Trojan

About “Trojan.Win32.Injuke.fpuy” infection

Malware Removal

The Trojan.Win32.Injuke.fpuy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Injuke.fpuy virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to modify desktop wallpaper
  • Collects and encrypts information about the computer likely to send to C2 server
  • CAPE detected the WarzoneRAT malware family
  • Attempts to modify Windows Defender using PowerShell
  • Accesses or creates Warzone RAT directories and/or files
  • Anomalous binary characteristics

How to determine Trojan.Win32.Injuke.fpuy?



File Info:

name: 813BBED797DFE5DBE16C.mlw
path: /opt/CAPEv2/storage/binaries/88381f10831ca656242abee7667e6d03b8a9d13a82c5565191aa3181e23eff90
crc32: CA7DA2CC
md5: 813bbed797dfe5dbe16ce182196bd552
sha1: 3e5360925c501fd14bc926265e17fe0df3901512
sha256: 88381f10831ca656242abee7667e6d03b8a9d13a82c5565191aa3181e23eff90
sha512: da9498935605aa8dd4b1a27d9a9abb56cee1f4916741e6c525dbfe21a5b68f28b2c9856d3f40d8ab431b982c224d6653dea4c03ffc2dc48ac4f6892c3adaff2f
ssdeep: 6144:VcoxXHCuxvHVbpiyGG0CVE1y0QkSCFx7CbO/Xw+tfjY8E05X1xA20i+kyY9TcqgG:W8HCsHV9Qy0H9mrJPFozXJB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T162B5A564A3E62101E597AB7F72B08B94C56E3C019C6DA78F4D460AC6CA3E3F475086F7
sha3_384: 1541f0d119ac922931f33a23c1eb96352f858c83f4c6242edd105eff60bd97e160ea4cb08b955b4a63c4fd39aa1d2c15
ep_bytes: e8fc030000e98efeffffff2538a34200
timestamp: 2022-07-28 12:21:25


Version Info:

CompanyName: Microsoft Corporation
FileDescription: circ Module
FileVersion: 1, 0, 0, 1
InternalName: CIRC
LegalCopyright: © Microsoft Corporation.  All rights reserved.
OriginalFilename: CIRC.DLL
ProductName: circ Module
ProductVersion: 1, 0, 0, 1
Translation: 0x0409 0x04b0

Trojan.Win32.Injuke.fpuy also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanTrojan.GenericKD.61131483
FireEyeTrojan.GenericKD.61131483
CAT-QuickHealTrojan.Multi
McAfeeGenericRXTU-CK!813BBED797DF
CylanceUnsafe
VIPREGen:Variant.Strictor.274620
SangforTrojan.Win32.Injuke.Ven7
K7AntiVirusRiskware ( 00584baa1 )
AlibabaTrojan:Win32/Injuke.30718c3d
K7GWRiskware ( 00584baa1 )
Cybereasonmalicious.797dfe
CyrenW32/ABRisk.LEEI-3509
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Agent.TJS
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Injuke.fpuy
BitDefenderTrojan.GenericKD.61131483
AvastWin32:ExploitX-gen [Expl]
TencentWin32.Trojan.Injuke.Dxct
Ad-AwareTrojan.GenericKD.61131483
ComodoMalware@#2nflj0wqgyxs5
DrWebTrojan.PWS.Maria.3
TrendMicroTROJ_GEN.R002C0WGV22
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
GDataTrojan.GenericKD.61131483
JiangminTrojan.Injuke.pfh
WebrootW32.Injuke.fpuy
AviraTR/Agent.jkvzl
Antiy-AVLTrojan/Generic.ASMalwS.1F6B
KingsoftWin32.Troj.Injuke.fp.(kcloud)
MicrosoftTrojan:Win32/TrickbotCrypt.SS!MTB
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Generic.C5216537
BitDefenderThetaGen:NN.ZexaE.34582.rE0@aOK3Pzei
ALYacTrojan.GenericKD.61131483
MAXmalware (ai score=89)
VBA32BScope.TrojanSpy.AveMaria
MalwarebytesTrojan.Crypt
TrendMicro-HouseCallTROJ_GEN.R002C0WGV22
RisingExploit.ShellCode!8.2A (C64:YzY0OgUnnij8HU6hzg)
IkarusTrojan.Win32.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HBUQ!tr
AVGWin32:ExploitX-gen [Expl]
PandaTrj/RnkBend.A
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Trojan.Win32.Injuke.fpuy?

Trojan.Win32.Injuke.fpuy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment