Risk

RiskWare.Injector.FlyStudio removal

Malware Removal

The RiskWare.Injector.FlyStudio is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What RiskWare.Injector.FlyStudio virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Uses suspicious command line tools or Windows utilities

How to determine RiskWare.Injector.FlyStudio?



File Info:

name: EC0E79D17D0CA816DE23.mlw
path: /opt/CAPEv2/storage/binaries/b713bc85104337308533ac4f806f63299214c3240a7c183c4f6789f5de82a2fc
crc32: E87013F2
md5: ec0e79d17d0ca816de23bfe62f8782aa
sha1: d3bf1e3f93f7019c9f0a10d8cf3896cef5fd6b58
sha256: b713bc85104337308533ac4f806f63299214c3240a7c183c4f6789f5de82a2fc
sha512: e60ecb6c75fc728b05d58a67d2fae5789ac5b19b080546a329ce6975d45b9b25b6e93c4253f3976d5cbc3cbb21e4fbff7455c297e27b03cb3f92e5c4560b0735
ssdeep: 49152:n3qq0qGtyiR/VcJoFpBl/PJ5eglzAZUnK:tGtyiV+JoFDFJ5JlC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T158063A333018EC91D5082F3BA1C65A352DF21A547879C56BFB64AE26BDB04139B2F74E
sha3_384: 6a2eb03e061ee1991af7925bf6dd439eb902ac367ed6b4368db51196ed11466971c6d903b2e89ac6f1a3de167f047a54
ep_bytes: 558bec6aff6820a8750068b419660064
timestamp: 2021-12-09 09:25:22


Version Info:

FileVersion: 1.0.0.0
FileDescription: sd
ProductName: e213
ProductVersion: 1.0.0.0
CompanyName: 123
LegalCopyright: 1sda
Comments: ewr
Translation: 0x0804 0x04b0

RiskWare.Injector.FlyStudio also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.395055
ALYacGen:Variant.Zusy.395055
CylanceUnsafe
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005246d51 )
CyrenW32/Agent.EW.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/FlyStudio.Injector.D potentially unwanted
APEXMalicious
ClamAVWin.Dropper.Tiggre-9845940-0
BitDefenderGen:Variant.Zusy.395055
AvastWin32:MiscX-gen [PUP]
Ad-AwareGen:Variant.Zusy.395055
SophosGeneric ML PUA (PUA)
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
McAfee-GW-EditionBehavesLike.Win32.Generic.wh
FireEyeGeneric.mg.ec0e79d17d0ca816
EmsisoftGen:Variant.Zusy.395055 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.12FI8JT
JiangminTrojanDownloader.Upatre.akvy
AviraHEUR/AGEN.1133732
Antiy-AVLTrojan/Generic.ASCommon.FA
ArcabitTrojan.Zusy.D6072F
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Gen.Reputation.C4307643
MAXmalware (ai score=89)
VBA32BScope.Trojan.Downloader
MalwarebytesRiskWare.Injector.FlyStudio
RisingMalware.Heuristic!ET#98% (RDMK:cmRtazpwfN4f3P6BQQ+zd8lwnjhT)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.65CA!tr
BitDefenderThetaGen:NN.ZexaF.34062.Ht0@aKXPiylb
AVGWin32:MiscX-gen [PUP]
Cybereasonmalicious.17d0ca

How to remove RiskWare.Injector.FlyStudio?

RiskWare.Injector.FlyStudio removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment