Categories: Malware

About “Win32/Injector.DRTR” infection

The Win32/Injector.DRTR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.DRTR virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Reads data out of its own binary image
Executed a process and injected code into it, probably while unpacking
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Installs itself for autorun at Windows startup
Exhibits behavior characteristic of Pony malware
Exhibits possible ransomware file modification behavior
Collects information about installed applications
Creates a hidden or system file
Harvests credentials from local FTP client softwares
Creates a slightly modified copy of itself
Anomalous binary characteristics

How to determine Win32/Injector.DRTR?


File Info:
crc32: 72038B0Dmd5: 6feb068c85298df40c7ffa21e7954cbaname: 6FEB068C85298DF40C7FFA21E7954CBA.mlwsha1: b635b36e5a8661e3c597b5c525bf656323f39f1dsha256: f8f380df4a932e1ee29a38471a3e0e1d059cbfd4ae14721425c9c28709c5d6bfsha512: f261617da8d49afae037914a08c8a285adf54e9deec0bb811b73031f1f753f5cdc5ca5fcbbf2ba5f944ae9d59eac2827a1e7c13f74c9686f6886feb837027ecbssdeep: 3072:N8Kt79UvaYUSEfV7QSK5PMcwLgXNoK9Y+rVNY3dXAsa+9TnLc3:LJ2BUSeNg5UcwkXPv5NY3asaEbtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
Translation: 0x0400 0x04b0LegalCopyright: guaseftInternalName: BarleysFileVersion: 8.06CompanyName: gaiaLegalTrademarks: Http://www.vogazaccoy.ccProductName: Uha jasir liojactProductVersion: 8.06FileDescription: ryvaberiofa GlsOriginalFilename: Barleys.exe

Win32/Injector.DRTR also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.PonyStealer.lm0@cGhOeuhG
FireEye	Generic.mg.6feb068c85298df4
ALYac	Gen:Heur.PonyStealer.lm0@cGhOeuhG
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
CrowdStrike	win/malicious_confidence_80% (D)
BitDefender	Gen:Heur.PonyStealer.lm0@cGhOeuhG
K7GW	Trojan ( 0051750b1 )
K7AntiVirus	Trojan ( 0051750b1 )
BitDefenderTheta	Gen:NN.ZevbaF.34804.lm0@aGhOeuhG
Cyren	W32/VBKrypt.MF.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.DRTR
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Trojan.Fareit-9304317-0
Kaspersky	HEUR:Trojan.Win32.Generic
NANO-Antivirus	Trojan.Win32.Mlw.eszzea
AegisLab	Trojan.Win32.Fareit.i!c
Tencent	Win32.Trojan-qqpass.Qqrob.Wurr
Ad-Aware	Gen:Heur.PonyStealer.lm0@cGhOeuhG
Sophos	ML/PE-A + Mal/FareitVB-M
F-Secure	Heuristic.HEUR/AGEN.1126332
TrendMicro	TrojanSpy.Win32.LOKI.SM.hp
McAfee-GW-Edition	BehavesLike.Win32.Generic.cm
Emsisoft	Gen:Heur.PonyStealer.lm0@cGhOeuhG (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Trojan.PSW.Fareit.nqf
MaxSecure	Trojan.Malware.300983.susgen
Avira	HEUR/AGEN.1126332
MAX	malware (ai score=100)
Antiy-AVL	Trojan[PSW]/Win32.Fareit
Microsoft	VirTool:Win32/VBInject.PB!bit
Arcabit	Trojan.PonyStealer.ED2736
AhnLab-V3	Trojan/Win32.Injector.R209106
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Heur.PonyStealer.lm0@cGhOeuhG
Cynet	Malicious (score: 100)
McAfee	Packed-QD!6FEB068C8529
VBA32	TrojanPSW.Fareit
Malwarebytes	Backdoor.NetWiredRC
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TrojanSpy.Win32.LOKI.SM.hp
Rising	Trojan.Injector!1.B459 (CLASSIC)
Yandex	Trojan.Injector!vhk9yoaJ3vQ
Ikarus	Trojan.Win32.Injector
eGambit	Unsafe.AI_Score_100%
Fortinet	W32/FareitVB.KAD!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
Qihoo-360	Win32/Trojan.PSW.751