Trojan

Trojan.Win32.Inject.anzau (file analysis)

Malware Removal

The Trojan.Win32.Inject.anzau is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Inject.anzau virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • CAPE detected the Formbook malware family
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.Win32.Inject.anzau?



File Info:

name: B775EB8BA875EFB94655.mlw
path: /opt/CAPEv2/storage/binaries/ebae4c196d8a58491f149c1f561b8dfcb7286b5b5e14ee85bd2393a968a498b9
crc32: 9AA20EF0
md5: b775eb8ba875efb94655af48abd24591
sha1: 997519e42fc9369f98b4839c0d74e9557d3dbea7
sha256: ebae4c196d8a58491f149c1f561b8dfcb7286b5b5e14ee85bd2393a968a498b9
sha512: 88fd1c1a4672b260f11914906122721cc64948d2fd5080a8cfd832baee7d8ba513c4178fc7afdc6166dce8ab3e8868a2d7e910a5cd8b1d4ec775ace5f56bfdc0
ssdeep: 6144:rGiG9xDwpAZS3oCensOPbX/0Z6JQDuUkH+iB7CsvJamJFOSQ6YFUonGwiDRY1:69xBZRzsmMZ5KUkeiBeWJaEg16YyoGwz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T147642343BAC240EBE6B15A386873D77CFF79868406740C037B953FA63AB53D7450A2A1
sha3_384: 70e3af725c910999822ad68b8e9b50ed83bd74677fb1c5fcae771355426a6cba6614001d1d63d45b243c04e180196854
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2008-10-10 21:49:01


Version Info:

0: [No Data]

Trojan.Win32.Inject.anzau also known as:

LionicTrojan.Win32.Noon.l!c
ALYacTrojan.GenericKD.38227075
MalwarebytesMalware.AI.2951221103
SangforTrojan.Win32.Injector.EQSH
K7AntiVirusTrojan ( 0058b85d1 )
AlibabaTrojanSpy:Win32/Lokibot.87aa5e40
K7GWTrojan ( 0058b85d1 )
Cybereasonmalicious.ba875e
CyrenW32/Injector.AQQ.gen!Eldorado
SymantecPacked.Generic.606
ESET-NOD32a variant of Win32/Injector.EQSH
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Inject.anzau
BitDefenderTrojan.GenericKD.38227075
NANO-AntivirusTrojan.Win32.Inject.jivuxo
ViRobotTrojan.Win32.Z.Injector.316607
MicroWorld-eScanTrojan.GenericKD.38227075
AvastWin32:PWSX-gen [Trj]
TencentNsis.Trojan.Nsisx.Pfsv
Ad-AwareTrojan.GenericKD.38227075
EmsisoftTrojan.GenericKD.38227075 (B)
ComodoTrojWare.Win32.UMal.hdxyh@0
DrWebTrojan.Siggen16.2552
ZillyaTrojan.Noon.Win32.22344
TrendMicroTROJ_FRS.VSNTL921
McAfee-GW-EditionRDN/GenericM
FireEyeTrojan.GenericKD.38227075
SophosMal/Generic-S + Troj/Formbo-BUH
GDataWin32.Trojan-Stealer.FormBook.3CEDL7
WebrootW32.Trojan.Nsisx.Spy.Gen
AviraTR/Injector.tlscv
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Generic.D2474C83
MicrosoftTrojan:Win32/Lokibot.VALC!MTB
AhnLab-V3Trojan/Win.Generic.C4826980
McAfeeRDN/GenericM
MAXmalware (ai score=83)
VBA32TrojanSpy.Noon
CylanceUnsafe
TrendMicro-HouseCallTROJ_FRS.VSNTL921
IkarusTrojan.NSIS.Agent
FortinetW32/Injector.EQTC!tr
AVGWin32:PWSX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Win32.Inject.anzau?

Trojan.Win32.Inject.anzau removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment