Win32/Injector.ELYO (file analysis)

The Win32/Injector.ELYO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Injector.ELYO virus can do?

Executable code extraction
Creates RWX memory
Network activity detected but not expressed in API logs
Anomalous binary characteristics

How to determine Win32/Injector.ELYO?


File Info:
crc32: BB6621E4
md5: 00a62a3a1a2d72c6e8a3514949672162
name: bill.exe
sha1: 7f3740d8c24b9549afb3f99ec6e2dc3d410b88f2
sha256: ddb21cdbe10323824dd846e94bbe17ce8d5f0ae3afeed75e3ba1ed7e100c1275
sha512: 547ae5218d1ef405245677bf27510e7adfa584460e871cfbf78f7bdf5b28b12d1edfe19cb9d74b6c52fd962fe8cf2a403824b4ff900942cb0c38bd9a8ca919c5
ssdeep: 768:ZS8OR/wRy5z4F69F66Pkk4XCrdJHkEgCGdEafd0SgDE:4pwROz4FSF6k4SrdJHk/CGdEGuI
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x03fd 0x04b0
InternalName: Tiaarspe1
FileVersion: 2.06
CompanyName: Buriotti
ProductName: AMALI
ProductVersion: 2.06
OriginalFilename: Tiaarspe1.exe

Win32/Injector.ELYO also known as:

MicroWorld-eScan	Gen:Heur.PonyStealer.fm0@B0aKaYpG
McAfee	Fareit-FTA!00A62A3A1A2D
Cylance	Unsafe
Sangfor	Malware
BitDefender	Gen:Heur.PonyStealer.fm0@B0aKaYpG
APEX	Malicious
Avast	Win32:TrojanX-gen [Trj]
GData	Gen:Heur.PonyStealer.fm0@B0aKaYpG
Kaspersky	Backdoor.Win32.Androm.uaja
Rising	Trojan.Injector!1.C624 (CLASSIC)
Endgame	malicious (high confidence)
Emsisoft	Gen:Heur.PonyStealer.fm0@B0aKaYpG (B)
Trapmine	malicious.high.ml.score
Sophos	Mal/FareitVB-AB
Cyren	W32/VB.RY.gen!Eldorado
Microsoft	Trojan:Win32/Wacatac.C!ml
Arcabit	Trojan.PonyStealer.EE67B3
ZoneAlarm	Backdoor.Win32.Androm.uaja
AhnLab-V3	Trojan/Win32.Injector.R336571
ALYac	Gen:Heur.PonyStealer.fm0@B0aKaYpG
MAX	malware (ai score=83)
Malwarebytes	Trojan.GuLoader
Panda	Trj/Agent.AJS
ESET-NOD32	a variant of Win32/Injector.ELYO
Fortinet	W32/Androm.UAJA!tr.bdr
Ad-Aware	Gen:Heur.PonyStealer.fm0@B0aKaYpG
AVG	Win32:TrojanX-gen [Trj]
Paloalto	generic.ml

How to remove Win32/Injector.ELYO?

Win32/Injector.ELYO removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X