Categories: Malware

How to remove “Win32/Injector.GEX”?

The Win32/Injector.GEX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.GEX virus can do?

Behavioural detection: Executable code extraction – unpacking
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
CAPE detected the embedded win api malware family
Anomalous binary characteristics
Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Injector.GEX?


File Info:
name: E3E4B1350938FCB3204F.mlwpath: /opt/CAPEv2/storage/binaries/f13423665f69e47b15a08209fa0f95a82bde227c7208319e9838eca5d40e0460crc32: 7C2965FEmd5: e3e4b1350938fcb3204f1646e982e1bbsha1: 9e7d4c4aa4a0972ee821d0ed7969911a49f1384asha256: f13423665f69e47b15a08209fa0f95a82bde227c7208319e9838eca5d40e0460sha512: b3b8596f898c5769a4e22ddd44084ac7b83e3ef0df6647479601c1225f88adb0517a0c7ced8e20bc0a907e06c72957529e2b524312819f3e1322bd587df7fc15ssdeep: 6144:XwBSSPO62Mf4jpvnhe2YvMS/06uH4CfD1kWg1B7plc769/cZ:ABSSPOSf6vnMpM2OY8D1PuBzc769kZtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1611412F1B5338387F323913D0DD21A310BC46E74880C94A97ADAB9EFD570ACB65A57A1sha3_384: f61719f5472784909117592d8a741f1916a5d6ab152529ab23d0c87e644d4bd212edb3e89db40c95641ab70fcd2b383aep_bytes: 6801204a00c32b003446d0a168344a0dtimestamp: 2012-01-06 12:41:35
Version Info:
Translation: 0x0409 0x04b0Comments: Cj6OFygCompanyName: zjDpFileDescription: YdyLegalCopyright: ACvzqdLegalTrademarks: xUKZbnegProductName: gaHOFileVersion: 10.22.0068ProductVersion: 10.22.0068InternalName: 1OriginalFilename: 1.exe

Win32/Injector.GEX also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Refroso.4!c
Elastic	malicious (high confidence)
DrWeb	BackDoor.Bifrost.20804
MicroWorld-eScan	Gen:Heur.ManBat.1
FireEye	Gen:Heur.ManBat.1
Skyhigh	BehavesLike.Win32.MoonLight.cc
McAfee	Generic VB.jt
Malwarebytes	Generic.Malware/Suspicious
Zillya	Trojan.Injector.Win32.72361
Sangfor	Trojan.Win32.Refroso.Vfme
CrowdStrike	win/malicious_confidence_90% (W)
Alibaba	Trojan:Win32/Refroso.b67a7ae5
K7GW	Trojan ( 0023d32b1 )
K7AntiVirus	Trojan ( 0023d32b1 )
BitDefenderTheta	AI:Packer.24EF5F4520
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.GEX
APEX	Malicious
TrendMicro-HouseCall	TROJ_GEN.R03BC0DAT24
Kaspersky	Trojan.Win32.Refroso.gfqu
BitDefender	Gen:Heur.ManBat.1
NANO-Antivirus	Trojan.Win32.Bifrost.otdph
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Refroso.Jcnw
Emsisoft	Gen:Heur.ManBat.1 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
VIPRE	Gen:Heur.ManBat.1
TrendMicro	TROJ_GEN.R03BC0DAT24
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
SentinelOne	Static AI – Suspicious PE
MAX	malware (ai score=99)
Google	Detected
Avira	TR/Crypt.XPACK.Gen
Kingsoft	Win32.Trojan.Generic.a
Microsoft	VirTool:Win32/VBInject.gen!IQ
Xcitium	TrojWare.Win32.VB.GE@4pqh5b
Arcabit	Trojan.ManBat.1
ZoneAlarm	Trojan.Win32.Refroso.gfqu
GData	Gen:Heur.ManBat.1
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.VBKrypt.R5261
VBA32	Malware-Cryptor.VB.gen.7
Cylance	unsafe
Panda	Generic Malware
Rising	Backdoor.Bifrose!8.B24 (CLOUD)
Ikarus	Virus.Win32.VBInject
MaxSecure	Trojan.Malware.7164915.susgen
Fortinet	W32/Refroso.DZP!tr
AVG	Win32:Malware-gen
Cybereason	malicious.50938f
DeepInstinct	MALICIOUS
alibabacloud	Trojan:Win/Refroso.gfqu