Categories: Malware

VirTool:Win32/CeeInject!CS (file analysis)

The VirTool:Win32/CeeInject!CS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What VirTool:Win32/CeeInject!CS virus can do?

Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
Checks for the presence of known windows from debuggers and forensic tools
CAPE detected the embedded win api malware family
Attempts to identify installed analysis tools by a known file location
Checks the presence of disk drives in the registry, possibly for anti-virtualization
Creates a copy of itself
Deletes executed files from disk
Anomalous binary characteristics
Yara detections observed in process dumps, payloads or dropped files

How to determine VirTool:Win32/CeeInject!CS?


File Info:
name: 170542CD6C7442D35D26.mlwpath: /opt/CAPEv2/storage/binaries/0f4d52882175b2f455a6423598578fcac141f76816fdb28582c81e8ae00a0b24crc32: 52154C6Fmd5: 170542cd6c7442d35d265f8c226a9571sha1: aae5796a7e0c594bbde2e750e882502fd29f0f89sha256: 0f4d52882175b2f455a6423598578fcac141f76816fdb28582c81e8ae00a0b24sha512: 95118c66d5b2015e4f92e2c953afb2a7ed8a48f1be805b497a93fcbc7131af2771a475001a9be00798e71f83827abc40aa25619ec8962263e805207072cad239ssdeep: 3072:ImEx3o9mVer4REzqcD16E2BZIO13WFXgZRp/apTtIu9TKVmXU/:IzoIVe44j6DBWO9GgZRp/A99ktype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T174E312EAF84BEA31E6EA0C72DAB332B8257C65250F0785CB15B44B0303249F52C7B576sha3_384: 9b3f0cb47ac71ee40fdda58e4b5aa1fad35229f311c64b5d265dfd8a3703ce3c15df7d4f0356c07c24cabe14458649f1ep_bytes: e85d040000e939fdffff558bec81ec28timestamp: 2010-05-10 01:27:04
Version Info:
0: [No Data]

VirTool:Win32/CeeInject!CS also known as:

Bkav	W32.CeeInjectA.Fam.Worm
Lionic	Trojan.Win32.Generic.kYLC
Elastic	malicious (high confidence)
MicroWorld-eScan	Backdoor.Tofsee.Gen
FireEye	Generic.mg.170542cd6c7442d3
CAT-QuickHeal	Trojan.MauvaiseRI.S5242786
Skyhigh	BackDoor-EQU
McAfee	BackDoor-EQU
VIPRE	Backdoor.Tofsee.Gen
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	VirTool:Win32/CeeInject.6c8207a3
VirIT	Trojan.Win32.Packed.BDVX
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Backdoor.Tofsee.Gen
NANO-Antivirus	Trojan.Win32.Buzus.brqgvd
Avast	Win32:Flot-L [Trj]
Tencent	Malware.Win32.Gencirc.13bd6914
Sophos	Mal/EncPk-XR
F-Secure	Backdoor.BDS/Backdoor.Gen3
DrWeb	Trojan.Packed.20173
Zillya	Trojan.Buzus.Win32.52081
Emsisoft	Backdoor.Tofsee.Gen (B)
Ikarus	Trojan-Dropper.TLX
Jiangmin	Trojan/Buzus.agsq
Google	Detected
Avira	BDS/Backdoor.Gen3
Antiy-AVL	Trojan/Win32.SGeneric
Kingsoft	malware.kb.a.988
Microsoft	VirTool:Win32/CeeInject.gen!CS
Xcitium	TrojWare.Win32.Trickybot.A@7kpen0
Arcabit	Backdoor.Tofsee.Gen
ViRobot	Trojan.Win32.A.Buzus.149791
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Backdoor.Tofsee.Gen
Varist	W32/Risk.FKRR-3339
AhnLab-V3	Trojan/Win32.Nxtee.R24
BitDefenderTheta	Gen:NN.ZexaF.36802.jqZ@aePT8Tmi
ALYac	Backdoor.Tofsee.Gen
MAX	malware (ai score=100)
VBA32	Trojan.Buzus
Cylance	unsafe
Panda	Generic Malware
Rising	HackTool.CeeInject!8.B22 (TFE:5:YgaXqUhTXDV)
Yandex	Trojan.GenAsa!ntI6J7e8R0I
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/Buzus.AAAC!tr
AVG	Win32:Flot-L [Trj]
Cybereason	malicious.d6c744
DeepInstinct	MALICIOUS
alibabacloud	Backdoor:Win/Tofsee.Gen