injector[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

injector.exe
Size

1009KB
MD5

45d8d1d19f6a4b269df855b558378a1e
SHA1

f8b6d131bc9ae58c68af61f92525d78dcdf3a2db
SHA256

392cdd28030f63de28cd04c5e6a0851fb07a2b3e7d0a66745c691f4291572884
SHA512

9332768c2ff528186ad533e69caf59af5ebc00153d65bebfa0fd44092c8c068ed7238bd84e7a321ec8a7da38faaccd796639f603bb58970e18dd174eb414da45
SSDEEP

24576:cnqRYKCzDIJJzqR5PKuUetkHLNe4CbueHO5M8cjcYf1JKI:w9IY5Cu5GCbuen8cjcYjK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
injector.exe

Files

injector.exe
.exe windows x64

a1dd88880928c24fdc4c113676d30cfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Process32First
CreateToolhelp32Snapshot
Process32Next
GetExitCodeProcess
VirtualAllocEx
VirtualProtectEx
LoadLibraryA
GetProcAddress
RtlAddFunctionTable
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
DeleteProcThreadAttributeList
FormatMessageA
LocalFree
GetModuleHandleW
GetStdHandle
SetConsoleTextAttribute
ReleaseSRWLockShared
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
UpdateProcThreadAttribute
CloseHandle
GetLastError
Sleep
OpenProcess
ResumeThread
InitializeProcThreadAttributeList
ReadProcessMemory
GetCurrentProcess
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
AcquireSRWLockExclusive
AcquireSRWLockShared
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive

comdlg32

GetOpenFileNameA

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
RegGetValueW
CreateProcessAsUserA

msvcp140

??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??Bid@locale@std@@QEAA_KXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
_Xtime_get_ticks
?_Incref@facet@locale@std@@UEAAXXZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Strcoll
?_Syserror_map@std@@YAPEBDH@Z
?id@?$collate@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Strxfrm
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strchr
__C_specific_handler
_CxxThrowException
_purecall
__current_exception_context
memset
__std_exception_copy
memmove
__std_exception_destroy
memcmp
__std_terminate
memcpy
__current_exception

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
realloc
free
malloc

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_set_app_type
terminate
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_initterm_e
_c_exit
__p___argv
__p___argc
_exit
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
exit
_seh_filter_exe
system

api-ms-win-crt-stdio-l1-1-0

fseek
__stdio_common_vsprintf
fclose
fputs
ftell
fread
__acrt_iob_func
__stdio_common_vfprintf
fflush
fsetpos
_fseeki64
fgetpos
fwrite
fgetc
ungetc
fputc
_get_stream_buffer_pointers
fopen_s
__p__commode
__stdio_common_vsprintf_s
_set_fmode
setvbuf

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_gmtime64_s

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 664KB - Virtual size: 663KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1dd88880928c24fdc4c113676d30cfe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comdlg32

advapi32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 232KB - Virtual size: 232KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 664KB - Virtual size: 663KB

.reloc Size: 512B - Virtual size: 476B

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 232KB - Virtual size: 232KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 664KB - Virtual size: 663KB

.reloc
Size: 512B - Virtual size: 476B