Malware

What is “Win32/Injector.DLNB”?

Malware Removal

The Win32/Injector.DLNB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.DLNB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the NanoCore malware family
  • Anomalous binary characteristics

How to determine Win32/Injector.DLNB?



File Info:

name: F0D6E1E20A4F2CC32A3B.mlw
path: /opt/CAPEv2/storage/binaries/6817a44366efbe64060ae541e02958230bd1429fea9c728c97290c07cb5c794c
crc32: 8493C9C3
md5: f0d6e1e20a4f2cc32a3b3223bc522031
sha1: 5136cd3e121a65dfd5aedf8037f76611ecc86753
sha256: 6817a44366efbe64060ae541e02958230bd1429fea9c728c97290c07cb5c794c
sha512: 7ade2f87bad5ba617f871ecf818c8ca218d54383f526b213f7d61fd32bb0098d384f36bf714598512f4edc00906adc2d2c3fcef1b6ea036173cfe97578c7d1e6
ssdeep: 12288:4jdI3h3rQabHdOMGw8N0a8157MpgDOTrE2R+qL:48h3r7938O4pj/bRTL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B5C4E0E350E3C45AD9EF47FE683A103D42173CD1DDAA2C724AB47BC28B786416B462B5
sha3_384: 161a60cc618d1854f35adb96f59f474ced87d7ea1f5119231d9afb625ab117c3e3c0af15f4cc646fa0f43efb4f2a1c3c
ep_bytes: 68b4ab4800e8eeffffff000000000000
timestamp: 2017-02-20 11:09:42


Version Info:

Translation: 0x0409 0x04b0
Comments: Waoadinis
CompanyName: ufykr679i7ldlf58lftifgtukdf589f58lf58k9df59f5t9ld589ldf568d8df5658l,df568ldf568ld5f68ldf568ldf568kdf568kdf568df568lkdf568ldf568ldf568ldf568d5f68ld5l68
FileDescription: Waoadinis
ProductName: Wilkesville2
FileVersion: 1.09.0006
ProductVersion: 1.09.0006
InternalName: Pizzicore
OriginalFilename: Pizzicore.exe

Win32/Injector.DLNB also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.PonyStealer.Km0@eKhBDrgi
FireEyeGeneric.mg.f0d6e1e20a4f2cc3
ALYacGen:Heur.PonyStealer.Km0@eKhBDrgi
CylanceUnsafe
ZillyaTrojan.Injector.Win32.624125
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005060a41 )
K7GWTrojan ( 005060a41 )
Cybereasonmalicious.20a4f2
BitDefenderThetaGen:NN.ZevbaF.34062.Km0@aKhBDrgi
CyrenW32/Agent.AYB.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.DLNB
APEXMalicious
ClamAVWin.Trojan.VBSinkDropper-6294288-0
KasperskyBackdoor.MSIL.NanoBot.ahim
BitDefenderGen:Heur.PonyStealer.Km0@eKhBDrgi
NANO-AntivirusTrojan.Win32.PonyStealer.fjhofv
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.114d83f7
Ad-AwareGen:Heur.PonyStealer.Km0@eKhBDrgi
SophosML/PE-A + Mal/FareitVB-I
DrWebTrojan.Nanocore.24
VIPRETrojan.Win32.Generic!BT
TrendMicroTrojanSpy.Win32.LOKI.SM.hp
McAfee-GW-EditionBehavesLike.Win32.Fareit.hc
EmsisoftGen:Heur.PonyStealer.Km0@eKhBDrgi (B)
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.MSIL.aumd
AviraHEUR/AGEN.1127031
Antiy-AVLTrojan/Generic.ASMalwS.28A62D6
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataGen:Heur.PonyStealer.Km0@eKhBDrgi
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/VBKrypt.RP.X1764
McAfeeFareit-FHG!F0D6E1E20A4F
MAXmalware (ai score=84)
VBA32Backdoor.MSIL.NanoBot
MalwarebytesMalware.AI.4112803022
TrendMicro-HouseCallTrojanSpy.Win32.LOKI.SM.hp
RisingTrojan.Injector!1.B459 (CLASSIC)
YandexBackdoor.NanoBot!8Ey66wBAeTc
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.DLNB!tr
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32/Injector.DLNB?

Win32/Injector.DLNB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment