Malware

Win32/Injector.NTT malicious file

Malware Removal

The Win32/Injector.NTT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Injector.NTT virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Injector.NTT?



File Info:

name: 27F5C95EFBC26D131CA7.mlw
path: /opt/CAPEv2/storage/binaries/c102bca4245cbfa19b3259869cf85e48eea9f2c6f671d2e8d35914a5670e6a97
crc32: 4398E1C9
md5: 27f5c95efbc26d131ca7e30e87656a75
sha1: 0b02d4e9edff23e832c819f78a3c1241a05d24df
sha256: c102bca4245cbfa19b3259869cf85e48eea9f2c6f671d2e8d35914a5670e6a97
sha512: 7600e99fc64e3026fd2ee0b0681f52932d924be38486b8e5c404b18ac0d7f2755a2433f8e0a8a9d5ed8ad1d19c7d1903d1160d317b7dc6d335fcfaedf8aed9f0
ssdeep: 3072:Nr1tn801NlxRTf1AW9jgTmSY9zHxX8zbG6:NX91NxSl6SYZ6z66
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E134D09829C0D9B6D02943F22918C3CF8ABE64B04F927449DFC51F66863114EE4F9B9F
sha3_384: 2eb9513a95f1c0e6f3ffd01f7eb5dd13795e3ca11e0d8639a6070b2e73bcc54393c8fbd99c689075a799c7806791f3a0
ep_bytes: 558bec6aff680861400068705b400064
timestamp: 2012-01-29 18:39:06


Version Info:

Comments:              
CompanyName:      
FileDescription:             
FileVersion: 2, 0, 8, 1
InternalName:         
LegalCopyright:        
LegalTrademarks: 
OriginalFilename: 
PrivateBuild: 
ProductName: 
ProductVersion: 2, 0, 8, 1
SpecialBuild: 
Translation: 0x0410 0x04b0

Win32/Injector.NTT also known as:

BkavW32.AIDetect.malware1
LionicHeuristic.File.Generic.00×1!p
MicroWorld-eScanTrojan.Cripack.Gen.1
FireEyeGeneric.mg.27f5c95efbc26d13
CAT-QuickHealWorm.Dorkbot.A
McAfeePWS-Zbot.gen.bel
CylanceUnsafe
ZillyaTrojan.Injector.Win32.235101
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 0001589d1 )
BitDefenderTrojan.Cripack.Gen.1
K7GWTrojan ( 0001589d1 )
Cybereasonmalicious.efbc26
CyrenW32/Zbot.EH.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Injector.NTT
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Buzus-9346
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Buzus.ikzkj
ViRobotTrojan.Win32.A.Buzus.44800
RisingMalware.Obscure/Heur!1.A89F (CLASSIC)
Ad-AwareTrojan.Cripack.Gen.1
SophosMal/Agent-FKL
ComodoTrojWare.Win32.Kryptik.AAMB@4n155d
DrWebBackDoor.IRC.NgrBot.42
VIPRETrojan.Cripack.Gen.1
McAfee-GW-EditionBehavesLike.Win32.Generic.dm
Trapminemalicious.high.ml.score
EmsisoftTrojan.Cripack.Gen.1 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Buzus.befh
WebrootW32.Rogue.Gen
AviraTR/Patched.Ren.Gen2
Antiy-AVLTrojan/Generic.ASMalwS.AA
KingsoftWin32.Heur.KVM011.a.(kcloud)
MicrosoftWorm:Win32/Dorkbot.A
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
GDataTrojan.Cripack.Gen.1
GoogleDetected
AhnLab-V3Trojan/Win32.Buzus.R15409
BitDefenderThetaGen:NN.ZexaF.34646.oq3@aOkLyOd
MAXmalware (ai score=82)
VBA32Trojan.Buzus
MalwarebytesMalware.AI.1456040186
PandaTrj/Genetic.gen
TencentMalware.Win32.Gencirc.10bc99e1
IkarusTrojan.Win32.Buzus
FortinetW32/Kryptik.AL!tr
AVGWin32:Kryptik-HAX [Trj]
AvastWin32:Kryptik-HAX [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32/Injector.NTT?

Win32/Injector.NTT removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment