Categories: Malware

Win32/Injector.BDES removal instruction

The Win32/Injector.BDES is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.BDES virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Dynamic (imported) function loading detected
Enumerates the modules from a process (may be used to locate base addresses in process injection)
Enumerates running processes
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Behavioural detection: Injection (Process Hollowing)
Executed a process and injected code into it, probably while unpacking
Behavioural detection: Injection (inter-process)
Installs itself for autorun at Windows startup
Uses suspicious command line tools or Windows utilities

How to determine Win32/Injector.BDES?


File Info:
name: C4E911DC9C6B14246C4F.mlwpath: /opt/CAPEv2/storage/binaries/56b05c514b22d9e9a83d3bf750f4b8fe3b67d33a3e8adc56436a454e531317aecrc32: F4C9F8CCmd5: c4e911dc9c6b14246c4fe8767c9ee617sha1: 0ace579a4d44b1eb85740df6a0881595c9a22940sha256: 56b05c514b22d9e9a83d3bf750f4b8fe3b67d33a3e8adc56436a454e531317aesha512: 57282c3894d0fbaa833c2dac0a0679be4d143247f8118756b9f643668a67c4b0d9a1822b38fde0afb9d000c74d1da20969c542f47e8610ddad913ee61b73cff2ssdeep: 6144:R3+31PlbLNsv1i8HRussh95RBQsDLXHkUAmvi69uc5/K7/zLL98Gwy:dRv1iW5C5XQsfHkUAmqy/WLmytype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1B5B49D90E246DCE9E41572F19C2AD97011A7AD9EA8B00A2F317DB21D15B3363DCA3D1Fsha3_384: 8ed3253495cdffecdafcd899befc0be51a5ca730447f55eb2e7f2307df09172b5b440716fb3e22003b14015e929d6b7fep_bytes: 558bec6aff68286e400068de4a400064timestamp: 2014-05-05 19:00:21
Version Info:
Comments: CompanyName:  FileDescription: clusterFileVersion: 1, 0, 0, 1InternalName: clusterLegalCopyright: Copyright ? 2014LegalTrademarks: OriginalFilename: cluster.exePrivateBuild: ProductName:   clusterProductVersion: 1, 0, 0, 1SpecialBuild: Translation: 0x0810 0x04b0

Win32/Injector.BDES also known as:

Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
FireEye	Generic.mg.c4e911dc9c6b1424
CAT-QuickHeal	TrojanPWS.Zbot.AP4
McAfee	PWSZbot-FXE!C4E911DC9C6B
Cylance	Unsafe
Sangfor	Trojan.Win32.Lethic.4
CrowdStrike	win/malicious_confidence_90% (W)
Alibaba	Trojan:Win32/DllCheck.80481335
K7GW	Trojan ( 0040f8461 )
K7AntiVirus	Trojan ( 0040f8461 )
VirIT	Trojan.Win32.SHeur4.BUYL
Cyren	W32/Zbot.RS.gen!Eldorado
Symantec	Trojan.Zbot
ESET-NOD32	a variant of Win32/Injector.BDES
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Trojan.Zbot-57618
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.Lethic.Gen.4
NANO-Antivirus	Trojan.Win32.Inject.cxiprh
SUPERAntiSpyware	Trojan.Agent/Gen-Zeus
MicroWorld-eScan	Trojan.Lethic.Gen.4
Avast	Win32:Crypt-REG [Trj]
Tencent	Malware.Win32.Gencirc.10b4539e
Ad-Aware	Trojan.Lethic.Gen.4
Emsisoft	Trojan.Lethic.Gen.4 (B)
Comodo	TrojWare.Win32.Injector.BDES@59xvmr
DrWeb	Trojan.PWS.Panda.5676
VIPRE	Trojan.Win32.Agent.bciw (v)
TrendMicro	TROJ_FYNLOSK.SM1
McAfee-GW-Edition	PWSZbot-FXE!C4E911DC9C6B
Sophos	Mal/Generic-R + Troj/Fondu-AS
GData	Trojan.Lethic.Gen.4
Jiangmin	TrojanSpy.Zbot.edwu
eGambit	Unsafe.AI_Score_99%
Avira	TR/Mantsu.vxca
MAX	malware (ai score=100)
Antiy-AVL	Trojan[Backdoor]/Win32.DarkKomet
Kingsoft	Win32.Troj.Undef.(kcloud)
Arcabit	Trojan.Lethic.Gen.4
ViRobot	Trojan.Win32.S.Injector.512000
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Trojan:Win32/DllCheck.A!MSR
AhnLab-V3	Trojan/Win32.Injector.R106674
BitDefenderTheta	Gen:NN.ZexaF.34212.Fq0@aWrXqClb
ALYac	Trojan.Lethic.Gen.4
VBA32	OScope.Malware-Cryptor.Zbot
Malwarebytes	Generic.Malware/Suspicious
TrendMicro-HouseCall	TROJ_FYNLOSK.SM1
Rising	Backdoor.Fynloski!8.1FD (TFE:5:egSnxTjJLGL)
Yandex	Trojan.Agent!xLCgc/Y5y+k
Ikarus	Virus.Win32.Zbot
MaxSecure	Trojan.Malware.7036746.susgen
Fortinet	W32/Krypt.DE!tr
Webroot	W32.Rogue.Gen
AVG	Win32:Crypt-REG [Trj]
Cybereason	malicious.c9c6b1
Panda	Trj/Genetic.gen