Malware

About “Win32/Injector.ELKP” infection

Malware Removal

The Win32/Injector.ELKP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.ELKP virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Win32/Injector.ELKP?



File Info:

crc32: E6DD3E59
md5: d2041963b890612b214c69f9bab85a03
name: djfilez.exe
sha1: 930e8f5f5f603c2f5530bce08c8f80c8b012408a
sha256: 113f55e27335d1cbc9a027993ec3537b5ce50b6f96f70cf0467ab1e2b4728296
sha512: 9d9340fecf327ed08ca01f5bc75e605c499e7f1f4100b1d068b43ee376caf1991e173229f7432521192cc9e993e00ae036af4e59ac3252f715b08007a8cd4f75
ssdeep: 12288:L2m9mygck7g4++RWR7imOxL80hHtlYstDk0ETCAJnRrYJHkSLb:i2TgBtmRfOV3HtmskYAiH
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa92005-2015 J-Paul Mesnage & AutoIt Team
InternalName: AutoIt3Help
FileVersion: 1.0.0.8
CompanyName: AutoIt Team
Comments: https://www.autoitscript.com/site/autoit/
ProductName: AutoIt3Help
ProductVersion: 1.0.0.8
FileDescription: AutoIt3Help viewer
OriginalFilename: AutoIt3Help.exe
Translation: 0x0809 0x04b0

Win32/Injector.ELKP also known as:

FireEyeGeneric.mg.d2041963b890612b
Qihoo-360HEUR/QVM05.1.709B.Malware.Gen
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.f5f603
Invinceaheuristic
BitDefenderThetaGen:NN.ZelphiF.34106.UG0@aqIQ@5di
F-ProtW32/Injector.JBB
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.ELKP
APEXMalicious
KasperskyHEUR:Trojan.Win32.Kryptik.gen
RisingMalware.Heuristic!ET#85% (RDMK:cmRtazrn7S/ML9q0x6xTeXcO/vrc)
Endgamemalicious (high confidence)
McAfee-GW-EditionBehavesLike.Win32.Fareit.bc
Trapminemalicious.high.ml.score
CyrenW32/Injector.EQRE-0871
MicrosoftTrojan:Win32/Wacatac.C!ml
AhnLab-V3Suspicious/Win.Delphiless.X2059
ZoneAlarmHEUR:Trojan.Win32.Kryptik.gen
Acronissuspicious
MalwarebytesTrojan.MalPack.DLF
SentinelOneDFI – Suspicious PE
eGambitUnsafe.AI_Score_94%
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Win32/Injector.ELKP?

Win32/Injector.ELKP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment