Malware

What is “Win32/Injector.AAHE”?

Malware Removal

The Win32/Injector.AAHE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.AAHE virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Behavioural detection: Injection (inter-process)
  • Collects information about installed applications
  • Spoofs its process name and/or associated pathname to appear as a legitimate process
  • Harvests credentials from local FTP client softwares

How to determine Win32/Injector.AAHE?



File Info:

name: E5DA508938D22887A529.mlw
path: /opt/CAPEv2/storage/binaries/c1874095a1367671c2e761cf1291d63cfb9f9ba42c336aec07e3d2003bc72362
crc32: 0E7740E9
md5: e5da508938d22887a52982bd97769191
sha1: 038a748bf4a6d7aa2688b2f3d3cd2d5d55f83700
sha256: c1874095a1367671c2e761cf1291d63cfb9f9ba42c336aec07e3d2003bc72362
sha512: 63419f6c4fd46bbf3d7543d106630c398c33b2c381b45b9338c4399b1aaefaeaeec1ea88ac5555a09146da25edb9d559fb0620e0a9d85ba4909bc6f0b04e3db5
ssdeep: 12288:XGG847hgtn25CnOjlUKsBxlhwA+M8m+8XQFq75SkO:J8Uv0glJsBNwfM8m7gFq9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T161841215E7C044F1FDE242740DF9A6A98CE24B922F64EEDBD7862F14DE207C9453A34A
sha3_384: 2456d9ae749470386ece86917c00440f969329acebf5d9d0b593f500f5e4684c740a2b3a572b6adfefdbee678ac8336a
ep_bytes: 68a0000000680000010168080c4100e8
timestamp: 2012-12-16 17:24:38


Version Info:

0: [No Data]

Win32/Injector.AAHE also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Generic.KDZ.2126
FireEyeGeneric.mg.e5da508938d22887
CAT-QuickHealVirTool.CeeInject.A
McAfeePWS-Zbot.gen.anm
CylanceUnsafe
ZillyaDownloader.Andromeda.Win32.1167
SangforTrojan.Win32.Zbot.ajoumea
K7AntiVirusTrojan ( 0040f2521 )
AlibabaVirTool:Win32/Injector.2c5781a1
K7GWTrojan ( 0040f2521 )
Cybereasonmalicious.938d22
VirITTrojan.Win32.Generic.AWQF
CyrenW32/Trojan.CKNT-3897
SymantecPacked.Generic.415
ESET-NOD32a variant of Win32/Injector.AAHE
APEXMalicious
AvastWin32:Cutwail-BM [Trj]
ClamAVWin.Spyware.Zbot-69382
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Generic.KDZ.2126
NANO-AntivirusTrojan.Win32.Buzus.bghqwj
TencentMalware.Win32.Gencirc.10b6c7f0
Ad-AwareTrojan.Generic.KDZ.2126
EmsisoftTrojan.Generic.KDZ.2126 (B)
ComodoTrojWare.Win32.Injector.AAJW@4swo9i
DrWebTrojan.Packed.23677
VIPRETrojan.Win32.Encpk.afnb (v)
TrendMicroTSPY_TEPFER.NX
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
SophosMal/Generic-R + Troj/Ransom-LR
Paloaltogeneric.ml
GDataTrojan.Generic.KDZ.2126
JiangminTrojanSpy.Zbot.cotw
AviraTR/Spy.Zbot.ajoumea
Antiy-AVLTrojan[Spy]/Win32.Zbot
ViRobotTrojan.Win32.A.Zbot.289280.AF
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftVirTool:Win32/CeeInject.gen!ID
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zbot.R49007
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34212.yuW@aWxXo9cO
ALYacTrojan.Generic.KDZ.2126
MAXmalware (ai score=100)
VBA32BScope.Trojan.Downloader
MalwarebytesMalware.AI.3272167495
TrendMicro-HouseCallTSPY_TEPFER.NX
RisingTrojan.Injector!8.C4 (CLOUD)
YandexTrojan.GenAsa!169+lGDHK1o
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_88%
FortinetW32/Ransom.LR!tr
WebrootW32.Rogue.Gen
AVGWin32:Cutwail-BM [Trj]
PandaTrj/Agent.MIZ
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Injector.AAHE?

Win32/Injector.AAHE removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment