Categories: Malware

About “Win32/Injector.DINP” infection

The Win32/Injector.DINP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.DINP virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Injection with CreateRemoteThread in a remote process
Creates RWX memory
A process attempted to delay the analysis task.
Starts servers listening on 0.0.0.0:5434
Expresses interest in specific running processes
Executed a process and injected code into it, probably while unpacking
Code injection with CreateRemoteThread in a remote process
Installs itself for autorun at Windows startup
Exhibits behavior characteristic of Pony malware
Collects information about installed applications
Operates on local firewall’s policies and settings
Attempts to disable UAC
Harvests credentials from local FTP client softwares
Attempts to modify or disable Security Center warnings
Attempts to block SafeBoot use by removing registry keys
Anomalous binary characteristics
Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Win32/Injector.DINP?


File Info:
crc32: F5A19FFDmd5: f0479b556b4f2609f9de7e064f5c77c7name: F0479B556B4F2609F9DE7E064F5C77C7.mlwsha1: fc45a1c5e1f3a9c22380b1397645dbe0fd283173sha256: 8baaff87bacda2f9384304d02feef0d056f1f13d7654b54aa04eec8726242e70sha512: 762d103f1b7298c0aba87deabe5c06d1a399e7d0b2b8b6db5fab58543d1c4001111a9129f11b4636bf7e466b4881fb88deef9de197ccd8d9a6147c96892df81assdeep: 6144:x+eBjZfaVtWodQAiXxw+BFAP0r5my+US:x+eBdfONGpXxR7W0r5mtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x0409 0x04b0InternalName: TzmFileVersion: 7.05.0009CompanyName:  KapcomProductName: Hexagons8ProductVersion: 7.05.0009FileDescription: Nonliberalism0OriginalFilename: Tzm.EXE

Win32/Injector.DINP also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 0055e3991 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen6.18140
Cynet	Malicious (score: 100)
ALYac	Gen:Heur.PonyStealer.wm0@c8UgwHmi
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Ransom:Win32/Blocker.1cda878e
K7GW	Trojan ( 0055e3991 )
Cybereason	malicious.56b4f2
Cyren	W32/VBInject.HV.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.DINP
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan-Ransom.Win32.Blocker.jvev
BitDefender	Gen:Heur.PonyStealer.wm0@c8UgwHmi
NANO-Antivirus	Trojan.Win32.Blocker.ejsvkb
MicroWorld-eScan	Gen:Heur.PonyStealer.wm0@c8UgwHmi
Tencent	Win32.Trojan.Blocker.Dzsx
Ad-Aware	Gen:Heur.PonyStealer.wm0@c8UgwHmi
Sophos	Mal/Generic-R + Mal/FareitVB-M
BitDefenderTheta	Gen:NN.ZevbaF.34608.wm0@a8UgwHmi
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Fareit.fm
FireEye	Generic.mg.f0479b556b4f2609
Emsisoft	Gen:Heur.PonyStealer.wm0@c8UgwHmi (B)
SentinelOne	Static AI – Suspicious PE
Avira	HEUR/AGEN.1128741
eGambit	Unsafe.AI_Score_100%
Kingsoft	Win32.Heur.KVMH008.a.(kcloud)
Microsoft	Trojan:Win32/Tnega!ml
Arcabit	Trojan.PonyStealer.E57F04
AegisLab	Trojan.Win32.Blocker.j!c
GData	Gen:Heur.PonyStealer.wm0@c8UgwHmi
AhnLab-V3	Win-Trojan/VBKrypt.RP.X1764
McAfee	Artemis!F0479B556B4F
MAX	malware (ai score=83)
VBA32	TScope.Trojan.VB
Panda	Trj/GdSda.A
Rising	Trojan.Injector!1.B459 (CLASSIC)
Yandex	Trojan.GenAsa!MQLQGQVtqFw
Ikarus	Trojan.Win32.Injector
Fortinet	W32/Injector.EJWI!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.Blocker.HwMAvEEA