Malware

What is “Win32/Injector.COFG”?

Malware Removal

The Win32/Injector.COFG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.COFG virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Injector.COFG?



File Info:

name: 07A701CF23A38F473FA4.mlw
path: /opt/CAPEv2/storage/binaries/a756a2f6934d6fcaf646dd5aa07e2c4113de850d4f548c2c255c63ac9609254a
crc32: A8E86886
md5: 07a701cf23a38f473fa43b5f955f2430
sha1: be58edbfedcf0853b0f0c9faea88e15ad77c7658
sha256: a756a2f6934d6fcaf646dd5aa07e2c4113de850d4f548c2c255c63ac9609254a
sha512: e5a2bd3945de20cd74eeb687ffce3cb42098bfa618754119c31e5ac2f64af72d0aa04001f0850c245f94b4794c14ed88f2933a3f870019690b348e9907aa0dd6
ssdeep: 24576:gDZQJj3mDvjBxYry4XagnNi2/vwjF1FhDW9vzy3K0rKDs+Tpalg6:AEqDvjrYhhnrwxhDWR8K0rNC6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C945231119E581BBF4F177B411FA21A3A1BABCF06E71671BD782A8D80D666C0693C31F
sha3_384: 3d35833defc4bee3cd8ce57e0f38806a973bea40ffaece73b95fb67c8840c0f6d99cbbb9cb9daa24048861bd9752fc22
ep_bytes: e80a000000e97affffffcccccccccc8b
timestamp: 2004-08-04 06:01:37


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: Wextract                
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.00.2900.2180
Translation: 0x0409 0x04b0

Win32/Injector.COFG also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Yakes.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Heur.Crifi.2
ClamAVWin.Dropper.DarkComet-6305705-0
FireEyeGeneric.mg.07a701cf23a38f47
ALYacGen:Heur.Crifi.2
Cylanceunsafe
SangforTrojan.Win32.Generic.8
K7AntiVirusTrojan ( 004d8efa1 )
K7GWTrojan ( 004d8efa1 )
Cybereasonmalicious.f23a38
VirITTrojan.Win32.Inject3.TPK
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Injector.COFG
APEXMalicious
CynetMalicious (score: 100)
KasperskyUDS:Trojan-Dropper.Win32.Injector.gen
BitDefenderGen:Heur.Crifi.2
NANO-AntivirusTrojan.Win32.Inject.dzetqz
AvastWin32:Evo-gen [Trj]
TencentWin32.Trojan.Generic.Jflw
TACHYONBackdoor/W32.Bifrose.1215488
SophosTroj/MDrop-GWI
F-SecureHeuristic.HEUR/AGEN.1325810
DrWebTrojan.DownLoader17.52584
VIPREGen:Heur.Crifi.2
TrendMicroTROJ_GEN.R002C0PFG23
McAfee-GW-EditionGenericR-FKT!EF45336EE2E4
Trapminemalicious.high.ml.score
EmsisoftGen:Heur.Crifi.2 (B)
GDataGen:Heur.Crifi.2
JiangminTrojan.Yakes.efa
AviraHEUR/AGEN.1325810
Antiy-AVLTrojan/Win32.Yakes
XcitiumMalware@#1ewiv4v85e50f
ArcabitTrojan.Crifi.2
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftDDoS:Win32/Nitol.B
GoogleDetected
McAfeeArtemis!07A701CF23A3
MAXmalware (ai score=83)
VBA32Trojan.Yakes
MalwarebytesRansom.CryptoWall
PandaGeneric Suspicious
TrendMicro-HouseCallTROJ_GEN.R002C0PFG23
RisingRansom.Cryptowall!8.122DE (TFE:5:22SNITMOwxN)
YandexTrojan.Yakes!5ApN7szXmr4
IkarusTrojan.Win32.Injector
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.COFG!tr
BitDefenderThetaAI:Packer.2714DD4323
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Injector.COFG?

Win32/Injector.COFG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment