Categories: Malware

What is “Win32/Injector.ERDQ”?

The Win32/Injector.ERDQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.ERDQ virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Yara rule detections observed from a process memory dump/dropped files/CAPE
Presents an Authenticode digital signature
CAPE extracted potentially suspicious content
Authenticode signature is invalid

How to determine Win32/Injector.ERDQ?


File Info:
name: 393C580A147CEB59DFB9.mlwpath: /opt/CAPEv2/storage/binaries/74651dedba95ec668db7d4e545be66d575b7f3f7af03b3d5d91148f01db746e2crc32: 1BE0F61Fmd5: 393c580a147ceb59dfb9d92d36dd1aefsha1: 46789892c49246f1291016e8a1972010e439fd08sha256: 74651dedba95ec668db7d4e545be66d575b7f3f7af03b3d5d91148f01db746e2sha512: 38cd6039e6dc4b2da48c4aa47f1e02dd8b1efa17494b7db5cc0efacc2e0e860cb424b37333eee4a43add3481b3ce224d0c3d2528793bd81f5677b851c56a7bd6ssdeep: 3072:IWum2MgWZDPWI4YMIoII//pxMn/LjqazsfJrHgW9Im2M7WX:IfmRgoPW33ISRxuNsfJrXImR72type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T12A447C73F289193AF462C8BC9621A68E58D17C7140519B19BEC1BA14E2312DF735BF3Bsha3_384: d71eb7655cc4cd74ddc54d6482d251d3456e1e919a8b1d43cefda91690cf5ee10e94edc5c7806c2dd6542b4713722448ep_bytes: 6874714000e8eeffffff000000000000timestamp: 2016-02-21 16:40:57
Version Info:
Translation: 0x0409 0x04b0FileDescription: CorelDraw Converter ProfessionalLegalCopyright: Copyright © CorelDraw AGLegalTrademarks: Copyright © CorelDraw AGProductName: HAANDGERNFileVersion: 1.00ProductVersion: 1.00InternalName: ufremkommeOriginalFilename: ufremkomme.exe

Win32/Injector.ERDQ also known as:

Lionic	Trojan.Multi.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.PonyStealer.qm1@UKtOkgki
FireEye	Generic.mg.393c580a147ceb59
ALYac	Trojan.SmokeLoader
Zillya	Trojan.Injector.Win32.1507731
Sangfor	Dropper.Win32.Agent.Vmxi
K7AntiVirus	Trojan ( 0058ea111 )
Alibaba	TrojanDropper:Win32/Dapato.89bbcc94
K7GW	Trojan ( 0058ea111 )
Cybereason	malicious.a147ce
BitDefenderTheta	Gen:NN.ZevbaF.34682.qm1@aKtOkgki
Cyren	W32/VB.VG.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.ERDQ
TrendMicro-HouseCall	TROJ_GEN.R002C0PBL22
Paloalto	generic.ml
Kaspersky	Trojan-Dropper.Win32.Dapato.qyrc
BitDefender	Gen:Heur.PonyStealer.qm1@UKtOkgki
NANO-Antivirus	Trojan.Win32.Dapato.jmpmkr
Cynet	Malicious (score: 100)
APEX	Malicious
Tencent	Win32.Trojan-Dropper.Dapato.Mqil
Ad-Aware	Gen:Heur.PonyStealer.qm1@UKtOkgki
Emsisoft	Trojan.Injector (A)
Comodo	Malware@#dutwz4jtp04p
VIPRE	Gen:Heur.PonyStealer.qm1@UKtOkgki
TrendMicro	TROJ_GEN.R002C0PBL22
McAfee-GW-Edition	GuLoader-FDBM!393C580A147C
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Injector
GData	Gen:Heur.PonyStealer.qm1@UKtOkgki
Jiangmin	TrojanDropper.Dapato.adgx
Avira	HEUR/AGEN.1248053
MAX	malware (ai score=100)
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Arcabit	Trojan.PonyStealer.ED8A18
ZoneAlarm	Trojan-Dropper.Win32.Dapato.qyrc
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Win-Trojan/VBKrypt.RP.X1764
McAfee	GuLoader-FDBM!393C580A147C
VBA32	BScope.Backdoor.Androm
Cylance	Unsafe
Avast	Win32:DangerousSig [Trj]
Rising	Trojan.Injector!1.B459 (CLASSIC)
Fortinet	W32/PossibleThreat
AVG	Win32:DangerousSig [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)