Injector[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Injector.exe
Size

5.3MB
MD5

26c5ff7834f420050ba5338f7d0f4bd0
SHA1

a4b5c4e0ca0602bee55f25aa4ab24c9bebd9487e
SHA256

2c6c76d97394e2cc3a70377d8f9b34cfd1856ab8a1cb8f2b4483eae8d7f824f9
SHA512

6d8bb5c434c1ebde25d57d8b374fbec8afb78a87fe399656e529c623bbad965ba3bf37a4e1cf6b26ecd04a1d93523b88a99907316057cccd58ddacc5fcd7cc02
SSDEEP

98304:lr+zN/rWoOCNV7wAolITTYYQ6kFsuvMFo3pBMHNrri5hL15inysYcndTIJE4/AgG:kz9pOMAUrUsIeufMtrU55iQcnoX/I

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Injector.exe

Files

Injector.exe
.exe windows:6 windows x64 arch:x64

9fdaf4a4208ea5d0ceb7d53833e1e290

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Process32First
WriteProcessMemory
SetConsoleTitleA
LoadLibraryExA
GetCurrentDirectoryA
OpenProcess
CreateToolhelp32Snapshot
LoadLibraryA
Process32Next
CloseHandle
VirtualProtectEx
GetProcAddress
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetWindowsHookExA
PostThreadMessageA
IsWindowVisible
GetWindowThreadProcessId
FindWindowA
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

msvcp140

?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?good@ios_base@std@@QEBA_NXZ
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPEBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Query_perf_counter
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Thrd_detach

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
memcpy
__std_exception_copy
__std_terminate
_CxxThrowException
__current_exception
__current_exception_context
__std_exception_destroy
memmove
memset

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_cexit
__p___argv
__p___argc
_crt_atexit
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
_set_app_type
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_invalid_parameter_noinfo_noreturn
terminate
system
_beginthreadex
exit

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Exports

Exports

��Lh�W�/P��$�6]�pwx�F8?��$��ӵ˂ ��-ǡ�� }�lX,<��:3��ֻ�.y��V��"��OKg�Ɋ��}�I XE�輁��<%G��8ڦN~o��c��m��Oa�Rt�Զ�A��!��bpԎ�a�V��CNg�q��,t��/��+��gQB�˻}A��W��زb�n8Uo/��0O��R��5@a��2 �N��s�j��1%e`�q�L�}G:��,��[X��Z9��v��}8��c��N�W?{C��hl��E��aH ��vLr8�v�花F*&K&�V�C�4��O��+�읱^�֖_*��t�!/�|(63�#��%��I�{��/b��l�i��_��Q�pX��"+D�V)��\tN5�0[�?.�|d(IR\��x�k�߭j%-��f��?�#ջ��M[�8&JL��)�_v��=��o0 7��C?�q&1:s��WS"��!j��p1�y� [�7J,�"�>�d1?_U�TW+r ��p�*�_h2i�V�F�jp��*@�6jw �u_��ԕ,�ؿ�n� FF`Aemش�_�;Ë��C��Κ�Z"0=n#S�E�-6��&*�i/L��5%��r��Hᕼ�5Aj��WI�j�7��d�gevT'E�m) x�T$@;��%��. ��J+b��Zzf��õ��]!�ב��G{w0\�$��S$��8��"��/�� xꈉSBKGo��@�ϭ��?�8�p>>RM.bNKH7��p�6��F��lNnk�Lצt�$�"�r��h^%u��_�W�S�8R��I�8�`ʝ{蟂��:�<�� ,W�FT�n)��.g�ݠ� )�H�>�y?5��Vl��@a��E��V��NjM��=�$�#-��I{��ʒ۴��Z�5>�,�R�8q�wju�'A��jD+ ��zfǱޜ��(l�,��)Tl)�k�ڒ� ��\X1_�{~�Yy�4��+\ҹ:�iQ��X�!��&c��X5�v6�.�&q�͵��w�t�ʣ!/Z�ɭ:��dć%*�\E[��{-��{blɳ1��^��'�!�vJ��N��3��#NS��F��eU��a;�.#��A�H�ϑ3��8�- ̔aDh�e̱�K�̲(��a��٥�j񪋜��?hZ ̮x��I��$�'��(��|��c wac��sF7ϫ��&FlE}ؚ��P �b�Z��)��ԲӋ��3��өlx�IR7��J�5m��WL��z�=��LD�j�܅V�()�׆?ٴ��e��E��h�6T�v��f��X�ua��1q8��}#��i$ �Cv¡v��ȕ��bo�Z�9�8�hK���S�|��46�e��dILx�� `<��D��^�~�L7�׮��Ck��|��@`��ה�*��y�E~1�S�W��[��`��dO��G��f��d��:5�.�auW�&-��>��Z~TM��&��E";��鞑��>8g-�n��=CL��!څ;r2�Q�l{�i�@w_O�̪VLZA�:9�uٳQ��;��͎�A�)�6f�a��_JH?�IQ�#��>�d��9��_��'P� �-Y֜��4��n�4�Q��Qx��\��*OUd��wJ��"�R��]Wrw��h��M��l8�jmC��%<��0��;�o7;�ힳ�)R�>0��w��Y��w�[��G��+�La;��ֿ�NW��]�� U��qW�7�6�:Ģ*�Ti�Se�aM2�r�1�QU8��~��m��i�D��GX�ݷ5��8�W�Ñ0Wz��m�L�nO��2R�k�@��t��ϔ��g+A�Eg3��Y4wEw�9��+p�Y� �� #�6�O58,��Ť��(T��;��9�#D>�`�˃��Mj�x�B��m�نNgs��?j��~�~Jj�V<��k�dcjli]��Ah��X��ݚ�1�f050�b�-�ų�-��B)�)��z�G5n��oo��+T�}�<�SQ/��Z��=��Cs?��T�%��Mob��"zSW��賠�x%Ti��07�� _>d/�4�N��{��G�U4�(�dc��p��}�`��[�I#�"�G��q��љuzI�*��7%R�4��^`��ҷ�'�� 5m��r��0_��W<��և�(�T'ɟy_��7�!l�O�c�"g��q��:�v�ށ�&ﾇ̀�|��o|�T8��{�q=��s��O��J_qa�Ϸ�'bZ�m�ޔ��$�K64�u��ӸlcMT%�\�wH��Z��K�O��s�� K'�Ǻ�W��+1a[��]��<U�v�C��U��WR��w��k@>,Z#��,V"ʏ,�� ,t�DU��!�2wd��@8P`�rno ��*��W��H��U�T��bj��-��LJ�2F��Gv.(��w�:�.U�EX(��8�@8>R��D�eh��>Z��P�a ��Q��6� ��|��VK�D$��F��px�>��p�M�bN�wKG4�e��mt#�yړ�<��P��Q�: ��^�k�� '�wxDΌ��R�N�y�$�;��^�7�![�8/��$KW�:nc��,L�u��Ulي�e]��vlEf3UD��̸{�0��6��Ļ��\W뉤��ԸЎ�-@.�;ɦJ��@2>9�{xҠ~8�eQL[c�{�T el$�&Ab�S��F�'a�l6)��=��Z�:�@f%��DM<MN �y�5lu�w�p^�ͱ!�O�)�F�=��`ߺhx�W7��=��@�� wɉ*��/2�

Sections

.text
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fdaf4a4208ea5d0ceb7d53833e1e290

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 12KB

.rdata Size: - Virtual size: 13KB

.data Size: - Virtual size: 1KB

.pdata Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 3.4MB

.vmp1 Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 512B - Virtual size: 216B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 12KB

.rdata
Size: - Virtual size: 13KB

.data
Size: - Virtual size: 1KB

.pdata
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 512B - Virtual size: 216B

.rsrc
Size: 512B - Virtual size: 469B