Trojan

What is “Trojan:Win32/InjectorCrypt!pz”?

Malware Removal

The Trojan:Win32/InjectorCrypt!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/InjectorCrypt!pz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/InjectorCrypt!pz?



File Info:

name: 03E66459155B353C2047.mlw
path: /opt/CAPEv2/storage/binaries/4099c586999d5b2644cf46e71e8b889ba3a54f70049f27ad5653c1990ff619c7
crc32: B8C3A6EB
md5: 03e66459155b353c2047dc0c148d5278
sha1: b690c9bf36e9de286670f06c047c95eab4cb1c04
sha256: 4099c586999d5b2644cf46e71e8b889ba3a54f70049f27ad5653c1990ff619c7
sha512: 49ac2dcc6fdd688dd42d6bab4934ecbd0d168ebba0804a35d978223750ecbe992a187713e795bee22971495e843467f32cb31f6452377ae1d2c779805f8badcd
ssdeep: 3072:JXIQz0ZGafKho3dfQLqWyJsiZPRkCmm3oB1vXB3qFPcFq/odR4KQ:GwafbzWyiCX3oB1vYtcFq/OGKQ
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1AFD30116CD1832A5D3311632361910B312A2E87772AD85B7A0B474F7E6BF268DD8978F
sha3_384: 11259e42e0963fd3291069d5675259620b3fc9ef4dabe2f07455145531f096e05b1ec2852d5a78158928db7e216ba7fb
ep_bytes: 5589e5bb0000000089c221f781c65c4c
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Trojan:Win32/InjectorCrypt!pz also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Copak.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.imW@!hBy@@e
FireEyeGeneric.mg.03e66459155b353c
SkyhighBehavesLike.Win32.Generic.cm
McAfeeGenericRXAA-FA!03E66459155B
MalwarebytesTrojan.MalPack.Generic
VIPREGen:Trojan.Heur.imW@!hBy@@e
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0058c5ff1 )
AlibabaTrojan:Win32/Copak.a398441f
K7GWTrojan ( 0058c5ff1 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitTrojan.Heur.EFD32A
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Injector.DZQA
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Copak.pef
BitDefenderGen:Trojan.Heur.imW@!hBy@@e
NANO-AntivirusTrojan.Win32.Copak.jqgetu
AvastWin32:Evo-gen [Trj]
EmsisoftGen:Trojan.Heur.imW@!hBy@@e (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.Packed2.43250
ZillyaTrojan.CopakGen.Win32.1
SophosMal/HckPk-A
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Copak.llq
GoogleDetected
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Win32.Injector
XcitiumPacked.Win32.MUPX.Gen@24tbus
MicrosoftTrojan:Win32/InjectorCrypt!pz
ZoneAlarmHEUR:Trojan.Win32.Copak.pef
GDataGen:Trojan.Heur.imW@!hBy@@e
VaristW32/Kryptik.DZR.gen!Eldorado
AhnLab-V3Malware/Win32.Generic.C2860595
BitDefenderThetaAI:Packer.335106D81B
ALYacGen:Trojan.Heur.imW@!hBy@@e
MAXmalware (ai score=83)
VBA32BScope.Trojan.Wacatac
Cylanceunsafe
PandaTrj/Genetic.gen
RisingTrojan.Kryptik!1.D12D (CLASSIC)
IkarusTrojan.Win32.Injector
FortinetW32/Kryptik.EAHK!tr
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.f36e9d
DeepInstinctMALICIOUS

How to remove Trojan:Win32/InjectorCrypt!pz?

Trojan:Win32/InjectorCrypt!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment