Imian-ARK-Injector[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Imian-ARK-Injector.exe
Size

1.3MB
MD5

0c6411e58aef664be9f2c8e8efca48be
SHA1

46fd1ab83d96afc1f7889b43abb1c2d4043c1cd4
SHA256

095f2830896ad0ae8cfb6536ed63fc19a031d42dc53a38f6fcc0912d90d28501
SHA512

523aff5f108729e0519776ebf5554ac144f00e16b8b19490212c1734f0ca9a65873cf30d02399b2b74d86d304743c1b0411de6a4d7a4d38b29da3d47a8eed90c
SSDEEP

24576:pMjzGsTf1ETBFZ/qv3952BK1KQQW5tBh0lhSMXlDy+H8Q4:p+N0DZ+5kKTRrIOK4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Imian-ARK-Injector.exe

Files

Imian-ARK-Injector.exe
.exe windows:6 windows x64 arch:x64

ae19b2f65642718385b1fd8d3687c3e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\rager\Desktop\Imian-ARK-Injector\x64\Release\Imian-ARK-Injector.pdb

Imports

urlmon

URLDownloadToCacheFileW

wininet

InternetCheckConnectionW

dbghelp

SymUnloadModule64
SymSetOptions
SymLoadModuleExW
SymInitializeW
SymFromName
SymCleanup

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
CreateDirectoryW
Process32First
CreateToolhelp32Snapshot
Sleep
GetLastError
Process32Next
CloseHandle
LocalFree
FormatMessageA
CreateEventA
GetHandleInformation
GetFullPathNameW
lstrlenW
WaitForSingleObject
OpenProcess
GetTickCount64
SetEvent
DeleteFileW
ResetEvent
ReadProcessMemory
QueryFullProcessImageNameW
GetCurrentProcess
DuplicateHandle
GetProcessId
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
VirtualFreeEx
GetCurrentProcessId
GetProcAddress
CreateProcessW
GetModuleHandleW
SetEnvironmentVariableW
Module32FirstW
Module32NextW
GetModuleHandleA
LoadLibraryExW
TerminateProcess
GetExitCodeProcess
WaitForMultipleObjects
GetTickCount
Wow64SetThreadContext
Wow64GetThreadContext
ResumeThread
GetExitCodeThread
TerminateThread
GetThreadId
GetThreadContext
SetThreadContext
LoadLibraryW
FreeLibrary
lstrcmpiW
IsWow64Process
OpenThread
GetCurrentThreadId
QueueUserAPC
VirtualFree
VirtualAlloc
CreateFileW
GetFileAttributesExW
CopyFileW
SuspendThread
GetModuleFileNameW
GetTempPathW
GetFileAttributesW
QueryPerformanceCounter
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetProcessHeap
SetStdHandle
CreateEventExA
DeleteCriticalSection
HeapSize
HeapReAlloc
GetTimeZoneInformation
ReadConsoleW
SetEndOfFile
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetFileSizeEx
GetFileType
HeapAlloc
HeapFree
SetLastError
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
RtlPcToFileHeader
RaiseException
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCPInfo
RtlUnwindEx
InterlockedPushEntrySList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
MoveFileExW
ExitProcess
GetStdHandle
WriteFile
WriteConsoleW

user32

MessageBoxA
PostThreadMessageW

advapi32

CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
OpenProcessToken

shell32

ShellExecuteA
SHGetKnownFolderPath

ole32

StringFromGUID2
CoTaskMemFree
CoGetApartmentType
CoGetObjectContext

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpQueryDataAvailable

shlwapi

PathIsRelativeW

wtsapi32

WTSQueryUserToken

Exports

Exports

DotNet_InjectA
DotNet_InjectW
DotNet_Inject_Internal
GetDownloadProgress
GetDownloadProgressEx
GetImportState
GetSymbolState
GetVersionA
GetVersionW
InjectA
InjectW
Inject_Internal
InterruptDownload
InterruptDownloadEx
InterruptInjection
InterruptInjectionEx
Memory_Inject
RestoreInjectionFunctions
SetRawPrintCallback
StartDownload
ValidateInjectionFunctions
g_LibraryState

Sections

.text
Size: 706KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.inj_sec
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mmap_se
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.veh_sec
Size: 512B - Virtual size: 246B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

wow64_se
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae19b2f65642718385b1fd8d3687c3e8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

wininet

dbghelp

kernel32

user32

advapi32

shell32

ole32

winhttp

shlwapi

wtsapi32

Exports

Exports

Sections

.text Size: 706KB - Virtual size: 705KB

.inj_sec Size: 2KB - Virtual size: 1KB

.mmap_se Size: 9KB - Virtual size: 9KB

.veh_sec Size: 512B - Virtual size: 246B

.rdata Size: 326KB - Virtual size: 326KB

.data Size: 33KB - Virtual size: 47KB

.pdata Size: 29KB - Virtual size: 29KB

_RDATA Size: 512B - Virtual size: 348B

wow64_se Size: 10KB - Virtual size: 10KB

.rsrc Size: 213KB - Virtual size: 213KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 706KB - Virtual size: 705KB

.inj_sec
Size: 2KB - Virtual size: 1KB

.mmap_se
Size: 9KB - Virtual size: 9KB

.veh_sec
Size: 512B - Virtual size: 246B

.rdata
Size: 326KB - Virtual size: 326KB

.data
Size: 33KB - Virtual size: 47KB

.pdata
Size: 29KB - Virtual size: 29KB

_RDATA
Size: 512B - Virtual size: 348B

wow64_se
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 213KB - Virtual size: 213KB

.reloc
Size: 6KB - Virtual size: 6KB