Malware

What is “Win32/Injector.DVXI”?

Malware Removal

The Win32/Injector.DVXI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Injector.DVXI virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the Remcos malware family
  • Creates a copy of itself
  • Deletes executed files from disk
  • Creates known Remcos mutexes

How to determine Win32/Injector.DVXI?


File Info:

name: 3D5D0DBAE8A5639C7827.mlw
path: /opt/CAPEv2/storage/binaries/e4926bef04ba6b005622db01496e1f5cb3c4e26998e2a4d06af31fbcdb505662
crc32: B6C78596
md5: 3d5d0dbae8a5639c78278c0f6673b5d9
sha1: 451d25380338bc435da63d6dfe5f9e7957306607
sha256: e4926bef04ba6b005622db01496e1f5cb3c4e26998e2a4d06af31fbcdb505662
sha512: 0adc13197d034027268fdcd22a5d9841ce8eaca86637e0f0bd7ed3da9ca4228ea56a32d89bd0eef1eaabd906a45e93192a04f4a852f2378eb4a5c1dfa2e7e601
ssdeep: 6144:jZOip+PcslzI9z7tqljBFUnMfp3udOz6SJKn6f5If8:jzpaccs9Htqlj6MfpZz6Z6fK8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17F34227A8BF1CE3DD60024BD8ABBCDAE25156FA0A872054F5AD13DED3AB0F500175D19
sha3_384: 737290d7af29e2027c2f7017b8a55e3ae46b48e5fa29029e356750bd9ed5b6a2a39b2de17b0a746891d3efad4e057cd8
ep_bytes: 6864924300e8f0ffffff000000000000
timestamp: 2018-02-13 19:59:36

Version Info:

Translation: 0x0409 0x04b0
ProductName: Gutter1
FileVersion: 4.07.0002
ProductVersion: 4.07.0002
InternalName: Shod4
OriginalFilename: Shod4.exe

Win32/Injector.DVXI also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.APosT.4!c
MicroWorld-eScanGen:Heur.PonyStealer.pm0@cCAw6Gdi
ClamAVWin.Malware.Apost-7612696-0
McAfeePacked-ZT!3D5D0DBAE8A5
CylanceUnsafe
ZillyaTrojan.GenericKD.Win32.105897
SangforSuspicious.Win32.Save.vb
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/APosT.b684316c
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.ae8a56
VirITTrojan.Win32.VBPack_Heur
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.DVXI
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.PonyStealer.pm0@cCAw6Gdi
NANO-AntivirusTrojan.Win32.APosT.eyckrc
AvastWin32:Malware-gen
TencentWin32.Trojan.Generic.Qsmw
Ad-AwareGen:Heur.PonyStealer.pm0@cCAw6Gdi
SophosML/PE-A + Mal/FareitVB-M
ComodoMalware@#3rj9fn4lgbzec
DrWebTrojan.DownLoader26.15541
VIPREGen:Heur.PonyStealer.pm0@cCAw6Gdi
TrendMicroTSPY_HPLOKI.SMDS
McAfee-GW-EditionPacked-ZT!3D5D0DBAE8A5
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.3d5d0dbae8a5639c
EmsisoftGen:Heur.PonyStealer.pm0@cCAw6Gdi (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.PonyStealer.pm0@cCAw6Gdi
JiangminTrojan.APosT.jp
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1210921
Antiy-AVLTrojan/Generic.ASMalwS.4B1C
ArcabitTrojan.PonyStealer.EDE9EC
MicrosoftTrojan:Win32/Skeeyah.A!rfn
GoogleDetected
AhnLab-V3Win-Trojan/VBKrypt.RP02.X1828
BitDefenderThetaGen:NN.ZevbaF.34682.pm0@aCAw6Gdi
ALYacGen:Heur.PonyStealer.pm0@cCAw6Gdi
MAXmalware (ai score=100)
VBA32Trojan.APosT
MalwarebytesMachineLearning/Anomalous.96%
TrendMicro-HouseCallTSPY_HPLOKI.SMDS
RisingBackdoor.Remcos!8.B89E (CLOUD)
YandexTrojan.GenAsa!lFldFkumeOc
IkarusTrojan.Win32.APosT
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.BOIN!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Win32/Injector.DVXI?

Win32/Injector.DVXI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment