Malware

What is “Win32/Injector.COXR”?

Malware Removal

The Win32/Injector.COXR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.COXR virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Portuguese
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Created a process from a suspicious location
  • Attempts to modify proxy settings

How to determine Win32/Injector.COXR?



File Info:

name: BED20A08469967A103E3.mlw
path: /opt/CAPEv2/storage/binaries/a6a6691a9572a39d503c28abbc209e0b36a970e8faa1a1f8bcc8c00cbe79e63b
crc32: DACB6F3B
md5: bed20a08469967a103e3dc76a3397f2f
sha1: 4457c3bcf03b1a08f7a1528e54889086a1f6d461
sha256: a6a6691a9572a39d503c28abbc209e0b36a970e8faa1a1f8bcc8c00cbe79e63b
sha512: 10cb6c76b5ac3225ab0f240722f8aa0112d557baa7e69e0f0fddc2aeabc43483fbc027e645320f1dfa326b6adb7cbc9735290dc710397966fa62ae2a83309701
ssdeep: 1536:+muzozF6666666666669Hzbh9KkojxZz:Vqczbh93gxR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17E53199294A8A090D859F3B1C81E87DF335674E4CA729F0A7DD8B74A79F53D04887F0A
sha3_384: 6d2645d3dc58a462b7e228c6ed22b47d83675d910a34ed856757e27d4e2b6c94eb7659ae0eba77a1a37e24d9aab4c3b9
ep_bytes: 680c7f4000e8f0ffffff000000000000
timestamp: 2015-12-17 13:14:43


Version Info:

Translation: 0x0409 0x04b0
CompanyName: Bimbo Manlia
ProductName: Referenzlaufzeitmessungen1
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Zanbaria
OriginalFilename: Zanbaria.exe

Win32/Injector.COXR also known as:

BkavW32.AIDetect.malware1
DrWebTrojan.DownLoader18.16003
MicroWorld-eScanGen:Heur.PonyStealer.dm0@nO9OWsbO
FireEyeGeneric.mg.bed20a08469967a1
McAfeeGenericR-FQI!BED20A084699
CylanceUnsafe
SangforTrojan.Win32.Injector.COXR
K7AntiVirusTrojan-Downloader ( 005323de1 )
AlibabaTrojan:Win32/Injector.0150683d
K7GWTrojan-Downloader ( 005323de1 )
Cybereasonmalicious.846996
BitDefenderThetaGen:NN.ZevbaF.34786.dm0@aO9OWsbO
SymantecTrojan.Maljava
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.COXR
APEXMalicious
Paloaltogeneric.ml
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderGen:Heur.PonyStealer.dm0@nO9OWsbO
NANO-AntivirusTrojan.Win32.Dwn.dznggu
SUPERAntiSpywareTrojan.Agent/Gen-VB
AvastWin32:Malware-gen
TencentWin32.Trojan.Dropper.Pkqs
Ad-AwareGen:Heur.PonyStealer.dm0@nO9OWsbO
SophosMal/Generic-S
ComodoMalware@#16jy05ota37g
F-SecureHeuristic.HEUR/AGEN.1206813
VIPREGen:Heur.PonyStealer.dm0@nO9OWsbO
TrendMicroTROJ_FRS.0NA003JT16
McAfee-GW-EditionBehavesLike.Win32.VBObfus.km
Trapminemalicious.high.ml.score
EmsisoftGen:Heur.PonyStealer.dm0@nO9OWsbO (B)
SentinelOneStatic AI – Suspicious PE
GDataGen:Heur.PonyStealer.dm0@nO9OWsbO
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1206813
ArcabitTrojan.PonyStealer.EDD401
ZoneAlarmUDS:DangerousObject.Multi.Generic
MicrosoftPWS:Win32/Zbot!ml
CynetMalicious (score: 99)
ALYacGen:Heur.PonyStealer.dm0@nO9OWsbO
MAXmalware (ai score=86)
MalwarebytesMalware.Heuristic.1001
TrendMicro-HouseCallTROJ_FRS.0NA003JT16
RisingTrojan.Injector!8.C4 (CLOUD)
IkarusTrojan.Win32.Injector
FortinetW32/Injector.CRZM!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32/Injector.COXR?

Win32/Injector.COXR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment