Malware

About “Win32/Injector.AMLI” infection

Malware Removal

The Win32/Injector.AMLI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/Injector.AMLI virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)

How to determine Win32/Injector.AMLI?


File Info:

name: 69D73702FA74063E3B99.mlw
path: /opt/CAPEv2/storage/binaries/1e70018b986101e1cdf0c46fe76a4d56891d9700ef1bfd5fdb3a2bf7ab85cd93
crc32: 6D9FB0D0
md5: 69d73702fa74063e3b99e9f8e609cc97
sha1: f39140658627be60df2a178f1b2d60e7e6291d1f
sha256: 1e70018b986101e1cdf0c46fe76a4d56891d9700ef1bfd5fdb3a2bf7ab85cd93
sha512: df74c6e6416ea82eba30a7027812ba6f3688bb88d3f1fe2042a023e59bf445cc656a27f7a16debba327d0f05c22d629495037bc1cba95222fc82e15982e3771f
ssdeep: 3072:tV5+DfhG3a6uCpZYGpVW6TDYQA6u3gpMkTS74jm9DM/Ag:fqfhGsCXH3WEYQ6QlJjm9DM/R
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T104E312461BCB5C94C016AB754AA69D3AD12FBDC10B29781C8EDA57C78FF038ABC84D4D
sha3_384: 045cb8a10d24048db5ee741485371156bd0e5c61ba7129e1bb4429c6368b57b69699eab0ea7bea7a7c97890afe6de77b
ep_bytes: 60be00c044008dbe0050fbff5783cdff
timestamp: 2011-04-11 16:01:04

Version Info:

Translation: 0x0409 0x04b0
Comments: fbwr
CompanyName: nbzNH9tPv8
FileDescription: nb1C9vP
LegalCopyright: Ad2Cpqp
LegalTrademarks: Dw
ProductName: k7ymYHS
FileVersion: 1.49.0095
ProductVersion: 1.49.0095
InternalName: 13
OriginalFilename: 13.exe

Win32/Injector.AMLI also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Refroso.ljNs
Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Heur.ManBat.1
ClamAVWin.Trojan.VB-48468
FireEyeGeneric.mg.69d73702fa74063e
McAfeeArtemis!69D73702FA74
CylanceUnsafe
ZillyaTrojan.VBKrypt.Win32.36561
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0054ec131 )
AlibabaTrojan:Win32/VBKrypt.f02285b2
K7GWTrojan ( 0054ec131 )
Cybereasonmalicious.2fa740
VirITTrojan.Win32.Inject.CXJ
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Injector.AMLI
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.VBKrypt.cquw
BitDefenderGen:Heur.ManBat.1
NANO-AntivirusTrojan.Win32.VBKrypt.dxoocz
AvastFileRepMalware [Trj]
TencentMalware.Win32.Gencirc.11497520
Ad-AwareGen:Heur.ManBat.1
SophosMal/Generic-G
ComodoMalware@#yyzp3rhybv7r
DrWebTrojan.VbCrypt.8
VIPREGen:Heur.ManBat.1
TrendMicroTROJ_VBINJECT_FE1800F4.UVPM
McAfee-GW-EditionBehavesLike.Win32.Trojan.cc
Trapminemalicious.high.ml.score
EmsisoftGen:Heur.ManBat.1 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.ManBat.1
JiangminTrojan/VBKrypt.hsde
WebrootTrojan.Dropper
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.39
ArcabitTrojan.ManBat.1
ViRobotTrojan.Win32.A.VBKrypt.153469.B[UPX]
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win32.VBKrypt.R15774
Acronissuspicious
BitDefenderThetaAI:Packer.3AF8DFD61F
ALYacGen:Heur.ManBat.1
MAXmalware (ai score=100)
VBA32BScope.Trojan.VBKrypt
MalwarebytesMalware.Heuristic.1003
TrendMicro-HouseCallTROJ_VBINJECT_FE1800F4.UVPM
RisingDropper.Generic!8.35E (CLOUD)
YandexTrojan.VBKrypt!AboYG5Knjig
IkarusTrojan.Win32.VBKrypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VBKrypt.BBBQ!tr
AVGFileRepMalware [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Injector.AMLI?

Win32/Injector.AMLI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment