Malware

Win32/Injector.DOWP malicious file

Malware Removal

The Win32/Injector.DOWP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Injector.DOWP virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Deletes executed files from disk

How to determine Win32/Injector.DOWP?


File Info:

name: D698739648717C21E7EB.mlw
path: /opt/CAPEv2/storage/binaries/5f5f1b93913bb05066ba6c017f004525951f587cea100884421775aaf7056f63
crc32: 9AC45612
md5: d698739648717c21e7eb2ba1806e673a
sha1: 6a06188fb1b9c471577a851d0d1e16db0a891803
sha256: 5f5f1b93913bb05066ba6c017f004525951f587cea100884421775aaf7056f63
sha512: a2e32e78b2e9a7455ae91c62592f1877cd44c5928188752f664a5e836cd43037b9cb94bf9b03a5f1a1a030d27c928d1faf1203e4f77634f8539fd54f6856d963
ssdeep: 6144:i6i3tMF+sIO7Y1BJ/xcGIPA1cGArUY7YvodpawkHzYyyAjPDV6YRxRmb:i6U+YQ7Y9/xhNWUJWawkH//PJ9dmb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11574128DCECDDF66C8E206B5ADCE702AC5F1594D856CD90A2624372B38B32402F6536E
sha3_384: a848d1accdaf7653cb91b4d7dd1329ebd97498e399e078b99d4afd6285a071c2f706684465e5d95e547556a6916bd8e5
ep_bytes: 5589e583ec18c7042402000000ff1518
timestamp: 2014-06-05 03:24:01

Version Info:

CompanyName: Malwarebytes Corporation
FileVersion: 1.0.0.532
FileDescription: Malwarebytes Anti-Malware
InternalName: mbam.exe
LegalCopyright: © Malwarebytes Corporation. All rights reserved.
LegalTrademarks:
OriginalFilename: mbam.exe
ProductName: Malwarebytes Anti-Malware
ProductVersion: 1.0.0.532
Translation: 0x0409 0x04e4

Win32/Injector.DOWP also known as:

BkavW32.AIDetect.malware2
LionicHeuristic.File.Generic.00×1!p
CynetMalicious (score: 100)
McAfeeGeneric-FAWI!D69873964871
MalwarebytesMalware.Heuristic.1001
ZillyaTrojan.Injector.Win32.1500198
SangforSuspicious.Win32.Save.a
AlibabaTrojan:Win32/Injector.e372bc58
Cybereasonmalicious.648717
SymantecTrojan Horse
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.DOWP
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.GenericKD.50469278
NANO-AntivirusTrojan.Win32.ZBot.dbmubr
MicroWorld-eScanTrojan.GenericKD.50469278
AvastWin32:Trojan-gen
RisingBackdoor.Fynloski!8.1FD (TFE:5:Za75Vj5uwAK)
Ad-AwareTrojan.GenericKD.50469278
EmsisoftTrojan.GenericKD.50469278 (B)
ComodoMalware@#2zmpw7tzanqky
DrWebTrojan.DownLoader5.40674
VIPRETrojan.GenericKD.50469278
McAfee-GW-EditionGeneric-FAWI!D69873964871
Trapminesuspicious.low.ml.score
FireEyeGeneric.mg.d698739648717c21
SophosML/PE-A + Mal/BadCert-Gen
IkarusTrojan-Spy.Win32.Zbot
GDataTrojan.GenericKD.50469278
JiangminTrojan.Waldek.gvj
WebrootW32.Trojan.GenKD
AviraHEUR/AGEN.1231745
Antiy-AVLTrojan/Generic.ASMalwS.51F4
ArcabitTrojan.Generic.D302199E
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftBackdoor:Win32/Fynloski.A
GoogleDetected
ALYacTrojan.GenericKD.50469278
MAXmalware (ai score=100)
VBA32Backdoor.DarkKomet
CylanceUnsafe
TencentWin32.Trojan.FalseSign.Kajl
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/DarkKomet.DDSN!tr.bdr
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Injector.DOWP?

Win32/Injector.DOWP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment