Malware

Win32/Injector.EOAE removal instruction

Malware Removal

The Win32/Injector.EOAE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.EOAE virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Exhibits behavior characteristics of GuLoader
  • Anomalous binary characteristics

How to determine Win32/Injector.EOAE?



File Info:

name: 54296534BFC1068D78DE.mlw
path: /opt/CAPEv2/storage/binaries/fb1d353975eccd500eddb42b6e9668eaef548a006bf9d109d5ec3b17a45e0513
crc32: C95592AF
md5: 54296534bfc1068d78dedb1b36f0f55a
sha1: 63cfdab0006e4351174404ae1b3d50b109812bc6
sha256: fb1d353975eccd500eddb42b6e9668eaef548a006bf9d109d5ec3b17a45e0513
sha512: 1b1af33f1a2f789f26c258edec61d9508c3ffc9f3d7e463c72d5bc62ee3fa6ba431b4a895fe06e1833ea4f5f66c88b9ec36486ce061e0054a664738fbf6e3933
ssdeep: 768:+mXgnz50fVPrfLKLhoADyd3P/PJQ57PYPz7D2:6WChDyd//PuiPi
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C2430871B516C8BFF5664F7696322A33061378A30A40BFE72054B79917F0D8AE83E785
sha3_384: f5a0056a26f9e7cd68c0620047ef0a3208d22a3a3d6e6ac2196b11a19bb117ca076e028792677d8b7438496a6ffa5b31
ep_bytes: 686ca84000e8eeffffff000000000000
timestamp: 2008-02-18 10:55:04


Version Info:

Translation: 0x0409 0x04b0
LegalCopyright: Capsa ©
LegalTrademarks: Capsa ©
ProductName: Abortogenic
FileVersion: 1.00
ProductVersion: 1.00
InternalName: MACCHIE
OriginalFilename: MACCHIE.exe

Win32/Injector.EOAE also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.PonyStealer.dm0@Ziqsz3hi
FireEyeGeneric.mg.54296534bfc1068d
McAfeePWS-FCWC!54296534BFC1
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Vebzenpak.acge
K7AntiVirusTrojan ( 00573e3e1 )
AlibabaTrojan:Win32/Vebzenpak.9c3958ca
K7GWTrojan ( 00573e3e1 )
CrowdStrikewin/malicious_confidence_90% (W)
CyrenW32/VBKrypt.APK.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.EOAE
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Midie-9802859-0
KasperskyTrojan.Win32.Vebzenpak.acge
BitDefenderGen:Heur.PonyStealer.dm0@Ziqsz3hi
NANO-AntivirusTrojan.Win32.Vebzenpak.ieyotb
AvastWin32:Malware-gen
TencentWin32.Trojan.Vebzenpak.Stan
Ad-AwareGen:Heur.PonyStealer.dm0@Ziqsz3hi
TACHYONTrojan/W32.VB-Vebzenpak.57344.AF
EmsisoftGen:Heur.PonyStealer.dm0@Ziqsz3hi (B)
DrWebTrojan.PackedENT.193
ZillyaTrojan.Injector.Win32.797194
TrendMicroTROJ_GEN.R002C0PB622
McAfee-GW-EditionBehavesLike.Win32.Downloader.qm
SophosMal/Generic-S
IkarusTrojan.VB.Crypt
GDataGen:Heur.PonyStealer.dm0@Ziqsz3hi
AviraHEUR/AGEN.1239161
GridinsoftRansom.Win32.Wacatac.sa
ArcabitTrojan.PonyStealer.E44F8B
ZoneAlarmTrojan.Win32.Vebzenpak.acge
MicrosoftTrojan:Win32/Ymacco.ABFB
CynetMalicious (score: 99)
ALYacGen:Heur.PonyStealer.dm0@Ziqsz3hi
MAXmalware (ai score=87)
VBA32BScope.Trojan.Vebzenpak
TrendMicro-HouseCallTROJ_GEN.R002C0PB622
RisingTrojan.Kryptik!8.8 (CLOUD)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.74790527.susgen
FortinetW32/Kryptik.EOJP!tr
AVGWin32:Malware-gen
Cybereasonmalicious.4bfc10
PandaTrj/GdSda.A

How to remove Win32/Injector.EOAE?

Win32/Injector.EOAE removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment