Malware

About “Win32/Injector.DINP” infection

Malware Removal

The Win32/Injector.DINP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.DINP virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Starts servers listening on 0.0.0.0:5434
  • Expresses interest in specific running processes
  • Executed a process and injected code into it, probably while unpacking
  • Code injection with CreateRemoteThread in a remote process
  • Installs itself for autorun at Windows startup
  • Exhibits behavior characteristic of Pony malware
  • Collects information about installed applications
  • Operates on local firewall’s policies and settings
  • Attempts to disable UAC
  • Harvests credentials from local FTP client softwares
  • Attempts to modify or disable Security Center warnings
  • Attempts to block SafeBoot use by removing registry keys
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Win32/Injector.DINP?



File Info:

crc32: F5A19FFD
md5: f0479b556b4f2609f9de7e064f5c77c7
name: F0479B556B4F2609F9DE7E064F5C77C7.mlw
sha1: fc45a1c5e1f3a9c22380b1397645dbe0fd283173
sha256: 8baaff87bacda2f9384304d02feef0d056f1f13d7654b54aa04eec8726242e70
sha512: 762d103f1b7298c0aba87deabe5c06d1a399e7d0b2b8b6db5fab58543d1c4001111a9129f11b4636bf7e466b4881fb88deef9de197ccd8d9a6147c96892df81a
ssdeep: 6144:x+eBjZfaVtWodQAiXxw+BFAP0r5my+US:x+eBdfONGpXxR7W0r5m
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0409 0x04b0
InternalName: Tzm
FileVersion: 7.05.0009
CompanyName:  Kapcom
ProductName: Hexagons8
ProductVersion: 7.05.0009
FileDescription: Nonliberalism0
OriginalFilename: Tzm.EXE

Win32/Injector.DINP also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0055e3991 )
Elasticmalicious (high confidence)
DrWebTrojan.Siggen6.18140
CynetMalicious (score: 100)
ALYacGen:Heur.PonyStealer.wm0@c8UgwHmi
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Blocker.1cda878e
K7GWTrojan ( 0055e3991 )
Cybereasonmalicious.56b4f2
CyrenW32/VBInject.HV.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.DINP
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Blocker.jvev
BitDefenderGen:Heur.PonyStealer.wm0@c8UgwHmi
NANO-AntivirusTrojan.Win32.Blocker.ejsvkb
MicroWorld-eScanGen:Heur.PonyStealer.wm0@c8UgwHmi
TencentWin32.Trojan.Blocker.Dzsx
Ad-AwareGen:Heur.PonyStealer.wm0@c8UgwHmi
SophosMal/Generic-R + Mal/FareitVB-M
BitDefenderThetaGen:NN.ZevbaF.34608.wm0@a8UgwHmi
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Fareit.fm
FireEyeGeneric.mg.f0479b556b4f2609
EmsisoftGen:Heur.PonyStealer.wm0@c8UgwHmi (B)
SentinelOneStatic AI – Suspicious PE
AviraHEUR/AGEN.1128741
eGambitUnsafe.AI_Score_100%
KingsoftWin32.Heur.KVMH008.a.(kcloud)
MicrosoftTrojan:Win32/Tnega!ml
ArcabitTrojan.PonyStealer.E57F04
AegisLabTrojan.Win32.Blocker.j!c
GDataGen:Heur.PonyStealer.wm0@c8UgwHmi
AhnLab-V3Win-Trojan/VBKrypt.RP.X1764
McAfeeArtemis!F0479B556B4F
MAXmalware (ai score=83)
VBA32TScope.Trojan.VB
PandaTrj/GdSda.A
RisingTrojan.Injector!1.B459 (CLASSIC)
YandexTrojan.GenAsa!MQLQGQVtqFw
IkarusTrojan.Win32.Injector
FortinetW32/Injector.EJWI!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Blocker.HwMAvEEA

How to remove Win32/Injector.DINP?

Win32/Injector.DINP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment