Home / malware VirTool:MSIL/Injector.gen!A
First posted on 19 October 2010.
Source: SecurityHomeAliases :
VirTool:MSIL/Injector.gen!A is also known as Trojan-Dropper.MSIL.StubRC.cgc (Kaspersky), W32/Suspicious_Gen2.AZKEX (Norman), Trojan.DR.Dunik.CPB (VirusBuster), Trojan horse Dropper.Small.CLX (AVG), Win32.HLLW.Autoruner.25074 (Dr.Web), Trojan-Dropper.MSIL (Ikarus), Mal/EncPk-SU (Sophos), Trojan.Win32.Generic.pak!cobra (Sunbelt Software).
Explanation :
VirTool:MSIL/Injector.gen!A is a generic detection for injectors that have been written using MSIL (Microsoft Intermediate Language) that inject code into running processes. The malware hides its payload by injecting the payload into a running process, therefore making the program harder to detect.
Top
VirTool:MSIL/Injector.gen!A is a generic detection for injectors that have been written using MSIL (Microsoft Intermediate Language) that inject code into running processes. The malware hides its payload by injecting the payload into a running process, therefore making the program harder to detect. A malicious file is generally encrypted/and or compressed and stored inside another program, which decodes the malicious file and loads it. The malicious program may be injected into a clean process or loaded in a new process of its own. Unlike a €œdropper€, the malicious executable is never written to disk as a separate file. Malicious programs detected as VirTool:MSIL/Injector.gen!A can have virtually any purpose, as this technique is utilized by many different malware families in the wild in order to protect them from detection or analysis.
Analysis by Michael JohnsonLast update 19 October 2010
