Malware

About “Win32/Injector.ABIX” infection

Malware Removal

The Win32/Injector.ABIX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.ABIX virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Network anomalies occured during the analysis.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Injector.ABIX?



File Info:

name: 0F376EBA5632C4EFD78F.mlw
path: /opt/CAPEv2/storage/binaries/f03b390e4bfb0b8a066d9cc7a0068e92a902d031015c666754200a6f36d8baff
crc32: 037BBDF3
md5: 0f376eba5632c4efd78f73b5e52e0f17
sha1: 3d4cc95a674cd8b9ab6b07e745745fabb74518a3
sha256: f03b390e4bfb0b8a066d9cc7a0068e92a902d031015c666754200a6f36d8baff
sha512: 21d704ade1a23e17f3115a278734f56f3152b5a1f11b507c25050c4bd87f74d7051b36dab396e23053bb49e2a2a701b15e188f9f87c142ea8bae37685ca51b2b
ssdeep: 768:oy868R8Z8s888m8E8QvZ7I6pY2HxamiSf4BZC4Mzss5lepq5PP3zck46wlDKymrq:oyzq+5hRpfvZ7I6pY2Ra3SfIUk6I0E
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T190137C0BF3D1C672D88385F00566B1A6FB7B93C9131496EBD792080D99977CACF36249
sha3_384: 78a763ef60e2b438778f3cf1992b875d7ad697383bfe2f960a45630c42c34ee60ef99b6d6e60e51498ff612dfbbf9545
ep_bytes: 68b8000000680000000068b49b4000e8
timestamp: 2013-01-15 21:31:28


Version Info:

0: [No Data]

Win32/Injector.ABIX also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Mbro.j!c
Elasticmalicious (high confidence)
DrWebTrojan.Winlock.7801
MicroWorld-eScanTrojan.Encpk.Gen.1
FireEyeGeneric.mg.0f376eba5632c4ef
ALYacTrojan.Encpk.Gen.1
CylanceUnsafe
VIPRETrojan.Encpk.Gen.1
AlibabaVirTool:Win32/Injector.80d0fc9d
CrowdStrikewin/malicious_confidence_70% (D)
BitDefenderThetaGen:NN.ZexaF.34786.cuX@aOJE8Cj
VirITTrojan.Win32.Generic.FDV
CyrenW32/Buzus.X.gen!Eldorado
SymantecPacked.Generic.415
ESET-NOD32a variant of Win32/Injector.ABIX
TrendMicro-HouseCallTROJ_SPNR.0BBB13
Paloaltogeneric.ml
ClamAVWin.Trojan.Agent-492540
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Encpk.Gen.1
NANO-AntivirusTrojan.Win32.Winlock.bfqstb
AvastWin32:Cutwail-BM [Trj]
TencentWin32.Trojan.Generic.Gvn
Ad-AwareTrojan.Encpk.Gen.1
EmsisoftTrojan.Encpk.Gen.1 (B)
ComodoMalware@#33yhr7pu3y0yq
ZillyaTrojan.Mbro.Win32.3407
TrendMicroTROJ_SPNR.0BBB13
McAfee-GW-EditionBehavesLike.Win32.Generic.ph
SentinelOneStatic AI – Suspicious PE
Trapminemalicious.high.ml.score
SophosML/PE-A + Troj/Zbot-DPB
IkarusTrojan.Win32.Inject
JiangminTrojan/Inject.akoc
WebrootW32.Rogue.Gen
AviraTR/Spy.Zbot.ajoumea
Antiy-AVLTrojan/Generic.ASMalwS.24D
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftVirTool:Win32/CeeInject.gen!ID
GDataTrojan.Encpk.Gen.1
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zbot.R49007
McAfeePWS-Zbot.gen.afr
TACHYONTrojan/W32.Small.43528.D
VBA32BScope.TrojanPSW.Panda
MalwarebytesMalware.Heuristic.1008
APEXMalicious
RisingTrojan.Generic@AI.87 (RDML:l09iHJ+r81UBEos1N6+lrw)
YandexTrojan.Injector!yklvqsY58eA
MAXmalware (ai score=100)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Zbot.ANM!tr
AVGWin32:Cutwail-BM [Trj]
Cybereasonmalicious.a5632c
PandaTrj/Agent.MIZ

How to remove Win32/Injector.ABIX?

Win32/Injector.ABIX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment