Categories: Malware

Win32/Injector.EISS (file analysis)

The Win32/Injector.EISS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.EISS virus can do?

Behavioural detection: Executable code extraction – unpacking
SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
NtSetInformationThread: attempt to hide thread from debugger
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Executed a process and injected code into it, probably while unpacking
Created a process from a suspicious location
Collects information to fingerprint the system

How to determine Win32/Injector.EISS?


File Info:
name: 65F463C3C7BB16E74735.mlwpath: /opt/CAPEv2/storage/binaries/b4b32e7403ef72edf6c5bd2b107031e63c981d98c7b997f4076efeadcd44b2d6crc32: 8BD6A99Emd5: 65f463c3c7bb16e7473542cf8b36f764sha1: fbc1dfc974a843d2944072d0d4cb74bf369ac25asha256: b4b32e7403ef72edf6c5bd2b107031e63c981d98c7b997f4076efeadcd44b2d6sha512: 0d9b5011134da1dfd00863b6619953a1936889a613322df50631dc81ba3ce7bbfede7481432eac904ccf9e15d80230d0f7fc8381eec4238514802d4797be266assdeep: 24576:zIv1mcembWsOVGI5kk6iEsTp/POx/bqX+Fk:zwocL6sbkkkJItmXDtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T12B25CFD6EAD87EFDF11222B461E4C11142C67511F08345ABF1ECF0DA6D9D98EA34EE22sha3_384: cc9f3f9c3e74cf8cbfd58b42193b1d4f3d04d3f2713e9c74d2413f8aac1cfde77da3e9d69c5a805d0387237d2f9a67bbep_bytes: 6888144000e8eeffffff000000000000timestamp: 2008-01-22 12:38:27
Version Info:
Translation: 0x0409 0x04b0ProductName: bsoneRAFileVersion: 2.09.0009ProductVersion: 2.09.0009InternalName: pIEMOriginalFilename: pIEM.exe

Win32/Injector.EISS also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.MSIL.Agensla.i!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Siggen2.36844
MicroWorld-eScan	Gen:Heur.PonyStealer.an0@jSfqkLii
FireEye	Generic.mg.65f463c3c7bb16e7
McAfee	Fareit-FQH!65F463C3C7BB
Cylance	Unsafe
Zillya	Trojan.Injector.Win32.665218
Sangfor	Infostealer.MSIL.Agensla.dno
K7AntiVirus	Trojan ( 0055b0ca1 )
Alibaba	TrojanPSW:MSIL/Agensla.56d804aa
K7GW	Trojan ( 0055b0ca1 )
CrowdStrike	win/malicious_confidence_100% (D)
BitDefenderTheta	Gen:NN.ZevbaF.34114.an0@aSfqkLii
VirIT	Trojan.Win32.VBZenPack_Heur
Cyren	W32/Kryptik.ANW.gen!Eldorado
Symantec	Trojan.Gen.2
ESET-NOD32	a variant of Win32/Injector.EISS
Paloalto	generic.ml
Kaspersky	Trojan-PSW.MSIL.Agensla.dno
BitDefender	Gen:Heur.PonyStealer.an0@jSfqkLii
NANO-Antivirus	Trojan.Win32.Agensla.gezuhk
Avast	Win32:Malware-gen
Tencent	Msil.Trojan-qqpass.Qqrob.Wrgu
Ad-Aware	Gen:Heur.PonyStealer.an0@jSfqkLii
Emsisoft	Gen:Heur.PonyStealer.an0@jSfqkLii (B)
Comodo	Malware@#1bsezv1963dkk
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Worm.th
Sophos	Mal/Generic-S + Mal/FareitVB-X
Ikarus	Trojan.VB.Crypt
GData	Gen:Heur.PonyStealer.an0@jSfqkLii
Jiangmin	Trojan.PSW.MSIL.maw
Avira	HEUR/AGEN.1117867
Antiy-AVL	Trojan/Generic.ASMalwS.2C8BCBE
Microsoft	Trojan:Win32/Occamy.C
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Agent.C3534505
MAX	malware (ai score=84)
APEX	Malicious
Rising	Trojan.Emali!8.10004 (CLOUD)
Yandex	Trojan.PWS.Agensla!AQ0NSlV5dfE
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Injector.DXAY!tr
AVG	Win32:Malware-gen
Cybereason	malicious.3c7bb1
Panda	Trj/GdSda.A