Malware

Win32/Injector.YHN removal tips

Malware Removal

The Win32/Injector.YHN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/Injector.YHN virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup

How to determine Win32/Injector.YHN?


File Info:

name: F9DAF45029523C674A02.mlw
path: /opt/CAPEv2/storage/binaries/c32ced14a1d4dc3fd306cf55d7f65c29007ab00c29b8b3f08bd992b99ece2269
crc32: B2E39B2E
md5: f9daf45029523c674a02c4348fafca1a
sha1: 670525e8804f9a38d51b2ed0a44f3d5416ef95bc
sha256: c32ced14a1d4dc3fd306cf55d7f65c29007ab00c29b8b3f08bd992b99ece2269
sha512: b3973aecb9670af5c1e3d884591d1af760eee98eebb9c8906e056bb4bf2912c6657177f374d0df316c03dbf509e2219262548acecd2c496786e03830a6556c33
ssdeep: 24576:CZkcYXyOjbvkEhkmWbay5h1XYQOQQ5rtwD24BXcO9hbj0d:CZkXjbJkmu1XYn7/wyVebj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11265BEA6FA908437EF230B7C8C7A99359475BDA21D35144D6BD87F889B373823932187
sha3_384: 58193b6f555e8028a749c86ad2cbde703d5f0853e68d0f0c5e4edbb8733dfeaa268592c0ad911fe9f7708e7fb5e813a0
ep_bytes: 558becb9280000006a006a004975f953
timestamp: 1992-06-19 22:22:17

Version Info:

0: [No Data]

Win32/Injector.YHN also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Delf.152
FireEyeGeneric.mg.f9daf45029523c67
CAT-QuickHealTrojan.Agent.9917
ALYacGen:Variant.Delf.152
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 7000000f1 )
BitDefenderGen:Variant.Delf.152
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.029523
ArcabitTrojan.Delf.152
BitDefenderThetaAI:Packer.68042D5919
CyrenW32/DelfInject.FN.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Injector.YHN
ClamAVWin.Malware.Midie-9816731-0
KasperskyTrojan.Win32.Agent.yznq
NANO-AntivirusTrojan.Win32.Agent.csknzu
RisingTrojan.Generic@AI.100 (RDMK:627e+gDQBiQRAcJN4gouuA)
Ad-AwareGen:Variant.Delf.152
TACHYONTrojan/W32.DP-Agent.1485312.B
EmsisoftGen:Variant.Delf.152 (B)
DrWebTrojan.Inject1.23160
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
SophosML/PE-A
APEXMalicious
JiangminTrojan/Agent.hlyg
AviraTR/Delf.Crypted.ME
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmTrojan.Win32.Agent.yznq
GDataGen:Variant.Delf.152
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Agent.R500431
Acronissuspicious
McAfeeGenericRXFP-ZY!F9DAF4502952
MAXmalware (ai score=83)
VBA32Trojan.Agent
MalwarebytesMalware.AI.1541142593
PandaTrj/Genetic.gen
TencentTrojan-ransom.Win32.Blocker.kjb
YandexTrojan.GenAsa!FITyXrvPyyU
IkarusTrojan.Win32.Agent
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Dropper.XUQ!tr
AVGWin32:MBRlock-DV [Trj]
AvastWin32:MBRlock-DV [Trj]
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Win32/Injector.YHN?

Win32/Injector.YHN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment