Injector[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Injector.exe
Size

444KB
MD5

1d5ea2237fd0346a3c79a2981edf7d69
SHA1

8919c98972b9cc38ee495d7d5622a27161bc5fb9
SHA256

0d2eab428a359c0bdff84687e1e565e5191d5fd8ba77c72d553a462b00c164d7
SHA512

5ab31a1cdf4a72f1a3360a6d368c647c6920d541061c6467a4aa5dda9e81a96083add8fb0135518d5c1dcceb984adfe375bb3c788c77c5de5caa51bfa27f6942
SSDEEP

12288:aA0yr4FHplioRxSMYYYoQkL73/7fTHTbfyKSOqauWKa5ZF1pxNpZVRz+zcvbG4Tg:eN+zcvb8vN7CuEmH

Score

8^/10

injector

Malware Config

Signatures

Detected 'nefarius' open source injector. 1 IoCs

injector

resource	yara_rule
sample	nefarius_injector

Files

Injector.exe
.exe windows x86

6cbc466640e44bb4c6978cc70155ef36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsRelativeW

kernel32

WriteProcessMemory
GetCurrentProcess
GetModuleFileNameW
WaitForSingleObject
GetFileAttributesW
OpenProcess
CreateToolhelp32Snapshot
GetExitCodeThread
GetLastError
Process32NextW
Process32FirstW
CloseHandle
Module32FirstW
GetProcAddress
SetStdHandle
GetModuleHandleW
CreateRemoteThread
Module32NextW
VirtualFreeEx
CreateFileW
GetCurrentThreadId
GetTimeFormatW
GetCurrentProcessId
GetDateFormatW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetProcessHeap
HeapSize
VirtualAllocEx
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
WriteConsoleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP

user32

FindWindowW
GetWindowThreadProcessId

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

Sections

.text
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cbc466640e44bb4c6978cc70155ef36

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

Sections

.text Size: 321KB - Virtual size: 321KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 7KB - Virtual size: 10KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 321KB - Virtual size: 321KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 7KB - Virtual size: 10KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 16KB - Virtual size: 16KB