About "Win32/Injector.EFUF" infection

The Win32/Injector.EFUF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.EFUF virus can do?

Executable code extraction
Injection (inter-process)
Injection with CreateRemoteThread in a remote process
Creates RWX memory
Unconventionial language used in binary resources: Arabic (Egypt)
The binary likely contains encrypted or compressed data.
Installs itself for autorun at Windows startup
Network activity detected but not expressed in API logs
Creates a copy of itself
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Win32/Injector.EFUF?


File Info:
crc32: 3F4FE811
md5: a3e1b95a3474773407d6d41083c29bd9
name: shitting24.exe
sha1: dc028f53c204431af72b2358d52e7ea4b014502c
sha256: fd09cebf7aaacf842a26da5ac30bb855dca802f87bbe2a7fb597cd9506c91d4a
sha512: e8184d6bac05140ed9654861121660bc4c7d576f3677eef4e24822793c4707241eb5cc8d0afef93259e4c06735222ba8b35fa63971b5cd3e287e05b854ab154d
ssdeep: 12288:jrH+KtsHTO/Oe2IdkEaoLlZQmKKINs4DcI0qPvLLh+l9pu3i0EzAY0WgBSkk3kJ:jrHjGO/OHMlN/INROejyCpW4o
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright xa9 2000-2007 Heaventools Software
InternalName: PE Explorer
FileVersion: 1.99.0.1200
CompanyName: Heaventools Software
LegalTrademarks: PE Explorer is a trademark of Heaventools Software
Comments: 
ProductName: PE Explorer
ProductVersion: 1.0.0.0
FileDescription: PE Explorer
OriginalFilename: pexplorer.exe
Translation: 0x0409 0x04e4

Win32/Injector.EFUF also known as:

DrWeb	Trojan.PWS.Stealer.23680
MicroWorld-eScan	Trojan.GenericKD.41133542
FireEye	Generic.mg.a3e1b95a34747734
CAT-QuickHeal	TrojanPWS.Fareit
ALYac	Trojan.GenericKD.41133542
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Fareit.4!c
K7AntiVirus	Trojan ( 0054a4521 )
BitDefender	Trojan.GenericKD.41133542
K7GW	Trojan ( 0054a4521 )
Cybereason	malicious.a34747
TrendMicro	Trojan.Win32.COSMU.SM
BitDefenderTheta	Gen:NN.ZelphiF.32250.WO0baWVOX1kO
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
ClamAV	Win.Malware.Nymeria-6963730-0
GData	Trojan.GenericKD.41133542
Kaspersky	Trojan-PSW.Win32.Fareit.evvq
Alibaba	TrojanPSW:Win32/Fareit.1cc4b3b7
NANO-Antivirus	Trojan.Win32.Gorgon.fofwtc
Ad-Aware	Trojan.GenericKD.41133542
Sophos	Mal/Generic-S
Comodo	Malware@#2v1feyr1fa0lk
F-Secure	Trojan.TR/Kryptik.jrfri
Zillya	Trojan.Fareit.Win32.33162
McAfee-GW-Edition	BehavesLike.Win32.Trojan.bc
Emsisoft	Trojan.GenericKD.41133542 (B)
Ikarus	Trojan.Win32.Tobfy
Cyren	W32/Trojan.IDMJ-9240
Jiangmin	Trojan.Gorgon.dh
Avira	TR/Kryptik.jrfri
Antiy-AVL	Trojan[PSW]/Win32.Fareit
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D273A5E6
ZoneAlarm	Trojan-PSW.Win32.Fareit.evvq
Microsoft	Trojan:Win32/Tiggre!rfn
AhnLab-V3	Malware/Win32.Generic.C3113099
McAfee	Artemis!A3E1B95A3474
MAX	malware (ai score=100)
VBA32	Trojan.Gorgon
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Injector.EFUF
TrendMicro-HouseCall	Trojan.Win32.COSMU.SM
Yandex	Trojan.PWS.Fareit!CJI0PF9T6zY
Fortinet	W32/GenKryptik.DDAG!tr
AVG	FileRepMalware
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_70% (W)
Qihoo-360	Win32/Trojan.77f

How to remove Win32/Injector.EFUF?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About “Win32/Injector.EFUF” infection