Blade_Injector[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Blade_Injector.exe
Size

1.3MB
MD5

9b70bfa14daeb54944e42b02f488797f
SHA1

321c8915e7c33060954a15f9744e87f57a522486
SHA256

41e4b26a61a4906145cc4a6751682888e9ba19f7e2d71f6500548e97c9b6f6a6
SHA512

d963b61d45e1671d9fbce1c87d37973c1a42cceac6473688c79ca25143e0350a0caa6fd3466e8eee6b901ebe10e487c357b477bfd6d0cc30b4ccb31953fb0cc8
SSDEEP

24576:/BRuX+xCvNQt5r4FlTPq5NZdM2mel9Zq5Ounp:/BRuXrvNQbzrn9Zq5Dn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Blade_Injector.exe

Files

Blade_Injector.exe
.exe windows:6 windows x64 arch:x64

931e373742a954d8d6f3e53fdd6643e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\gburb\Desktop\TnyavnTos-Module-Injector-1.0.0.5\Build\SimpleModuleInjector.pdb

Imports

kernel32

Process32FirstW
Process32NextW
Sleep
GetModuleHandleW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
RaiseException
GetStartupInfoW
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
CreateToolhelp32Snapshot
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
CopyFileW
CreateDirectoryExW
DeviceIoControl
AreFileApisANSI
GetTempPathW
SetFileTime
SetFileInformationByHandle
SetFileAttributesW
GetFullPathNameW
LoadLibraryA
VirtualFreeEx
MapViewOfFile
CreateFileMappingW
WriteProcessMemory
VirtualAllocEx
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLocaleInfoEx
FormatMessageA
LocalFree
VirtualQuery
OpenProcess
GetExitCodeThread
CreateRemoteThread
WaitForSingleObject
GetLastError
CloseHandle
UnhandledExceptionFilter
CreateFileA

user32

GetKeyState
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
GetDC
ReleaseDC
TrackMouseEvent
SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
LoadCursorW
MonitorFromWindow
SetProcessDPIAware
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
PostQuitMessage
DefWindowProcW
MessageBoxA
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
PeekMessageW
DispatchMessageW
GetClientRect
TranslateMessage

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

comdlg32

GetOpenFileNameA

msvcp140d

??1_Lockit@std@@QEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Mbrtowc
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z

d3d11

D3D11CreateDeviceAndSwapChain

shlwapi

PathFindFileNameA

imm32

ImmReleaseContext
ImmAssociateContextEx
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

d3dcompiler_47

D3DCompile

dwmapi

DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
DwmGetColorizationColor

vcruntime140d

__C_specific_handler
memcpy
memmove
memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__vcrt_LoadLibraryExW
memchr
memcmp
strstr
strchr
__vcrt_GetModuleHandleW
__current_exception
__current_exception_context
__C_specific_handler_noexcept
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

_crt_at_quick_exit
_cexit
_CrtDbgReportW
terminate
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_fmode
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_execute_onexit_table
_wsplitpath_s
wcscpy_s
qsort
_register_onexit_function
malloc
free
__stdio_common_vsscanf
__stdio_common_vsprintf
fwrite
ftell
fseek
fread
fflush
fclose
_wfopen
__acrt_iob_func
strncpy
strcmp
getenv
_initialize_onexit_table
strtol
_errno
_initialize_narrow_environment
_calloc_dbg
strlen
wcslen
_invalid_parameter
_configure_narrow_argv
_seh_filter_dll
_callnewh
_malloc_dbg
_free_dbg
abort
___lc_codepage_func
powf
logf
atan2f
pow
log
atof
ceilf
acosf
sinf
floorf
cosf
strncmp
strcpy
toupper
fabs
sqrtf
_wmakepath_s
fmodf
_crt_atexit
_CrtDbgReport

Sections

.text
Size: 967KB - Virtual size: 967KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

931e373742a954d8d6f3e53fdd6643e5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

msvcp140d

d3d11

shlwapi

imm32

d3dcompiler_47

dwmapi

vcruntime140d

vcruntime140_1d

ucrtbased

Sections

.text Size: 967KB - Virtual size: 967KB

.rdata Size: 274KB - Virtual size: 273KB

.data Size: 19KB - Virtual size: 47KB

.pdata Size: 35KB - Virtual size: 34KB

.msvcjmc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 967KB - Virtual size: 967KB

.rdata
Size: 274KB - Virtual size: 273KB

.data
Size: 19KB - Virtual size: 47KB

.pdata
Size: 35KB - Virtual size: 34KB

.msvcjmc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB