Malware

Win32/Injector.EHAA malicious file

Malware Removal

The Win32/Injector.EHAA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.EHAA virus can do?

  • Creates RWX memory
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz

How to determine Win32/Injector.EHAA?



File Info:

crc32: 9E1BB801
md5: 0bce1041ebc80e6619426dc03c781cae
name: 0BCE1041EBC80E6619426DC03C781CAE.mlw
sha1: 37bd8327aae26073bfbe029ea9ffefd00c13901f
sha256: f4a5096045075e64d6eb02a50f5a0566320464d2c8551cca1457f3356907e050
sha512: d75ad156e11218ffd3d738b5b8c4f59b1f35fc4a64dd626fcb2cfbdb0791d1e74cbbabf61627b77eb616c7e37c6d566169110c9894f7944e7c3b5470091e4ce1
ssdeep: 1536:mDKhHAGkFZsDs4eAYWE/AeW1tksN7joDVM+:WFDrHq+NW1tksJoD
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (c) 1998-2012 VMware, Inc.
InternalName: vmnetdhcp
FileVersion: 9.0.0 build-812388
CompanyName: VMware, Inc.
Comments: VMware port to Windows NT of ISC v2.0 DHCP server; tailored exclusively for use with VMnet devices
ProductName: VMware Workstation
ProductVersion: 9.0.0 build-812388
FileDescription: VMware VMnet DHCP service
OriginalFilename: vmnetdhcp.exe
Translation: 0x0409 0x04b0

Win32/Injector.EHAA also known as:

LionicTrojan.Multi.Generic.4!c
MicroWorld-eScanTrojan.GenericKD.32227435
CAT-QuickHealTrojan.Multi
ALYacTrojan.GenericKD.32227435
AlibabaTrojan:Win32/Injector.8fef66ba
K7GWTrojan ( 0055514a1 )
K7AntiVirusTrojan ( 0055514a1 )
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Injector.EHAA
AvastWin32:Trojan-gen
GDataTrojan.GenericKD.32227435
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderTrojan.GenericKD.32227435
Ad-AwareTrojan.GenericKD.32227435
SophosMal/Generic-S
ComodoMalware@#25vn1qbf5xw8u
F-SecureTrojan.TR/Injector.ktkzo
McAfee-GW-EditionArtemis
FireEyeTrojan.GenericKD.32227435
EmsisoftTrojan.GenericKD.32227435 (B)
WebrootW32.Trojan.Gen
AviraTR/Injector.ktkzo
MicrosoftTrojan:Win32/Mamson.A!ml
ArcabitTrojan.Generic.D1EBC06B
ZoneAlarmUDS:DangerousObject.Multi.Generic
McAfeeArtemis!0BCE1041EBC8
TrendMicro-HouseCallTROJ_GEN.R002H09H919
RisingTrojan.Generic@ML.80 (RDML:lhxzb1uYbzWowJT3rTsUBw)
FortinetW32/Injector.EGYS!tr
AVGWin32:Trojan-gen

How to remove Win32/Injector.EHAA?

Win32/Injector.EHAA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment