About “Win32/Injector.ELOW” infection

The Win32/Injector.ELOW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Injector.ELOW virus can do?

Executable code extraction
Creates RWX memory
Network activity detected but not expressed in API logs
Anomalous binary characteristics

How to determine Win32/Injector.ELOW?


File Info:
crc32: 7937CD8D
md5: 6dd4492075af45ce6a220ac47845e1a5
name: az1.exe
sha1: e5b52329d45f67a9a59863512aa65f313f0938cc
sha256: 84fce5994f4276133228a6e51098226260217cf04613cb88c3f1a869f6fee212
sha512: 5fb28a3a9f8e9d9bdd2a913b0e029d2af9788b47f6d9bc06c676d54736cb1ca6fd195bf092a557b31a3f6ddf630d1a7ecf97ee9fba4c2e93475e59128c922018
ssdeep: 1536:8p6BuNRMCsHx3H8xQYpQ+8kyH30JxvaYfRvLkxcmQQtSnLk:Ubc3cxQ9kvjNJe5l
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0409 0x04b0
InternalName: UNDER
FileVersion: 1.00.0002
CompanyName: MORClod
Comments: MORClod
ProductName: VOGNMAN
ProductVersion: 1.00.0002
OriginalFilename: UNDER.exe

Win32/Injector.ELOW also known as:

McAfee	Fareit-FSL!6DD4492075AF
Cylance	Unsafe
Sangfor	Malware
K7GW	Trojan ( 005653491 )
F-Prot	W32/VBInject.ADJ.gen!Eldorado
APEX	Malicious
GData	Win32.Trojan-Downloader.Dagurleo.SZZMNQ
Kaspersky	Trojan-PSW.Win32.Azorult.anii
AegisLab	Trojan.Multi.Generic.4!c
Rising	Trojan.GenKryptik!8.AA55 (CLOUD)
Endgame	malicious (moderate confidence)
Sophos	Mal/Generic-S
Invincea	heuristic
Trapmine	malicious.moderate.ml.score
Ikarus	Win32.Outbreak
Cyren	W32/VBInject.ADJ.gen!Eldorado
ZoneAlarm	Trojan-PSW.Win32.Azorult.anii
Microsoft	Trojan:Win32/Wacatac.C!ml
Acronis	suspicious
Malwarebytes	Trojan.GuLoader
ESET-NOD32	a variant of Win32/Injector.ELOW
SentinelOne	DFI – Suspicious PE
Fortinet	W32/GenKryptik.EIZM!tr
AVG	FileRepMalware
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_60% (W)
Qihoo-360	Win32/Trojan.PSW.254

How to remove Win32/Injector.ELOW?

Win32/Injector.ELOW removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X