Categories: Malware

VirTool:Win32/CeeInject!EG removal

The VirTool:Win32/CeeInject!EG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What VirTool:Win32/CeeInject!EG virus can do?

Behavioural detection: Executable code extraction – unpacking
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The executable is compressed using UPX
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
Attempted to write directly to a physical drive
Deletes executed files from disk
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine VirTool:Win32/CeeInject!EG?


File Info:
name: AFDACADAC8580E2EF1FE.mlwpath: /opt/CAPEv2/storage/binaries/dbd6aa1edfba0b33fa677dd9c64e96bca84967ef06416d3c0be781394758fb55crc32: 5DD1C578md5: afdacadac8580e2ef1fe4ef4cf34813asha1: 1043400035b8356ef531eefca3cd66a832dd25ecsha256: dbd6aa1edfba0b33fa677dd9c64e96bca84967ef06416d3c0be781394758fb55sha512: f636b3bde359e8d6279b232fc8def76c33d7c7479c567c5ea0b1a5658fae024497bfadc130730903c141525c6bce6315bd76a00e332497ed479af87f7cbe1290ssdeep: 3072:N4/L/JDPaUSS3JfqhdK4TqbFjvnO5+ficHmKs8KWlqEV2v4hE3SuNzUlyTEf5A:e/bJ/Df1FTOw/HmV8R4EV04hUtzk6type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T136648C0DA111C4F7DC1509B4E018FA156966AF30CAADC67B67DD378DBDF2283E892893sha3_384: 72e89f8a675a97be4a5daa29be122fd2aab6f6b8e8b7dadc9bd30d5c5c8ad7cde0592881ac3a4e82e7042096cc2e19beep_bytes: e8cc2a0000e916feffff6a0c6850cd40timestamp: 2011-05-02 22:00:12
Version Info:
FileDescription: Example MSVC ApplicationFileVersion: 1,0,0,0InternalName: ExampleLegalCopyright: OriginalFilename: Example.exeProductName: Example MSVC ApplicationProductVersion: 1.0.0.0Translation: 0x0409 0x04b0

VirTool:Win32/CeeInject!EG also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Onuni.4!c
Elastic	malicious (moderate confidence)
DrWeb	BackDoor.Siggen.28213
MicroWorld-eScan	Gen:Trojan.Heur.tq0@!77ONuni
FireEye	Generic.mg.afdacadac8580e2e
McAfee	Artemis!AFDACADAC858
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 004bcce41 )
Alibaba	Trojan:Win32/CeeInject.02dcfc2f
K7GW	Trojan ( 004bcce41 )
CrowdStrike	win/malicious_confidence_90% (W)
Arcabit	Trojan.Heur.E81CBF
BitDefenderTheta	AI:Packer.38ADB6821C
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.GCW
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.BSOD.gen
BitDefender	Gen:Trojan.Heur.tq0@!77ONuni
NANO-Antivirus	Trojan.Win32.FakeAV.ctbue
Avast	Win32:GenMalicious-KOR [Trj]
Emsisoft	Gen:Trojan.Heur.tq0@!77ONuni (B)
F-Secure	Trojan.TR/Crypt.ZPACK.Gen8
VIPRE	Gen:Trojan.Heur.tq0@!77ONuni
TrendMicro	TROJ_GEN.R002C0DEO23
McAfee-GW-Edition	BehavesLike.Win32.Generic.fh
Trapmine	malicious.high.ml.score
Sophos	Troj/Inject-STI
Ikarus	Trojan-Dropper.SuspectCRC
Jiangmin	Worm/AutoRun.aatu
Webroot	Trojan.Dropper.Gen
Avira	TR/Crypt.ZPACK.Gen8
Antiy-AVL	Trojan/Win32.TDSS
Microsoft	VirTool:Win32/CeeInject.gen!EG
ZoneAlarm	HEUR:Trojan.Win32.BSOD.gen
GData	Gen:Trojan.Heur.tq0@!77ONuni
Google	Detected
AhnLab-V3	Trojan/Win.Injection.C5432601
VBA32	BScope.Backdoor.Ruskill.2921
ALYac	Gen:Trojan.Heur.tq0@!77ONuni
MAX	malware (ai score=80)
Malwarebytes	Crypt.Trojan.Malicious.DDS
TrendMicro-HouseCall	TROJ_GEN.R002C0DEO23
Rising	Trojan.Injector!8.C4 (CLOUD)
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Injector.WDH!tr
AVG	Win32:GenMalicious-KOR [Trj]
Cybereason	malicious.ac8580
DeepInstinct	MALICIOUS