About "Trojan.Win32.Injuke.bzju" infection

The Trojan.Win32.Injuke.bzju is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.Injuke.bzju virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (3 unique times)
Creates RWX memory
At least one IP Address, Domain, or File Name was found in a crypto call
Performs some HTTP requests
Unconventionial language used in binary resources: Slovenian
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Checks for the presence of known windows from debuggers and forensic tools
Installs itself for autorun at Windows startup
Attempts to identify installed AV products by installation directory
Checks the CPU name from registry, possibly for anti-virtualization
Detects VirtualBox through the presence of a registry key
Anomalous binary characteristics

Related domains:

iplogger.org

leatherbond.top

ip-api.com

How to determine Trojan.Win32.Injuke.bzju?


File Info:
crc32: 7E6EBBB4
md5: 2b5aae460b5f2c2f3457f2dfd611f406
name: 2B5AAE460B5F2C2F3457F2DFD611F406.mlw
sha1: 8e05e84c77b4e15a3074428137a6fb51d731fd88
sha256: 38c800c0a1e910c13c99b52e67e13166e5ba08eb8e3d8d6813040c2cf557a041
sha512: 77bab5a36742fdc3014e9896ef0d1952975ec7446054002f784ce7f63b0c02f61ee191d14d96fd16527dd86e552993e2b84558dcc724392382428d8fd8edfdda
ssdeep: 12288:x9nR+ZtWv5s23AtY64ABteFIJmr8u64jsRlSqRHLoge6d4bHz:x9US5s2wtfftWrXjsDSFo4P
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
InternalSurname: reboud.exe
Product: 1.7.6
FileVersions: 1.0.5.4
LegalCo: Copyri (C) 2019, patritions
Translation: 0x5539 0x00fa

Trojan.Win32.Injuke.bzju also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.35846150
FireEye	Generic.mg.2b5aae460b5f2c2f
ALYac	Trojan.GenericKD.35846150
Cylance	Unsafe
AegisLab	Trojan.Multi.Generic.4!c
Sangfor	Malware
K7AntiVirus	Trojan ( 0057533c1 )
BitDefender	Trojan.GenericKD.35846150
K7GW	Trojan ( 0057533c1 )
Cybereason	malicious.c77b4e
BitDefenderTheta	Gen:NN.ZexaF.34700.RmGfaayUDElc
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HIKN
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Injuke.bzju
Alibaba	Trojan:Win32/Injuke.8a1c9dbc
ViRobot	Trojan.Win32.Z.Undef.705536.A
Tencent	Win32.Trojan.Injuke.Hrze
Ad-Aware	Trojan.GenericKD.35846150
Emsisoft	Trojan.GenericKD.35846150 (B)
F-Secure	Trojan.TR/AD.AHKInfoSteal.yotjv
DrWeb	Trojan.Siggen11.56472
McAfee-GW-Edition	BehavesLike.Win32.PWSBanker.jc
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Crypt
Avira	TR/AD.AHKInfoSteal.yotjv
MAX	malware (ai score=86)
Kingsoft	Win32.Troj.Injuke.bz.(kcloud)
Microsoft	Trojan:Win32/Azorult.FW!MTB
Gridinsoft	Trojan.Win32.Packed.oa
Arcabit	Trojan.Generic.D222F806
AhnLab-V3	Trojan/Win32.RL_Kryptik.R360326
ZoneAlarm	Trojan.Win32.Injuke.bzju
GData	Trojan.GenericKD.35846150
Cynet	Malicious (score: 100)
McAfee	RDN/RedLineStealer
VBA32	BScope.Backdoor.Agent
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/GdSda.A
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_97%
Fortinet	W32/Kryptik.HFSR!tr
AVG	Win32:PWSX-gen [Trj]
Avast	Win32:PWSX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Trojan.Win32.Injuke.bzju?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About “Trojan.Win32.Injuke.bzju” infection