Categories: Malware

Win32/Injector.DVLL information

The Win32/Injector.DVLL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.DVLL virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Dynamic (imported) function loading detected
Reads data out of its own binary image
A process created a hidden window
CAPE extracted potentially suspicious content
Drops a binary and executes it
Authenticode signature is invalid
A scripting utility was executed
Created a process from a suspicious location
Installs itself for autorun at Windows startup
A script process created a new process
Anomalous binary characteristics

How to determine Win32/Injector.DVLL?


File Info:
name: F0117F71CF777966DB71.mlwpath: /opt/CAPEv2/storage/binaries/b0221af8d86abbd615116e753f7945eff65d23ffe088513ea5abe330f859d34acrc32: 1C234ED0md5: f0117f71cf777966db711e20212e077csha1: 71f2d370f3e321bf06f1a62101041f0116a54a5bsha256: b0221af8d86abbd615116e753f7945eff65d23ffe088513ea5abe330f859d34asha512: 4b19505f673439ffef12dc829d78626e2be4d427ae9f2fee2adefc261d3ac4670826894ecedbe659314a425cededcd4bdbfe07002865ce5eb2221d31cc76a76cssdeep: 3072:p35cx43IxDe471h5nApYaQnc/aUXw4c/FKUdE1hv7QTFzSLB2gbtLn1NOdk8QYmH:p3OKI9eY1DnATQ7GEKUdSgzjgbZnXOwtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T17594F1305EA23654D7D1DE78493FC49CFE273D3C88460EF917AA3E14AAFB6405B26258sha3_384: d54fae4bf654527bbd495a6af303f3637c50d5307f2af2dbdefcc081fee5d18c3872137935c49f3ec32dbb23ef95a5beep_bytes: 6820144000e8f0ffffff000000000000timestamp: 2018-01-29 23:36:47
Version Info:
Translation: 0x0409 0x04b0CompanyName: s-ypeFileDescription: fOOBar3000.ORgProductName: Spicevpn.COmFileVersion: 1.05ProductVersion: 1.05InternalName: Futilities5OriginalFilename: Futilities5.exe

Win32/Injector.DVLL also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.PonyStealer.zm0@cKz6wqhi
FireEye	Generic.mg.f0117f71cf777966
McAfee	Packed-YP!F0117F71CF77
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005255d61 )
K7GW	Trojan ( 005255d61 )
Cybereason	malicious.1cf777
VirIT	Trojan.Win32.VBZenPack_Heur
Cyren	W32/Trojan.BEG.gen!Eldorado
Symantec	Packed.Generic.519
ESET-NOD32	a variant of Win32/Injector.DVLL
APEX	Malicious
ClamAV	Win.Packed.Formbook-9917820-0
Kaspersky	Trojan.Win32.VBKrypt.yyyq
BitDefender	Gen:Heur.PonyStealer.zm0@cKz6wqhi
NANO-Antivirus	Trojan.Win32.Mlw.exmitx
Avast	Win32:Malware-gen
Ad-Aware	Gen:Heur.PonyStealer.zm0@cKz6wqhi
Sophos	ML/PE-A + Mal/FareitVB-M
DrWeb	Trojan.VbCrypt.150
TrendMicro	TSPY_HPFAREIT.SMVB
McAfee-GW-Edition	BehavesLike.Win32.VBObfus.gm
Emsisoft	Gen:Heur.PonyStealer.zm0@cKz6wqhi (B)
SentinelOne	Static AI – Malicious PE
GData	Gen:Heur.PonyStealer.zm0@cKz6wqhi
Jiangmin	Trojan.VBKrypt.ewrp
Avira	HEUR/AGEN.1109921
Antiy-AVL	Trojan/Generic.ASMalwS.2464DCB
Arcabit	Trojan.PonyStealer.E27B34
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/VBKrypt.RP02.X1828
VBA32	BScope.TrojanSpy.Noon
ALYac	Gen:Heur.PonyStealer.zm0@cKz6wqhi
MAX	malware (ai score=81)
Malwarebytes	Spyware.LokiBot
TrendMicro-HouseCall	TSPY_HPFAREIT.SMVB
eGambit	Unsafe.AI_Score_100%
Fortinet	W32/Injector.DWMX!tr
BitDefenderTheta	Gen:NN.ZevbaF.34114.zm0@aKz6wqhi
AVG	Win32:Malware-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)
MaxSecure	Trojan.Malware.300983.susgen