Malware

Win32/Injector.EQXY removal

Malware Removal

The Win32/Injector.EQXY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.EQXY virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the Formbook malware family
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Injector.EQXY?



File Info:

name: CAC5340E4620D3838E0F.mlw
path: /opt/CAPEv2/storage/binaries/1b63747868505bd36bda5292992b2ff09c371844379d7a180530e02186524627
crc32: 4A06FDD1
md5: cac5340e4620d3838e0fe7d40bbd8165
sha1: f6cfdf286bd16ec52da2d1b1dc982b9d04aff852
sha256: 1b63747868505bd36bda5292992b2ff09c371844379d7a180530e02186524627
sha512: a9481db33505fdcd682757b86d82c5cd77b529e5fde5ab8de7d5c0de23126cba608bb2f6b33641cdf320ab59d4bc2c5526fca1d156342df0be01d190e2742c78
ssdeep: 12288:IJcz6FF2222BcyJW+cQflbahzX3pGhzswL:IJcz6FF2222BLdcQ9bsGhoU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T147D4E006B752DC03E50BA6B13EB3DD65B174CF206E41690A72ACBF3F7DB12164989346
sha3_384: dab24dc67ac9f3d8d84192ea7ca584e7acd19057dbc640e23dd4c11b4354ebf78346c3ae86ed58404205723434f8aa8a
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2008-10-10 21:48:57


Version Info:

0: [No Data]

Win32/Injector.EQXY also known as:

BkavW32.AIDetectMalware
LionicTrojan.MSIL.Agent.i!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen16.35330
MicroWorld-eScanTrojan.GenericKD.47963463
FireEyeTrojan.GenericKD.47963463
CAT-QuickHealTrojan.IgenericRI.S26288909
McAfeeArtemis!CAC5340E4620
MalwarebytesInject.Exploit.Shellcode.DDS
SangforTrojan.Win32.Injector.EQXY
K7AntiVirusTrojan ( 0058d2751 )
K7GWTrojan ( 0058d2751 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZedlaF.36348.iu4@ae4Sd3pi
CyrenW32/Injector.ASU.gen!Eldorado
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/Injector.EQXY
ZonerTrojan.Win32.125302
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Formbook.gen
BitDefenderTrojan.GenericKD.47963463
AvastWin32:PWSX-gen [Trj]
TencentWin32.Trojan.Formbook.Wmhl
EmsisoftTrojan.GenericKD.47963463 (B)
F-SecureHeuristic.HEUR/AGEN.1302773
VIPRETrojan.GenericKD.47963463
TrendMicroTROJ_FRS.0NA103AJ22
McAfee-GW-EditionDropper-FYW!0ED8C3DCD621
SophosMal/Generic-S
GDataTrojan.GenericKD.47963463
JiangminBackdoor.Agent.lgx
WebrootW32.Trojan.Dropper
AviraHEUR/AGEN.1337929
Antiy-AVLTrojan/Win32.Injector
XcitiumMalware@#3c0jdv1nnjr6e
ArcabitTrojan.Generic.D2DBDD47
ZoneAlarmHEUR:Trojan-Spy.Win32.Noon.gen
MicrosoftTrojan:Win32/Tnega.PK!MTB
GoogleDetected
AhnLab-V3Trojan/Win.Frs.C4861449
VBA32Trojan.Convagent
ALYacTrojan.GenericKD.47963463
MAXmalware (ai score=100)
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_FRS.0NA103AJ22
RisingTrojan.Injector!8.C4 (TFE:5:5fdOjnWDiUF)
IkarusTrojan.Win32.Injector
FortinetW32/Kryptik.EQXP!tr
AVGWin32:PWSX-gen [Trj]
DeepInstinctMALICIOUS

How to remove Win32/Injector.EQXY?

Win32/Injector.EQXY removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment