Categories: Malware

Win32/Injector.CHDP malicious file

The Win32/Injector.CHDP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.CHDP virus can do?

Injection (inter-process)
Injection (Process Hollowing)
Executable code extraction
Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
A process created a hidden window
Unconventionial language used in binary resources: Arabic (Algeria)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Executed a process and injected code into it, probably while unpacking
Detects Sandboxie through the presence of a library
Code injection with CreateRemoteThread in a remote process
Sniffs keystrokes
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
A system process is generating network traffic likely as a result of process injection
Installs itself for autorun at Windows startup
Creates a hidden or system file
Checks for the presence of known devices from debuggers and forensic tools
Creates a copy of itself
Creates known SpyNet mutexes and/or registry changes.
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

armando77.publicvm.com

How to determine Win32/Injector.CHDP?


File Info:
crc32: 34205D53md5: 6fba1e568ff16509bd6d9367cb23163dname: 6FBA1E568FF16509BD6D9367CB23163D.mlwsha1: 7bc4d45b97db17ceb0adbe20bd0ddcc2deab1a2csha256: 9c31e44ddc8e8e2f42302d61933606c7edc63b841ac0ccc7424256260a7ddc65sha512: a2a01b5c4fda0d126e91f8a212bc448b42c861032e17ca2947ea28fd31271aee3c571affee683f36df5b4d7e4397175d4363690ed16870c67059e8e52c575bdessdeep: 24576:qtRG0VPTxhZcxoZsMpVWCa8u5f0omQKr2gXKHL:qtRjdhZcxilplC7KXatype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
0: [No Data]

Win32/Injector.CHDP also known as:

K7AntiVirus	Trojan ( 004d98001 )
DrWeb	Trojan.PWS.Stealer.15081
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Ransom.Strictor.14
Cylance	Unsafe
Zillya	Backdoor.Androm.Win32.53105
Sangfor	Trojan.Win32.GenericKD.4
Alibaba	Backdoor:Win32/Androm.21a387a7
K7GW	Trojan ( 004d98001 )
Cybereason	malicious.68ff16
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.CHDP
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Backdoor.Win32.Androm.qhsb
BitDefender	Gen:Variant.Ransom.Strictor.14
NANO-Antivirus	Trojan.Win32.Androm.fhqbmm
MicroWorld-eScan	Gen:Variant.Ransom.Strictor.14
Tencent	Win32.Backdoor.Cybergate.Uijs
Ad-Aware	Gen:Variant.Ransom.Strictor.14
Comodo	Malware@#2dhsco4zt2rnf
BitDefenderTheta	Gen:NN.ZelphiF.34688.XmGfaWM@RbmG
VIPRE	Trojan.Win32.Generic!BT
FireEye	Gen:Variant.Ransom.Strictor.14
Emsisoft	Gen:Variant.Ransom.Strictor.14 (B)
SentinelOne	Static AI – Suspicious PE
Avira	TR/Injector.gufwm
eGambit	Unsafe.AI_Score_73%
Antiy-AVL	Trojan/Generic.ASMalwS.27FE63A
Microsoft	Worm:Win32/Rebhip
Arcabit	Trojan.Ransom.Strictor.14
GData	Gen:Variant.Ransom.Strictor.14
AhnLab-V3	Malware/Win32.Generic.C2749903
McAfee	Artemis!6FBA1E568FF1
MAX	malware (ai score=99)
VBA32	BScope.Trojan-Dropper.Injector
Panda	Trj/GdSda.A
Rising	Backdoor.Androm!8.113 (CLOUD)
Yandex	Backdoor.Androm!WkVaJJBQ8/E
Ikarus	Trojan.Win32.Injector
Fortinet	W32/Injector.COBZ!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml