Malware

Win32/Injector.EQOJ removal

Malware Removal

The Win32/Injector.EQOJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.EQOJ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Steals private information from local Internet browsers
  • Collects and encrypts information about the computer likely to send to C2 server
  • Spoofs its process name and/or associated pathname to appear as a legitimate process
  • CAPE detected the Loki malware family
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system

How to determine Win32/Injector.EQOJ?



File Info:

name: EC56202D633CA43AC29E.mlw
path: /opt/CAPEv2/storage/binaries/9bf478e69afcf5bee2f2e1db3dd286e4a0d6b8d284bcd85dc3f6c7cc011d204e
crc32: 70EAE6BF
md5: ec56202d633ca43ac29e04443e829658
sha1: 2ec49d740b2bdeb6de0fbdaa80a4bfefeef08d5c
sha256: 9bf478e69afcf5bee2f2e1db3dd286e4a0d6b8d284bcd85dc3f6c7cc011d204e
sha512: 51213089bb37fa99f842add664f63c4cf8b80d4c1d60e0d0157d8d4988e38b4d31ebe2a55e4a606ef6b606387fdf63d28011c76f4f201732260d2029d971395d
ssdeep: 6144:rGiVAwnqdX+ZDnWQDp0OAA6MiIKJaI+3WEaHNiSBEWmJPsx5RnhN:5AwnqdXGDWQ14VzIKeKaJPsx5RhN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14054226DFCC34B73EED51A7123F29F39E6B1DBA602C61907131CEE592A668064A0C5D3
sha3_384: 73a744c0fc2b16d46b94a5682a5bc7d4fa6637ca4165ffceee7afbb091f6a303455d4da5d0fd943228b51d5df22bb857
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2008-10-10 21:49:01


Version Info:

0: [No Data]

Win32/Injector.EQOJ also known as:

LionicTrojan.Win32.Inject.4!c
DrWebTrojan.Siggen15.44116
MicroWorld-eScanTrojan.GenericKD.38049366
FireEyeTrojan.GenericKD.38049366
CAT-QuickHealTrojan.Multi
McAfeeRDN/Generic BackDoor
CylanceUnsafe
ZillyaTrojan.Inject.Win32.316604
SangforTrojan.Win32.Inject.anwyu
K7AntiVirusTrojan ( 0058a83b1 )
AlibabaBackdoor:Win32/Lokibot.200e14c4
K7GWTrojan ( 0058a83b1 )
Cybereasonmalicious.d633ca
CyrenW32/Injector.AQB.gen!Eldorado
SymantecPacked.Generic.606
ESET-NOD32a variant of Win32/Injector.EQOJ
TrendMicro-HouseCallTROJ_GEN.R002H0DKH21
Paloaltogeneric.ml
KasperskyTrojan.Win32.Inject.anwyu
BitDefenderTrojan.GenericKD.38049366
AvastWin32:InjectorX-gen [Trj]
TencentWin32.Trojan.Inject.Alsg
Ad-AwareTrojan.GenericKD.38049366
EmsisoftTrojan.GenericKD.38049366 (B)
ComodoTrojWare.Win32.UMal.yhquh@0
TrendMicroTROJ_FRS.0NA103KI21
McAfee-GW-EditionRDN/Generic BackDoor
SophosMal/Generic-S
IkarusTrojan.NSIS.Agent.S
GDataTrojan.GenericKD.38049366
WebrootW32.Trojan.Dropper
AviraTR/Injector.rgkbt
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftTrojan.Win32.Downloader.sa
MicrosoftTrojan:Win32/Lokibot.SIS!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.BackDoor.C4777532
VBA32TrojanPSW.MSIL.Lokibot
MAXmalware (ai score=99)
MalwarebytesTrojan.Injector.DL.Generic
APEXMalicious
FortinetW32/Kryptik.AQQ!tr
AVGWin32:InjectorX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Injector.EQOJ?

Win32/Injector.EQOJ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment