Malware

Win32/Injector.ERXA information

Malware Removal

The Win32/Injector.ERXA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.ERXA virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Checks adapter addresses which can be used to detect virtual network interfaces
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Win32/Injector.ERXA?



File Info:

name: 249ADDB01A6ECF6A04AB.mlw
path: /opt/CAPEv2/storage/binaries/7354182b67c18398dad765ec3631d9dcdecab5037ede3ce57c4ca89e2d69aefd
crc32: 1758C09C
md5: 249addb01a6ecf6a04ab0571f257f8ec
sha1: 14b2329949dc5e535bf1688be9d34902807243e3
sha256: 7354182b67c18398dad765ec3631d9dcdecab5037ede3ce57c4ca89e2d69aefd
sha512: 4fc1b74bfdd0f49c70f7f627b56c58163c71335628adcfd2cfa2fff21d8bf6e819cb807d4813f6b50abb37f136b069c696c631d7b9fd3acd321cc79eca8179e0
ssdeep: 24576:E9RH7jLH9diUOSgyTwt+Ms0YP4tVSn52pAf2rDNtl2aCHX:EDrdADxSn52KN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10F258E25E6A1DC33D133163E6C4B72A45D2DBE102968FD896AFA3D4C1FF964138292D3
sha3_384: 49e9de7a0e3a2da04a1f396cad0229e89f2c3c75331b327381ee3b4f47136df7d8894ff4f29b6c83e86efcd85a09594e
ep_bytes: 558bec83c4f0b8d0fc4900e87468f6ff
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: e-merge GmbH
FileDescription: http://www.winace.com
FileVersion: 2.69.0.0
InternalName: 
LegalCopyright: 1997-2007 ACE Compression Software & e-merge GmbH
LegalTrademarks: 1997-2007 ACE Compression Software & e-merge GmbH
OriginalFilename: 
ProductName: WinAce
ProductVersion: 02.69.00.00
Comments: Installation created by Sfx-Factory!,(c) 1997-2005 e-merge GmbH, http://www.emerge.de
Translation: 0x0407 0x04e4

Win32/Injector.ERXA also known as:

BkavW32.AIDetect.malware2
CylanceUnsafe
CyrenW32/Delf.RI.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.ERXA
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Spy.Win32.Noon.gen
AviraHEUR/AGEN.1214697
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
MalwarebytesMalware.AI.3920890120
APEXMalicious
RisingTrojan.Injector!1.DA38 (CLASSIC)
IkarusTrojan.Inject
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.ERXA!tr

How to remove Win32/Injector.ERXA?

Win32/Injector.ERXA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment