Categories: Malware

Sf:Injector-AP [Trj] removal tips

The Sf:Injector-AP [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Sf:Injector-AP [Trj] virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Enumerates the modules from a process (may be used to locate base addresses in process injection)
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Sf:Injector-AP [Trj]?


File Info:
name: 2654DD8E853C5665E738.mlwpath: /opt/CAPEv2/storage/binaries/aab2a51021ce6ced8fc530468f995684556e7b4fbe18a6a05d52739c1641890acrc32: F629BD69md5: 2654dd8e853c5665e738409e94b0dec9sha1: 71edf11bb48ce0e41b0d532f72dd1436c6a9dd5bsha256: aab2a51021ce6ced8fc530468f995684556e7b4fbe18a6a05d52739c1641890asha512: a36d0240a7bd8469e870b282e30e67cac1176b5e0cd70fad4e85fd7f92734b21ea4529753afe47da38f0caffffcbb76c9497b337ed87384e2d3975c3e64d8caessdeep: 6144:XAmQQ7/pjykp5+BVPEAEKd1vgmFv6KZf7iMcQCJwvAynaN0mHU766t2EUHEnH+x:XZ7/RpsVPEAXIc66fa+AyI07dikH+xtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1899423C5EB4284F6D818043C182AB922E9E6B5355CD98A1D71DDC0637C932CBF8BBD1Bsha3_384: 9356eb83615b60a3829fdf3d1c12d2010348dc342321a300251022116cb20f4bbf5e72eb4a92b05f56eee1fa697bf4beep_bytes: ff250020400000000000000000000000timestamp: 2031-10-04 20:27:26
Version Info:
Translation: 0x0000 0x04b0FileDescription: sedBfxanXYZuFileVersion: 8576InternalName: yLBWCQ.exeLegalCopyright:  OriginalFilename: yLBWCQ.exeProductVersion: 8576Assembly Version: 3456.0.0.0

Sf:Injector-AP [Trj] also known as:

Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Panda.5676
MicroWorld-eScan	Gen:Heur.MSIL.Androm.1
CAT-QuickHeal	TrojanPWS.Zbot.D3
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 700000121 )
K7GW	Trojan ( 700000121 )
Cybereason	malicious.e853c5
BitDefenderTheta	Gen:NN.ZemsilF.34606.zm2@amaRkIl
VirIT	Trojan.Win32.Dropper.II
Cyren	W32/MSIL_Troj.DX.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Spy.Zbot.AAU
TrendMicro-HouseCall	TSPY_ZBOT.SMDN1
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Heur.MSIL.Androm.1
NANO-Antivirus	Trojan.Win32.Panda.fccmfv
SUPERAntiSpyware	Trojan.Agent/Gen-Spy
Avast	Sf:Injector-AP [Trj]
Tencent	Malware.Win32.Gencirc.10b2e673
Ad-Aware	Gen:Heur.MSIL.Androm.1
Emsisoft	Gen:Heur.MSIL.Androm.1 (B)
Comodo	TrojWare.MSIL.Injector.SQUD@5gqu3x
F-Secure	Trojan.TR/Yakes.gxtis
Baidu	MSIL.Trojan.Injector.a
TrendMicro	TSPY_ZBOT.SMDN1
McAfee-GW-Edition	BehavesLike.Win32.Generic.gc
FireEye	Generic.mg.2654dd8e853c5665
Sophos	ML/PE-A + Troj/Msil-ANY
Ikarus	Trojan.Yakes
GData	Gen:Heur.MSIL.Androm.1
Jiangmin	Trojan/Inject.atgv
Avira	TR/Yakes.gxtis
Antiy-AVL	Trojan/Generic.ASMalwS.C5C3DD
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Trojan:Script/Phonzy.A!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Agent.R121063
Acronis	suspicious
McAfee	PWSZbot-FAEN!2654DD8E853C
MAX	malware (ai score=85)
VBA32	Trojan.Inject
Malwarebytes	Trojan.Zbot
APEX	Malicious
Rising	Trojan.Generic/MSIL@AI.97 (RDM.MSIL:meHefTv3taXuBMOz5waa/g)
Yandex	Trojan.Inject!+HumolzrwVY
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	PossibleThreat
AVG	Sf:Injector-AP [Trj]
Panda	Trj/Zbot.AB
CrowdStrike	win/malicious_confidence_100% (D)