Malware

Win32/Injector.BUSP information

Malware Removal

The Win32/Injector.BUSP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.BUSP virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the DarkComet malware family
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Injector.BUSP?



File Info:

name: 4DE3BA10B487C77CC6E6.mlw
path: /opt/CAPEv2/storage/binaries/08f4d9f6a9836326f7403a28763f080e6bebb46ed9ee977ef1f083036645429c
crc32: 5CD59986
md5: 4de3ba10b487c77cc6e6f7886377a992
sha1: 6a8d30bf869906246845c671140c1df25ec75455
sha256: 08f4d9f6a9836326f7403a28763f080e6bebb46ed9ee977ef1f083036645429c
sha512: 6e60fb615985658d9d8425909124253e288355c2355a207cc7a4d2028dfb1cfe295a026d603af207788c7d539bcfad99d31ff6058dc3621621b802e863f96a82
ssdeep: 12288:RC/cqAEec37FBWkpp5wX4pF9fISJFB1JVh8/H3X0lS/ymafJP5i76Kl:Rq1XLFBWkp8QfISJFzJ7YX0E8JP5iOK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13AF4AEA1DC29FE07E3DED8B8146869B9D2F51086FC03093A587FD10CF654796A0AC76E
sha3_384: 387b58f20dd36336b556c075f872b2ab176b894b40b7d5bc6995f4831cc95aadf9d0255d12909d20bc20f73cb95138ae
ep_bytes: 68fc184b00e8eeffffff000000000000
timestamp: 2015-02-15 13:18:25


Version Info:

Translation: 0x0409 0x04b0
Comments: Grent
CompanyName: Drastically
FileDescription: Excmu7
ProductName: Burlet
FileVersion: 6.08.0008
ProductVersion: 6.08.0008
InternalName: Shelteringly
OriginalFilename: Shelteringly.exe

Win32/Injector.BUSP also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.VBKryjetor.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.VBKrypt.59
CAT-QuickHealVirTool.VBInject.LE3
ALYacGen:Variant.VBKrypt.59
SangforSuspicious.Win32.Save.vb
K7AntiVirusTrojan ( 0055e3991 )
K7GWTrojan ( 0055e3991 )
Cybereasonmalicious.0b487c
BitDefenderThetaGen:NN.ZevbaF.36348.Um0@aqrwlkdi
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Injector.BUSP
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.VBKryjetor.apr
BitDefenderGen:Variant.VBKrypt.59
NANO-AntivirusTrojan.Win32.Fynloski.dorocp
AvastWin32:VBCrypt-CZO [Trj]
TencentWin32.Trojan.Vbkryjetor.Szfl
EmsisoftGen:Variant.VBKrypt.59 (B)
F-SecureTrojan.TR/AD.Fynloski.erejg
DrWebTrojan.Inject1.54005
VIPREGen:Variant.VBKrypt.59
McAfee-GW-EditionBehavesLike.Win32.Trojan.bc
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.4de3ba10b487c77c
SophosTroj/VBInj-MC
IkarusTrojan.Win32.Injector
JiangminTrojan/VBKryjetor.hc
AviraTR/AD.Fynloski.erejg
Antiy-AVLTrojan/Win32.VBKryjetor
MicrosoftBackdoor:Win32/Fynloski.K
XcitiumMalware@#3p6n73w63kllt
ArcabitTrojan.VBKrypt.59
ZoneAlarmTrojan.Win32.VBKryjetor.apr
GDataGen:Variant.VBKrypt.59
GoogleDetected
AhnLab-V3Win-Trojan/VBKrand.Gen
Acronissuspicious
McAfeePWSZbot-FAHG!4DE3BA10B487
MAXmalware (ai score=80)
VBA32Trojan.VBKryjetor
Cylanceunsafe
PandaTrj/CI.A
RisingTrojan.Injector!1.B459 (CLASSIC)
YandexTrojan.VBKryjetor!8up/ynHwwJA
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.BWAN!tr
AVGWin32:VBCrypt-CZO [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Injector.BUSP?

Win32/Injector.BUSP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment