Categories: Malware

Win32/Injector.ERYQ (file analysis)

The Win32/Injector.ERYQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.ERYQ virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
HTTPS urls from behavior.
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Attempts to modify proxy settings

How to determine Win32/Injector.ERYQ?


File Info:
name: 3F459E0B263C7ED71559.mlwpath: /opt/CAPEv2/storage/binaries/6a147da6ac0eec13aeaf08e385f27f58132562980c1ff628f4a4dc98ed70e202crc32: 8CB294B2md5: 3f459e0b263c7ed71559eb0f326b5733sha1: f079e61f2783cd548d9f3dc7f177c10c73dfa39asha256: 6a147da6ac0eec13aeaf08e385f27f58132562980c1ff628f4a4dc98ed70e202sha512: 3c146dc604065a9902329dd10b10d39e17c09079fb0d0689a3eca87ed04a9be9957116b4c05d824c2093408e6222c1203aa8182e1eee79c42eeb0f450dd63211ssdeep: 12288:QodKmNUsu8OHrlJZuCYOTW1Z2fWC9dAMEXU4nSz7eIa3f6:pYmAPrDMCYOCJCvAMEXU4nSztype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T185F49E26B2FBFA32CA6E44B3DF3AC564C4556E085DBCE1C12BE03B685BB2559650F043sha3_384: 9a9e43410d71f0b48dd6edf40326b0d6033e9cec11c37c379fecbd17630e265b6ec048223890a4e3e61b6dd8694c1f2dep_bytes: 558bec83c4f0b8fc424600e8f40ffafftimestamp: 1992-06-19 22:22:17
Version Info:
CompanyName: e-m-FactoryFileDescription: Factory.wi3.comFileVersion: 2.69.0.0InternalName: LegalCopyright: 1997-2007 ACE Compression Software & e-merge GmbHLegalTrademarks: 1997-2007 ACE Compression Software & e-merge GmbHOriginalFilename: ProductName: Wi2ceProductVersion: 02.69.00.00Comments: Factory!,(c) 1997-2005 e-merge GmbH, http://www.emerge.deTranslation: 0x0407 0x04e4

Win32/Injector.ERYQ also known as:

Alibaba	Trojan:Win32/Injector.15ce2803
Cyren	W32/Trojan.WQIA-3577
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Injector.ERYQ
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
Avast	FileRepMalware [Drp]
Google	Detected
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
Acronis	suspicious
Malwarebytes	Malware.AI.4156668513
Rising	Backdoor.Remcos!8.B89E (TFE:dGZlOgWtDwZLEfoWOw)
MaxSecure	Trojan.Malware.300983.susgen
AVG	FileRepMalware [Drp]