlw
path: /opt/CAPEv2/storage/binaries/06bc4f195c54242e9fa22eefe5a644c7bdf7232080e45740c102eeecef42dc0c
crc32: 39EBCAEB
md5: 768840ce917f3f7ed269146760f446c2
sha1: 4a3fc97db6164d7e1e76dde08f48cb2d1fc0ca82
sha256: 06bc4f195c54242e9fa22eefe5a644c7bdf7232080e45740c102eeecef42dc0c
sha512: 7549d99cc528206634bc767d67b97c68bbdaa8494d02b89ad923e0fae0835d5369a98c1cea4e5b482fa68db2e3ea967659d60f1ed04715f8e60e2e95b09a449d
ssdeep: 24576:bavMhUpAM8qpEZiE4MN0E7SEA9gR/wlAaJ3n20nR9gZt1VBoD/U:xhMApqKZsM+ySrVlAYnAZtB2/U
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T107252318B397C5EFC9B16A700938576766385F2C15F7E23B33068E5228664E6B937B03
sha3_384: 678fbf160b51be6be72b1ec490d0e982431c136f21bb69a414ce05192e3a7e9083ff33fdd1e83c2a6ea3a8dfbc16bb75
ep_bytes: 81ecd40200005356576a205f33db6801
timestamp: 2016-07-25 00:55:51


Version Info:

Comments: This installer was built with NSIS and cross-compiling to MinGW.
CompanyName: http://lynx.isc.org
FileDescription: Lynx Installer (MinGW)
FileVersion: 2.8.8rel.2
InternalName: setup-Lynx-2.8.8rel.2.exe
LegalCopyright: © 1997-2013,2014, Thomas E. Dickey
ProductName: Lynx
ProductVersion: 2.8.8rel.2
Translation: 0x0409 0x04b0

NSIS/Injector.IP also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Encoder.858
MicroWorld-eScanTrojan.Ransom.Cerber.DV
FireEyeGeneric.mg.768840ce917f3f7e
ALYacTrojan.Ransom.Cerber.DV
CylanceUnsafe
ZillyaTrojan.Generic.Win32.1054616
SangforTrojan.Win32.GenericKD.3
K7AntiVirusTrojan ( 0055e4081 )
AlibabaTrojan:Win32/Injector.7006a399
K7GWTrojan ( 0055e4081 )
Cybereasonmalicious.e917f3
SymantecRansom.Troldesh
ESET-NOD32NSIS/Injector.IP
TrendMicro-HouseCallRansom_TROLDESH.BZG
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Ransom.Cerber.DV
NANO-AntivirusTrojan.Win32.Shade.eikqfc
ViRobotTrojan.Win32.S.Agent.965918
AvastWin32:Trojan-gen
TencentWin32.Trojan.Dropper.Ahym
EmsisoftTrojan.NSIS.Injector (A)
F-SecureTrojan.TR/Dropper.Gen
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_TROLDESH.BZG
McAfee-GW-EditionBehavesLike.Win32.Browser.dc
SophosMal/Generic-R + Troj/Xtbl-N
WebrootW32.Trojan.Ransom
AviraTR/Dropper.Gen
Antiy-AVLTrojan[Ransom]/Win32.Shade
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Skeeyah.A!rfn
SUPERAntiSpywareRansom.Locky/Variant
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.Ransom.Cerber.DV
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Cerber.R189810
McAfeeRDN/Ransom.bj
MAXmalware (ai score=100)
VBA32Trojan-Ransom.Shade
MalwarebytesGeneric.Malware/Suspicious
APEXMalicious
FortinetW32/Injector.IK!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove NSIS/Injector.IP?

NSIS/Injector.IP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment