Malware

What is “Win32/Injector.ERBX”?

Malware Removal

The Win32/Injector.ERBX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/Injector.ERBX virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the Formbook malware family
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Injector.ERBX?


File Info:

name: 955E1A2BB934DC158E85.mlw
path: /opt/CAPEv2/storage/binaries/e08593ebcd4ac9265c1f27d987a67f43b2c8a9e9c680e9d47901281a4c5878dd
crc32: B259415A
md5: 955e1a2bb934dc158e858896d1478141
sha1: 62d5c5c6b35732ebd631c68940acd686d5827bd1
sha256: e08593ebcd4ac9265c1f27d987a67f43b2c8a9e9c680e9d47901281a4c5878dd
sha512: df977f708a48c31eb0eac1ee5a8de97d2878038ac2c34583ff5ba78d6c433cb78944a5dd638d66cd57db113f0f6dbfed64c8cd0676da2cd6f8bab76bb1a3f698
ssdeep: 6144:owo4dpsk1JVeWn+nifWMgIDnhw23xoBbXvWoYgmSeATh3Vxum:kupHT8WKiOandoBbuoYgmu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12E44234A74D08DA7DDAA05360A76477FD2FEF7090AF41A4F0B110FB581A8490C6AB2E7
sha3_384: 584a238d1ea7ee06885e1b550d6ba5d2cee43f39461b53f24cab4be9406d7e07d6e2da71f8a7525286d12de499f611dd
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2008-10-10 21:48:57

Version Info:

0: [No Data]

Win32/Injector.ERBX also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Noon.l!c
MicroWorld-eScanTrojan.GenericKD.39164672
CAT-QuickHealTrojan.TnegaRI.S26612989
McAfeeArtemis!955E1A2BB934
CylanceUnsafe
ZillyaTrojan.Noon.Win32.22732
K7AntiVirusTrojan ( 0058e31c1 )
AlibabaTrojanDownloader:Win32/WinLNK.6a0d59ef
K7GWTrojan ( 0058e31c1 )
Cybereasonmalicious.6b3573
CyrenW32/Sabsik.AB.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.ERBX
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Formbook.pef
BitDefenderTrojan.GenericKD.39164672
NANO-AntivirusVirus.Win32.Gen.ccmw
SUPERAntiSpywareTrojan.Agent/Gen-AdInst
AvastWin32:InjectorX-gen [Trj]
TencentWin32.Trojan.Formbook.Msmw
Ad-AwareTrojan.GenericKD.39164672
DrWebTrojan.Siggen16.41584
VIPRETrojan.GenericKD.39164672
TrendMicroTROJ_GEN.R002C0DIM22
McAfee-GW-EditionTrojan-FUGW!34C4A23A6F51
FireEyeTrojan.GenericKD.39164672
EmsisoftTrojan.GenericKD.39164672 (B)
SentinelOneStatic AI – Suspicious PE
GDataTrojan.GenericKD.39164672
AviraTR/Injector.hhbed
Antiy-AVLTrojan/Generic.ASMalwRG.16B
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojanDownloader:Win32/WinLNK.RP!MTB
GoogleDetected
AhnLab-V3Trojan/Win.ObfusInjector.R467391
BitDefenderThetaGen:NN.ZexaF.34682.dmW@a0GFiy
ALYacTrojan.GenericKD.39164672
MAXmalware (ai score=82)
VBA32Heur.Trojan.Hlux
MalwarebytesTrojan.Injector
RisingTrojan.Injector!8.C4 (TFE:2:SOqKfGwSeGG)
YandexTrojan.Injector!X9HhL5ReiJ8
IkarusTrojan-Spy.Agent
FortinetW32/Injector.ERBW!tr
AVGWin32:InjectorX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Injector.ERBX?

Win32/Injector.ERBX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment