Inject[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Inject.exe
Size

22KB
MD5

1e78ac33742270f0eca70883134e9ca1
SHA1

9b5d7eef2f2df7131ef895e6582a9b480e4d1edf
SHA256

e541e2b06ac164ae1a1c5f47bb5af0aa49e9e34137c4e123fbec274eddc8f428
SHA512

86a9a1a60c7401acc12c650f719ebc3223c921b26aa8bc939753e292eaaa3c1092e2b7d24bdf55f3863e92dc902c3e079e580e14003bacb9c0ebe1fffff552ab
SSDEEP

384:nVrDfflGrVZYhACDentYeOHIoPINKOrmw8IQZoG0u7BVr5o7cl:VrD3OOhAOenDOlPc5Q6yVraAl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Inject.exe

Files

Inject.exe
.exe windows:6 windows x64 arch:x64

776fe4479171c71c6b13ccb72a7c5caf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\hgh50\Downloads\Injector\x64\Release\Inject.pdb

Imports

kernel32

Sleep
GetCurrentProcess
VirtualAllocEx
VirtualQueryEx
WriteProcessMemory
VirtualFreeEx
GetModuleHandleA
GetProcAddress
K32GetModuleInformation
CreateFileA
SetFilePointer
OpenThread
SuspendThread
OpenProcess
GetLastError
VirtualAlloc
VirtualFree
ReadProcessMemory
K32GetModuleBaseNameW
DuplicateHandle
RtlLookupFunctionEntry
ReadFile
GetFileSize
CloseHandle
CreateFileW
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
RtlCaptureContext
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?setf@ios_base@std@@QEAAHHH@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ

vcruntime140

__std_exception_copy
memset
__current_exception_context
__current_exception
__C_specific_handler
__std_terminate
_CxxThrowException
__std_exception_destroy
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
__p___wargv
_register_thread_local_exe_atexit_callback
terminate
__p___argc
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
exit
_cexit
_c_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

776fe4479171c71c6b13ccb72a7c5caf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 13KB

.pdata Size: 1024B - Virtual size: 768B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 92B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 13KB

.pdata
Size: 1024B - Virtual size: 768B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 92B