Win32/Injector.EBQH information

The Win32/Injector.EBQH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.EBQH virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
A process created a hidden window
Drops a binary and executes it
Performs some HTTP requests
The executable is compressed using UPX
Uses Windows utilities for basic functionality
Network activity contains more than one unique useragent.
Installs itself for autorun at Windows startup
Attempts to modify proxy settings
Creates a copy of itself
Creates a slightly modified copy of itself
Collects information to fingerprint the system

Related domains:

pastebin.com

cutit.org

q.gs

aporasal.net

How to determine Win32/Injector.EBQH?


File Info:
crc32: 56178686
md5: 24380dfeff1ca1fc1e64995fcfbca2e4
name: 24380DFEFF1CA1FC1E64995FCFBCA2E4.mlw
sha1: 3fa1b26e86b45b7163e2960ce2ec0c4f096988dc
sha256: 3a9052f71200c79827e551113abc41af09d21f327dad1689034f0ad4e62dacf7
sha512: 988094986ebbcf6e849ba1c0d1c527449ac7a3c679fcd24c2ee77e6a54b143dfe09db4b8d263e154bb4c739cf2729416dd610feb275883b997d767dcc1138eb0
ssdeep: 24576:Rx7KGLjTBwgkJz2fN9kTLdKigD6rRSHse:RsSjTBwgkl2fXkTLdAD6rwHz
type: PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

Version Info:
0: [No Data]

Win32/Injector.EBQH also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Razy.576052
CAT-QuickHeal	Trojan.Generic
Qihoo-360	HEUR/QVM19.1.057B.Malware.Gen
ALYac	Gen:Variant.Razy.576052
Cylance	Unsafe
Zillya	Trojan.Injector.Win32.804166
Sangfor	Malware
K7AntiVirus	Trojan ( 0057372a1 )
BitDefender	Gen:Variant.Razy.576052
K7GW	Trojan ( 0057372a1 )
Cybereason	malicious.eff1ca
Cyren	W32/S-91c2cc44!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	HEUR:Trojan.Win32.Generic
NANO-Antivirus	Trojan.Win32.Razy.idvieo
Rising	Trojan.Injector!1.C865 (CLASSIC)
Ad-Aware	Gen:Variant.Razy.576052
Emsisoft	Gen:Variant.Razy.576052 (B)
Comodo	Packed.Win32.MUPX.Gen@24tbus
F-Secure	Heuristic.HEUR/AGEN.1136878
TrendMicro	PAK_Xed-10
McAfee-GW-Edition	BehavesLike.Win32.Generic.cm
FireEye	Generic.mg.24380dfeff1ca1fc
Sophos	ML/PE-A + Troj/Agent-BFYM
Ikarus	Trojan.Win32.Injector
Jiangmin	Trojan.Generic.gmxly
Avira	HEUR/AGEN.1136878
MAX	malware (ai score=81)
Antiy-AVL	Trojan/Win32.Injector
Microsoft	Trojan:Win32/Glupteba!ml
Arcabit	Trojan.Razy.D8CA34
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Razy.576052
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.RL_Generic.R263763
McAfee	GenericRXMX-YR!24380DFEFF1C
VBA32	BScope.Trojan.Wacatac
Malwarebytes	Glupteba.Backdoor.Bruteforce.DDS
Panda	Trj/Genetic.gen
ESET-NOD32	a variant of Win32/Injector.EBQH
TrendMicro-HouseCall	PAK_Xed-10
Tencent	Malware.Win32.Gencirc.11b28945
Yandex	Trojan.Injuke!2yU81wyN//Q
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_91%
Fortinet	W32/Injector.EBQH!tr
BitDefenderTheta	Gen:NN.ZexaF.34804.ZmZ@aa@cnPk
AVG	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_80% (D)
MaxSecure	Trojan.Malware.300983.susgen

How to remove Win32/Injector.EBQH?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32/Injector.EBQH information