Malware

Win32/Injector.DLYL removal

Malware Removal

The Win32/Injector.DLYL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.DLYL virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Attempts to connect to a dead IP:Port (20 unique times)
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Executed a process and injected code into it, probably while unpacking
  • Steals private information from local Internet browsers
  • Exhibits behavior characteristic of Kelihos malware
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Creates a hidden or system file
  • Attempts to access Bitcoin/ALTCoin wallets
  • Harvests credentials from local FTP client softwares
  • Installs WinPCAP

How to determine Win32/Injector.DLYL?



File Info:

crc32: 45705FE5
md5: 6dc635fe9448403129b2f41b91bbf796
name: 6DC635FE9448403129B2F41B91BBF796.mlw
sha1: 43bae485042edcf2bd6153c394f14aba80891131
sha256: 186a2aabb6274c9b1da3a3ae48baa8df206959e55974c3f662ac320eb0b9fee3
sha512: f2b6ae55a7e09e2051a877b2f1683384df6016c1c386c316f8bf8f44d51b9568c69a7af2759b7b094a5764f7f76a8ceae842726dd8658ba877f563214d88db2a
ssdeep: 24576:IaY2+r4VBv6yyFa7zalokvL1HcnIfWJLpkrmVLXvi4nz2Q:ZY0Ac7QokvL9gIfidPVjvznCQ
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows


Version Info:

LegalCopyright: x7248x6743x6240x6709 (C) 1999
InternalNamex90ColorProcessxc90: @x0ex01LegalCopyr
FileVersion: 1, 0, 0, 1
ProductName: ColorProcess x5e94x7528x7a0bx5e8f
ProductVersion: 1, 0, 0, 1
FileDescription: ColorProcess Microsoft x57fax7840x7c7bx5e94x7528x7a0bx5e8fx9000
OriginalFilename: ColorProcess.EXEx9000
Trax906eslation: 0x0804 0x04b0

Win32/Injector.DLYL also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zbot.227
FireEyeGeneric.mg.6dc635fe94484031
CAT-QuickHealTrojan.Generic.ZZ4
McAfeeGenericRXBA-ZR!6DC635FE9448
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusTrojan ( 005075771 )
BitDefenderGen:Variant.Zbot.227
K7GWTrojan ( 005075771 )
Cybereasonmalicious.e94484
CyrenW32/Injector.IT.gen!Eldorado
SymantecBackdoor.Trojan
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Yakes-6981304-0
KasperskyUDS:DangerousObject.Multi.Generic
NANO-AntivirusTrojan.Win32.DLYL.emgyyh
ViRobotBackdoor.Win32.Hlux.1097580
RisingTrojan.Generic@ML.100 (RDML:KyWaOyZLSxGMk892nDzGmg)
Ad-AwareGen:Variant.Zbot.227
EmsisoftGen:Variant.Zbot.227 (B)
ComodoMalware@#7wzpvkwu02eq
F-SecureHeuristic.HEUR/AGEN.1100276
DrWebBackDoor.Siggen.60255
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SophosMal/Generic-S
IkarusTrojan.Win32.Krypt
JiangminTrojan.Inject.wyq
eGambitUnsafe.AI_Score_95%
AviraHEUR/AGEN.1100276
MAXmalware (ai score=86)
Antiy-AVLTrojan/Win32.TSGeneric
MicrosoftBackdoor:Win32/Kelihos
ArcabitTrojan.Zbot.227
GDataGen:Variant.Zbot.227
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Hlux.R196261
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34804.dr3@aCIJt6gb
ALYacGen:Variant.Zbot.227
VBA32Backdoor.Androm
MalwarebytesZbot.Trojan.Stealer.DDS
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Injector.DLYL
TencentMalware.Win32.Gencirc.10b1e2a7
YandexTrojan.GenAsa!ZxwqadE8UEo
SentinelOneStatic AI – Malicious PE
FortinetW32/Injector.DMAZ!tr
WebrootW32.Trojan.Gen
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32/Injector.DLYL?

Win32/Injector.DLYL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment