Trojan

How to remove “Trojan:Win32/InjectorCrypt!pz”?

Malware Removal

The Trojan:Win32/InjectorCrypt!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/InjectorCrypt!pz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/InjectorCrypt!pz?



File Info:

name: 9749E65E21E253F82A8A.mlw
path: /opt/CAPEv2/storage/binaries/8c1e611b6070f09c995ee3ce1614c9e47ea8f93839e161192db363a442c99c28
crc32: 44986414
md5: 9749e65e21e253f82a8a5d299a304d80
sha1: ae0b84d398d0341244321059cf0d477dca288e8c
sha256: 8c1e611b6070f09c995ee3ce1614c9e47ea8f93839e161192db363a442c99c28
sha512: bc640772130febfcd10d1e3f6bafd6b04a06b3ef6ede77be0e2ffbe57672525e0c438e5120f250d2a610d589d6f8787dbf8beffd54189d4371fe99ddb00ef121
ssdeep: 3072:UB9ha5X8fghXY/wMbsmRQe4/ouaOQMICqOMHT/Affto7otExA0fQ:UB+5MfQkCL/0tpLOMHT/AfftoMyeMQ
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T124D30244E587CC51CDC5A6764A4EAF8F3603047295C62E63EEAA25FFF6D5D80A9031B0
sha3_384: a70485afe8ed2c50cc1ea5e840dab03d7151f0f74cf825bc329fd03799c9c0cdbc98f61a48a38cf41e96eab4cb9aa970
ep_bytes: 5589e5b90000000089c701f24e89fb81
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Trojan:Win32/InjectorCrypt!pz also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Copak.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.imW@!hBy@@e
FireEyeGeneric.mg.9749e65e21e253f8
SkyhighBehavesLike.Win32.Generic.cm
ALYacGen:Trojan.Heur.imW@!hBy@@e
ZillyaTrojan.CopakGen.Win32.1
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0058c5ff1 )
AlibabaTrojan:Win32/Injector.20f6e55d
K7GWTrojan ( 0058c5ff1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaAI:Packer.335106D81B
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Injector.DZQA
CynetMalicious (score: 100)
APEXMalicious
KasperskyHEUR:Trojan.Win32.Copak.pef
BitDefenderGen:Trojan.Heur.imW@!hBy@@e
AvastWin32:Evo-gen [Trj]
TencentTrojan.Win32.Copak.pe
EmsisoftGen:Trojan.Heur.imW@!hBy@@e (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.Packed2.43250
VIPREGen:Trojan.Heur.imW@!hBy@@e
SophosMal/HckPk-A
IkarusTrojan.Win32.Injector
JiangminTrojan.Copak.akub
VaristW32/Kryptik.DZR.gen!Eldorado
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Win32.Injector
KingsoftWin32.Troj.Agent.cks
MicrosoftTrojan:Win32/InjectorCrypt!pz
XcitiumPacked.Win32.MUPX.Gen@24tbus
ArcabitTrojan.Heur.EFD32A
ZoneAlarmHEUR:Trojan.Win32.Copak.pef
GDataGen:Trojan.Heur.imW@!hBy@@e
GoogleDetected
AhnLab-V3Malware/Win32.Generic.C2860595
McAfeeGenericRXAA-FA!9749E65E21E2
MAXmalware (ai score=83)
VBA32BScope.Trojan.Wacatac
MalwarebytesTrojan.MalPack.Generic
PandaTrj/Genetic.gen
RisingTrojan.Injector!1.C865 (CLASSIC)
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.EAHK!tr
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.398d03
DeepInstinctMALICIOUS

How to remove Trojan:Win32/InjectorCrypt!pz?

Trojan:Win32/InjectorCrypt!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment