Categories: Malware

Win32/Injector.DOWP malicious file

The Win32/Injector.DOWP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.DOWP virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Yara rule detections observed from a process memory dump/dropped files/CAPE
Presents an Authenticode digital signature
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Installs itself for autorun at Windows startup
Deletes executed files from disk

How to determine Win32/Injector.DOWP?


File Info:
name: D698739648717C21E7EB.mlwpath: /opt/CAPEv2/storage/binaries/5f5f1b93913bb05066ba6c017f004525951f587cea100884421775aaf7056f63crc32: 9AC45612md5: d698739648717c21e7eb2ba1806e673asha1: 6a06188fb1b9c471577a851d0d1e16db0a891803sha256: 5f5f1b93913bb05066ba6c017f004525951f587cea100884421775aaf7056f63sha512: a2e32e78b2e9a7455ae91c62592f1877cd44c5928188752f664a5e836cd43037b9cb94bf9b03a5f1a1a030d27c928d1faf1203e4f77634f8539fd54f6856d963ssdeep: 6144:i6i3tMF+sIO7Y1BJ/xcGIPA1cGArUY7YvodpawkHzYyyAjPDV6YRxRmb:i6U+YQ7Y9/xhNWUJWawkH//PJ9dmbtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T11574128DCECDDF66C8E206B5ADCE702AC5F1594D856CD90A2624372B38B32402F6536Esha3_384: a848d1accdaf7653cb91b4d7dd1329ebd97498e399e078b99d4afd6285a071c2f706684465e5d95e547556a6916bd8e5ep_bytes: 5589e583ec18c7042402000000ff1518timestamp: 2014-06-05 03:24:01
Version Info:
CompanyName: Malwarebytes CorporationFileVersion: 1.0.0.532FileDescription: Malwarebytes Anti-MalwareInternalName: mbam.exeLegalCopyright: © Malwarebytes Corporation. All rights reserved.LegalTrademarks: OriginalFilename: mbam.exeProductName: Malwarebytes Anti-MalwareProductVersion: 1.0.0.532Translation: 0x0409 0x04e4

Win32/Injector.DOWP also known as:

Bkav	W32.AIDetect.malware2
Lionic	Heuristic.File.Generic.00×1!p
Cynet	Malicious (score: 100)
McAfee	Generic-FAWI!D69873964871
Malwarebytes	Malware.Heuristic.1001
Zillya	Trojan.Injector.Win32.1500198
Sangfor	Suspicious.Win32.Save.a
Alibaba	Trojan:Win32/Injector.e372bc58
Cybereason	malicious.648717
Symantec	Trojan Horse
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Injector.DOWP
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.GenericKD.50469278
NANO-Antivirus	Trojan.Win32.ZBot.dbmubr
MicroWorld-eScan	Trojan.GenericKD.50469278
Avast	Win32:Trojan-gen
Rising	Backdoor.Fynloski!8.1FD (TFE:5:Za75Vj5uwAK)
Ad-Aware	Trojan.GenericKD.50469278
Emsisoft	Trojan.GenericKD.50469278 (B)
Comodo	Malware@#2zmpw7tzanqky
DrWeb	Trojan.DownLoader5.40674
VIPRE	Trojan.GenericKD.50469278
McAfee-GW-Edition	Generic-FAWI!D69873964871
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.d698739648717c21
Sophos	ML/PE-A + Mal/BadCert-Gen
Ikarus	Trojan-Spy.Win32.Zbot
GData	Trojan.GenericKD.50469278
Jiangmin	Trojan.Waldek.gvj
Webroot	W32.Trojan.GenKD
Avira	HEUR/AGEN.1231745
Antiy-AVL	Trojan/Generic.ASMalwS.51F4
Arcabit	Trojan.Generic.D302199E
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Backdoor:Win32/Fynloski.A
Google	Detected
ALYac	Trojan.GenericKD.50469278
MAX	malware (ai score=100)
VBA32	Backdoor.DarkKomet
Cylance	Unsafe
Tencent	Win32.Trojan.FalseSign.Kajl
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/DarkKomet.DDSN!tr.bdr
AVG	Win32:Trojan-gen
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)