Malware

Should I remove “Win32/Injector.AXYH”?

Malware Removal

The Win32/Injector.AXYH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.AXYH virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Collects and encrypts information about the computer likely to send to C2 server
  • Collects information to fingerprint the system

How to determine Win32/Injector.AXYH?



File Info:

name: 50EBF46A9A41052B5DD4.mlw
path: /opt/CAPEv2/storage/binaries/5665e5b97b979a6e3f713d0b980106fd87072a6018dcc60648b2670ff808cf97
crc32: F99EFF0D
md5: 50ebf46a9a41052b5dd4d33765526047
sha1: 5432901c28cfd0c76f997e84798c9b00351b751a
sha256: 5665e5b97b979a6e3f713d0b980106fd87072a6018dcc60648b2670ff808cf97
sha512: 8a6c2e0d498b78455754d949b4131ea2dbb74e4fd5037dbeecfb06d9ec6217c772158672a10035074fdfc5da5f142e40a6698246e44369910939911f5afd4e50
ssdeep: 6144:Bymk3GEaHsxfnOfwV1lcxwoZrKi1Hey4lfsWR:SwMxG6LOwoRKWefN/R
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11D3402097716DC22D10D89B1D7635A3C66A205AA7F47890B97B80F2C4D7EB42AE8377C
sha3_384: 8a17d82a2ad043633b61b42d320880eb99af120f6ba51c5fcdd1fe99a3b4d599de4d104d479ab6be0fc659756f298832
ep_bytes: 558bec6aff6890014000680490400064
timestamp: 2014-02-13 18:33:57


Version Info:

Comments: 
CompanyName:  
FileDescription: Apriori
FileVersion: 1, 0, 0, 1
InternalName: Apriori
LegalCopyright: Copyright ? 2014
LegalTrademarks: 
OriginalFilename: Apriori.exe
PrivateBuild: 
ProductName:   Apriori
ProductVersion: 1, 0, 0, 1
SpecialBuild: 
Translation: 0x0804 0x04b0

Win32/Injector.AXYH also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Betabot.3
MicroWorld-eScanGen:Variant.Zusy.83264
FireEyeGeneric.mg.50ebf46a9a41052b
CAT-QuickHealTrojanPWS.Zbot.AP4
ALYacGen:Variant.Zusy.83264
CylanceUnsafe
SangforPUP.Win32.Zusy.83264
K7AntiVirusTrojan ( 004e4a7c1 )
K7GWTrojan ( 004e4a7c1 )
Cybereasonmalicious.a9a410
BitDefenderThetaGen:NN.ZexaF.34606.oq3@aWVp@HgH
SymantecTrojan.Gen
tehtrisGeneric.Malware
ESET-NOD32Win32/Injector.AXYH
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.83264
NANO-AntivirusTrojan.Win32.Zbot.ctpsko
SUPERAntiSpywareTrojan.Agent/Gen-Injector
AvastWin32:Zbot-SQN [Trj]
TencentMalware.Win32.Gencirc.10c7a711
Ad-AwareGen:Variant.Zusy.83264
SophosGeneric ML PUA (PUA)
ComodoTrojWare.Win32.Spy.Zbot.RMUS@57wmlt
ZillyaTrojan.Zbot.Win32.149905
TrendMicroTROJ_SPNV.01FL14
McAfee-GW-EditionDropper-FJW!50EBF46A9A41
EmsisoftGen:Variant.Zusy.83264 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojanSpy.Zbot.ebym
WebrootTrojan.Dropper.Gen
AviraTR/Dropper.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.80D9E2
MicrosoftPWS:Win32/Zbot
GDataGen:Variant.Zusy.83264
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win32.Zbot.R98289
McAfeeDropper-FJW!50EBF46A9A41
TACHYONTrojan-Spy/W32.ZBot.240441
VBA32BScope.TrojanPSW.Panda
MalwarebytesTrojan.Crypt.NKN
TrendMicro-HouseCallTROJ_SPNV.01FL14
RisingDropper.Generic!8.35E (CLOUD)
YandexTrojanSpy.Zbot!9S34+YDE2f8
IkarusTrojan-Downloader.Win32.Upatre
FortinetW32/Kryptik.WIF!tr
AVGWin32:Zbot-SQN [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Injector.AXYH?

Win32/Injector.AXYH removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment