Trojan

Trojan:Win32/InjectorCrypt!pz removal guide

Malware Removal

The Trojan:Win32/InjectorCrypt!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/InjectorCrypt!pz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/InjectorCrypt!pz?



File Info:

name: 6FDC9FFBE3B5020FF10D.mlw
path: /opt/CAPEv2/storage/binaries/d8e15850daa5586657d73835aca200a56e348cf4f2c7ccc34f891a386feeb5fd
crc32: 55EE3705
md5: 6fdc9ffbe3b5020ff10d183db2fe0e5c
sha1: 58648b8b58c6bcbfac39b6f3e0de853493a54a9e
sha256: d8e15850daa5586657d73835aca200a56e348cf4f2c7ccc34f891a386feeb5fd
sha512: 06e66791a90f75808f11e8b49afdcb610148cb78ac2fa149fa924014b0db40a87432644a42df5b1aaa19b2407d95aa3be0c2dee06fea783d1fd752737e7e5bd3
ssdeep: 3072:IuzA8qWLVH5R+SBGHUNapM3gZdd0T4wG8Q5Jv3CN/qiSJz8rXy9NJYh3Q:I+qWLVZ4S/H3FQ51O/hEz8W9NJkQ
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T135D301C2294A305FDCED8975F86DCBF8F2073148490CEF5DBC5EAA9E485E79189804E6
sha3_384: bfea3217851e39d1cb71b8ae9d946a6c7c3c4f12780c6748df08b1cb823b8b03f24660e23838a493b2fd1fdcc5e92c81
ep_bytes: 5589e5b80000000089f229f981c76317
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Trojan:Win32/InjectorCrypt!pz also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Copak.4!c
tehtrisGeneric.Malware
DrWebTrojan.Packed2.43250
MicroWorld-eScanGen:Trojan.Heur.imW@!hBy@@e
FireEyeGeneric.mg.6fdc9ffbe3b5020f
SkyhighBehavesLike.Win32.Generic.cm
ALYacGen:Trojan.Heur.imW@!hBy@@e
MalwarebytesTrojan.MalPack.Generic
ZillyaTrojan.CopakGen.Win32.1
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0058c5ff1 )
AlibabaTrojan:Win32/Copak.3c91222d
K7GWTrojan ( 0058c5ff1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaAI:Packer.335106D81B
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.DZQA
CynetMalicious (score: 100)
APEXMalicious
KasperskyHEUR:Trojan.Win32.Copak.pef
BitDefenderGen:Trojan.Heur.imW@!hBy@@e
AvastWin32:Evo-gen [Trj]
TencentTrojan.Win32.Copak.pe
EmsisoftGen:Trojan.Heur.imW@!hBy@@e (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen
VIPREGen:Trojan.Heur.imW@!hBy@@e
SophosMal/HckPk-A
IkarusTrojan.Win32.Injector
VaristW32/Kryptik.DZR.gen!Eldorado
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Win32.Injector
MicrosoftTrojan:Win32/InjectorCrypt!pz
XcitiumPacked.Win32.MUPX.Gen@24tbus
ArcabitTrojan.Heur.EFD32A
ZoneAlarmHEUR:Trojan.Win32.Copak.pef
GDataGen:Trojan.Heur.imW@!hBy@@e
GoogleDetected
AhnLab-V3Malware/Win32.Generic.C2860595
McAfeeGenericRXAA-FA!6FDC9FFBE3B5
MAXmalware (ai score=82)
VBA32BScope.Trojan.Wacatac
Cylanceunsafe
PandaTrj/Genetic.gen
RisingTrojan.Injector!1.C865 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.EAHK!tr
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.b58c6b
DeepInstinctMALICIOUS

How to remove Trojan:Win32/InjectorCrypt!pz?

Trojan:Win32/InjectorCrypt!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment