Categories: Malware

VirTool:Win32/Injector.AR (file analysis)

The VirTool:Win32/Injector.AR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VirTool:Win32/Injector.AR virus can do?

  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Operates on local firewall’s policies and settings
  • Creates a copy of itself
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine VirTool:Win32/Injector.AR?



File Info:

name: F8C125B047384B6DE512.mlwpath: /opt/CAPEv2/storage/binaries/283092cebb3588cca20705d89377c60846ab0ca3381ed8105a1b3cfc82efbab2crc32: 37FC78C3md5: f8c125b047384b6de5125dae97dff180sha1: b8c1da5a9a24b0776170fd40174b28ea230d4af2sha256: 283092cebb3588cca20705d89377c60846ab0ca3381ed8105a1b3cfc82efbab2sha512: 8a2ebbfcd0bd3021fc402faf23ad005bc5767b2c825a457db52b5628af0cf37121dff6ecc30c5a7673d0d7f3bf517ff4f1e18cc3e0d9b0f6454b04b90cc33e1assdeep: 3072:ZNNq0VaCTpnKn9dVczQ4Y5iL0fDIuyNBeAPFI4iTMIqY5l7L3s:b4K9To/VczQ4mfDuNoAPGXTMIb5l7Itype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1B4643996C34B4989F9C780347452FB7690198D7C284AC846F3C2AF29BA323DDA4E5F57sha3_384: e98f8393f97ed4460709854d53e5e46e518cb81c3f845fd17aceea2d28a306e7cb49f5e0abc8f91aa52fe7d679e162c7ep_bytes: 558bec6aff687810410068b002410064timestamp: 2011-11-05 19:40:11

Version Info:

Comments: CompanyName: FileDescription: FileVersion: 2, 0, 8, 0InternalName: LegalCopyright: LegalTrademarks: OriginalFilename: PrivateBuild: ProductName: ProductVersion: 2, 0, 8, 0SpecialBuild: Translation: 0x0409 0x04b0

VirTool:Win32/Injector.AR also known as:

Bkav W32.AIDetectNet.01
Lionic Trojan.Win32.Generic.lw1i
MicroWorld-eScan Gen:Heur.Mint.Titirez.tq0@vSUn2tm
ClamAV Win.Trojan.Ircbot-9890912-0
FireEye Generic.mg.f8c125b047384b6d
ALYac Gen:Heur.Mint.Titirez.tq0@vSUn2tm
Malwarebytes Backdoor.Bot
Zillya Trojan.Buzus.Win32.84940
Sangfor Suspicious.Win32.Save.ins
K7AntiVirus EmailWorm ( 003284441 )
Alibaba VirTool:Win32/Injector.40cb5d11
K7GW EmailWorm ( 003284441 )
Cybereason malicious.047384
Baidu Win32.Worm.IRCBot.ak
Cyren W32/A-4a67ef47!Eldorado
Symantec Packed.Generic.341
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/AutoRun.Injector.AQ
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Heur.Mint.Titirez.tq0@vSUn2tm
NANO-Antivirus Trojan.Win32.Inject.ermlk
SUPERAntiSpyware Trojan.Agent/Gen-Autoject
Avast Win32:Sality [Inf]
Tencent Win32.Trojan.Generic.Ktgl
Sophos Mal/EncPk-AAQ
DrWeb Win32.HLLW.Autoruner1.4180
VIPRE Gen:Heur.Mint.Titirez.tq0@vSUn2tm
TrendMicro TROJ_KRYPTK.SMU3
McAfee-GW-Edition BehavesLike.Win32.Infected.fz
Trapmine malicious.high.ml.score
Emsisoft Gen:Heur.Mint.Titirez.tq0@vSUn2tm (B)
Ikarus Trojan-PWS.Win32.Fignotok
GData Gen:Heur.Mint.Titirez.tq0@vSUn2tm
Jiangmin Trojan/Buzus.bbzj
Webroot W32.Trojan.Gen
Avira TR/Patched.Ren.Gen
Xcitium TrojWare.Win32.Agent.ktn@4o5wqg
Arcabit Trojan.Mint.Titirez.ED1E5C
ViRobot Trojan.Win32.A.Buzus.139264.H
Microsoft VirTool:Win32/Injector.AR
Google Detected
AhnLab-V3 Trojan/Win32.Buzus.R14810
Acronis suspicious
McAfee PWS-Zbot.gen.bbk
MAX malware (ai score=100)
VBA32 BScope.Backdoor.Ruskill.1421
Cylance unsafe
TrendMicro-HouseCall TROJ_KRYPTK.SMU3
Rising Backdoor.Win32.Gnail.aa (CLASSIC)
Yandex Trojan.GenAsa!pi6ZlY3eyYE
SentinelOne Static AI – Malicious PE
Fortinet W32/Kryptik.AL!tr
BitDefenderTheta AI:Packer.DADA3E2B1E
AVG Win32:Sality [Inf]
Panda Trj/Genetic.gen
CrowdStrike win/malicious_confidence_100% (W)

How to remove VirTool:Win32/Injector.AR?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: VirTool:Win32/Injector.AR
1 year ago

Recent Posts

About “Lazy.189388” infection

The Lazy.189388 is considered dangerous by lots of security experts. When this infection is active,…

14 mins ago

Trojan.MSIL.Kickler malicious file

The Trojan.MSIL.Kickler is considered dangerous by lots of security experts. When this infection is active,…

38 mins ago

Generic.Dacic.8952383F.A.D60A38DD removal guide

The Generic.Dacic.8952383F.A.D60A38DD is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

How to remove “Malware.AI.4228548324”?

The Malware.AI.4228548324 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

What is “Malware.AI.4218977589”?

The Malware.AI.4218977589 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Trojan:Win32/FormBook.SD!MTB removal guide

The Trojan:Win32/FormBook.SD!MTB is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago