Home / malware VirTool:Win32/Injector.T
First posted on 18 April 2012.
Source: MicrosoftAliases :
There are no other names known for VirTool:Win32/Injector.T.
Explanation :
VirTool:Win32/Injector.T is a detection for malware that uses a certain method of code obfuscation in order to avoid detection. This malware injects other code into a newly spawned process and directly executes it in memory.
Top
VirTool:Win32/Injector.T is a detection for malware that uses a certain method of code obfuscation in order to avoid detection. This malware injects other code into a newly spawned process and directly executes it in memory. InstallationThe injector stores embedded malware as an encrypted resource, which it decrypts using a Windows API. The decompressed executable, detected as Worm:Win32/Rimecud.B, is injected into a newly created process. The injected code is then executed. Additional InformationThe injector may also contain various checks for Virtual Machines and System tools in order to hinder analysis. The injector is known to be used by, but not limited to, the following malware families: Worm:Win32/Pushbot Worm:Win32/Hamweq Worm:Win32/Rimecud PWS:Win32/Zbot Backdoor:Win32/Bifrose Backdoor:Win32/Rbot
Analysis by Jingli LiLast update 18 April 2012
