Categories: Malware

VirTool:Win32/Injector.EY malicious file

The VirTool:Win32/Injector.EY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What VirTool:Win32/Injector.EY virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
At least one process apparently crashed during execution
Injection with CreateRemoteThread in a remote process
Creates RWX memory
A process attempted to delay the analysis task.
At least one IP Address, Domain, or File Name was found in a crypto call
Performs some HTTP requests
Unconventionial binary language: Arabic (Algeria)
Unconventionial language used in binary resources: Rhaeto (Romance)
Executed a process and injected code into it, probably while unpacking
Deletes its original binary from disk
Code injection with CreateRemoteThread in a remote process
Crashed cuckoomon during analysis. Report this error to the Github repo.
Tries to unhook or modify Windows functions monitored by Cuckoo
Installs itself for autorun at Windows startup
Checks the system manufacturer, likely for anti-virtualization
Attempts to modify proxy settings
Creates a copy of itself
Anomalous binary characteristics

Related domains:

api.wipmania.com

How to determine VirTool:Win32/Injector.EY?


File Info:
crc32: 536BC42Fmd5: 337227d6354d8cb1f946b7bb8994f54ename: 337227D6354D8CB1F946B7BB8994F54E.mlwsha1: 8fe2311c5822137602d7438b30b04456e637843csha256: aeddac9671f79438f421795534af8cec252fd60cff30ec8f7108b9700bbc7dc4sha512: 61aebbc5c885350dd4d729c1ac5fc1728ee94718236cc0f44cdd90c45ef3d79c59739db6a67ec3742a364923614bef40059d4f0640b763fc3956d8e93c6fc63fssdeep: 3072:byYrOLBEhTOtUnmHfBy37+IkhSfzTyad2EW32HPvdNq5HqIyPu/kN5SRZ:bwBqXnX7+InfXH2hMdNqlqIwRXOtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright (C) Blind 2007-2013Legal Trademarks: BlindInternal Name: Curve.exeCompanyName: Prize driven Jones - www.Blind.comProductName: BlindOriginal Filename: Curve.exeProductVersion: 6.0FileDescription: Respect noddedFileVersion: 2.0.0.1Translation: 0x0401 0x04b0

VirTool:Win32/Injector.EY also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.343530
FireEye	Generic.mg.337227d6354d8cb1
CAT-QuickHeal	Ransom.Tescrypt.A4
McAfee	Packed-CL!337227D6354D
Malwarebytes	Trojan.Agent.DED
VIPRE	LooksLike.Win32.Crowti.e (v)
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 004cef571 )
BitDefender	Gen:Variant.Zusy.343530
K7GW	Trojan ( 004cef571 )
Cybereason	malicious.6354d8
BitDefenderTheta	Gen:NN.ZexaF.34804.nq0@amqOEJcG
Cyren	W32/A-aacf0d08!Eldorado
Symantec	W32.IRCBot.NG
TotalDefense	Win32/Dorkbot.EeTCCeB
APEX	Malicious
Avast	Win32:Sality [Inf]
ClamAV	Win.Packed.Ruskill-7780835-1
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	VirTool:Win32/Injector.34340f11
NANO-Antivirus	Trojan.Win32.Yakes.ditwzy
AegisLab	Trojan.Win32.Generic.miet
Tencent	Malware.Win32.Gencirc.10b76fc0
Ad-Aware	Gen:Variant.Zusy.343530
Emsisoft	Gen:Variant.Zusy.343530 (B)
Comodo	Malware@#19qd2ulej3i1j
F-Secure	Trojan.TR/Patched.Ren.Gen
DrWeb	BackDoor.IRC.NgrBot.42
Zillya	Trojan.Injector.Win32.809611
TrendMicro	TROJ_GEN.R03BC0DLD20
McAfee-GW-Edition	BehavesLike.Win32.Dropper.dh
Sophos	Mal/Generic-R + Mal/Wonton-Z
Ikarus	Trojan.Win32.Injector
GData	Gen:Variant.Zusy.343530
Jiangmin	Trojan/Generic.aztjg
Avira	TR/Patched.Ren.Gen
Antiy-AVL	Trojan/Win32.Yakes
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Downloader.oa
Arcabit	Trojan.Zusy.D53DEA
SUPERAntiSpyware	Trojan.Agent/Gen-Dropper
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	VirTool:Win32/Injector.EY
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Agent.R124663
Acronis	suspicious
VBA32	Heur.Malware-Cryptor.Ngrbot
ALYac	Gen:Variant.Zusy.343530
MAX	malware (ai score=83)
Cylance	Unsafe
Panda	Trj/CI.A
ESET-NOD32	a variant of Win32/Injector.BPFF
TrendMicro-HouseCall	TROJ_GEN.R03BC0DLD20
Rising	Worm.Dorkbot!8.1B4 (CLOUD)
Yandex	Trojan.Agent!lTRYQgVEqKY
SentinelOne	Static AI – Suspicious PE
eGambit	Unsafe.AI_Score_98%
Fortinet	W32/Injector.BPKH!tr
AVG	Win32:Sality [Inf]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (D)
Qihoo-360	Generic/HEUR/QVM10.2.EAE3.Malware.Gen