Trojan

Trojan:Win32/CryptInject.APR!MTB malicious file

Malware Removal

The Trojan:Win32/CryptInject.APR!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/CryptInject.APR!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • CAPE detected the Formbook malware family

How to determine Trojan:Win32/CryptInject.APR!MTB?



File Info:

name: 00F6B12EB5E9F063938B.mlw
path: /opt/CAPEv2/storage/binaries/99e25501d1c736865e766fe4e347cda8817f4005be1d7b0c336451b89be71ed2
crc32: 990949E4
md5: 00f6b12eb5e9f063938b604f05a71a5a
sha1: 5a62549b2a9083e653a7e9ea9d82cba8871c62ae
sha256: 99e25501d1c736865e766fe4e347cda8817f4005be1d7b0c336451b89be71ed2
sha512: d20f6ef4d11210bf3048fc144901afa37981063915ea52812d193c277230b11cfdd86e5e98246476054f4ea012c8e7a7e2bf5d0623ec41c959aaf628a167aed6
ssdeep: 6144:rGiNdUPTGkn+FFyQKadQZV4AXUHfay8jt8mEN2o8ld57rQZJSOI:hdUPTn+FTKzZGAXUHfCjt8H8ld5IZJSn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CC54125F5BD46873E58AA0702973F233E77EDAC40394091B1FB90E8E5D39263C96B192
sha3_384: 383d6702e2b8f6bf483aed67b14fc77bb148338187bebf9f335ded1219110653d5d9d5a7f7f94b2d8410247e6f0415d4
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2008-10-10 21:49:01


Version Info:

0: [No Data]

Trojan:Win32/CryptInject.APR!MTB also known as:

LionicTrojan.Win32.Androm.4!c
DrWebTrojan.Siggen15.43261
MicroWorld-eScanTrojan.GenericKD.38057313
FireEyeTrojan.GenericKD.38057313
ALYacTrojan.GenericKD.38057313
MalwarebytesTrojan.Injector
SangforTrojan.Win32.Sabsik.FL
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanSpy:Win32/CryptInject.134b8b4b
K7GWTrojan ( 0058a7df1 )
K7AntiVirusTrojan ( 0058a7df1 )
CyrenW32/Injector.APR.gen!Eldorado
SymantecPacked.Generic.606
ESET-NOD32a variant of Win32/Injector.EQOG
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Dropper.Win32.Nuldrop.gen
BitDefenderTrojan.GenericKD.38057313
ViRobotTrojan.Win32.Z.Injector.302371
AvastWin32:InjectorX-gen [Trj]
TencentWin32.Trojan-spy.Noon.Fry
Ad-AwareTrojan.GenericKD.38057313
EmsisoftTrojan.GenericKD.38057313 (B)
ComodoTrojWare.Win32.UMal.cvmty@0
ZillyaTrojan.Noon.Win32.22031
TrendMicroTROJ_FRS.VSNTKH21
McAfee-GW-EditionRDN/Generic.cf
SophosMal/Generic-S
IkarusTrojan.NSIS.Agent
GDataWin32.Trojan.PSE.1DELEOK
WebrootW32.Trojan.Tnega
AviraTR/Injector.mqxhe
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftTrojan.Win32.Downloader.sa
MicrosoftTrojan:Win32/CryptInject.APR!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4774724
McAfeeRDN/Generic.cf
MAXmalware (ai score=88)
VBA32TrojanSpy.Noon
CylanceUnsafe
TrendMicro-HouseCallTROJ_FRS.VSNTKH21
FortinetW32/Kryptik.AQK!tr
AVGWin32:InjectorX-gen [Trj]
Cybereasonmalicious.eb5e9f
PandaTrj/CI.A

How to remove Trojan:Win32/CryptInject.APR!MTB?

Trojan:Win32/CryptInject.APR!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment