extreme injector v3.exe

Extreme Injector

master131

The application extreme injector v3.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. The file has been seen being downloaded from storage-ap-45.sharefile.com and multiple other hosts. While running, it connects to the Internet address a-0011.a-msedge.net on port 443.
Publisher:
master131

Product:
Extreme Injector

Version:
3.6.1.0

MD5:
03e95431ddc771ff719a5d5ff3d46136

SHA-1:
a874459b584486c2811390e9e5eb8cd3db61caaa

SHA-256:
fda70123008180f3dcdfc6ed3c74f5eb1fa2b9e7dc76c4d149ad351b158e4376

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 1:02:42 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.XPACK.Gen2
8.3.2.2

ESET NOD32
Win32/DllInject.DM potentially unsafe application
7.0.302.0

IKARUS anti.virus
Trojan.Win32.Crypt
t3scan.1.9.5.0

Malwarebytes
RiskWare.Injector.DC
v2015.09.20.06

McAfee
Artemis!03E95431DDC7
5600.6637

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Rising Antivirus
PE:Malware.RDM.33!5.27[F1]
23.00.65.15918

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
43842

File size:
1.2 MB (1,269,760 bytes)

Product version:
3.6.1.0

Copyright:
Copyright © 2015

Trademarks:
master131

Original file name:
Extreme Injector.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
9/6/2015 7:22:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:MqaT+Xm+HDDDDDDhmmC04KX5lEKBHJXDfurHjj3/cdzlwdhp5cT:7i+Xm2DDDDDDhmm5JpK2D+vqzld

Entry address:
0x132E8E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.4441

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.2 MB (1,249,280 bytes)

The file extreme injector v3.exe has been seen being distributed by the following 50 URLs.

https://storage-ap-45.sharefile.com/download.ashx?dt=dt1305617e2fc54abf9b46498a17b6a719&h=jspzEhmxc5nGtVKc1URC 1MLuDBLBIwe7f8ut9avGxQ=

https://storage-ap-38.sharefile.com/download.ashx?dt=dt855ac5cdab1440e1bc031739a04afdc2&h=8pVfBd8t52mLRkm7EEc0MvDss86h/.../zPgwHglUBJ8=

https://doc-0s-8g-docs.googleusercontent.com/docs/securesc/4hj23fshltj5p9dlm19nnpc3qb7maq9f/7eq9iv6pudv8jm9m8a4bqt2336p4tfhd/1480190400000/12270619705446435798/.../0BzdkjSVZYkvHeS1kWm5sYjd3ZDg?e=download

http://www28.zippyshare.com/d/GFR8D6bT/.../Extreme Injector v3.exe

https://storage-ap-38.sharefile.com/download.ashx?dt=dt19c346b6f7b74c36960983dede97fcfa&h=ySiBwQ9NJsHegOXCehc8PqC3VWIO lfPCk 8H4FQSVg=

https://storage-ap-45.sharefile.com/download.ashx?dt=dt9ea948ba417c4d028be1077172ac6883&h=7MG6eApeuOSQIhQSqfsR2QYin1zu8VXIXggsTYljAi4=

https://storage-ap-45.sharefile.com/download.ashx?dt=dt26024342764f4ed288abc32444181560&h=wSnw94zZQ8ASthTXgeCgtfZajVQs3S8NewRUlF0Fiqw=

blob:FAC9D151-49CC-4A3A-86EB-09877F8D29EA

https://storage-ap-38.sharefile.com/.../62nSV2A05oOvvJvCFCF6jHYpy8ROXHmWDSNBT8=

https://storage-ap-45.sharefile.com/download.ashx?dt=dtdaeb0b22271d46a6a635c04d8a56c36a&h=ceYWsxYtMhaejuV2HCDv43OSY0rVj138f3Zy28y5a28=

https://storage-ap-45.sharefile.com/download.ashx?dt=dt5ba85a105e9e487383baeec68a8e95ce&h=w51JRPGy7Ze0 rzroXRHLUP9lER0VibzmOMu55HzcnM=

https://mega.nz/persistent/.../gsNSjaYI

https://storage-ap-38.sharefile.com/download.ashx?dt=dtbe137c8c1dbb419981762b99c3cf16ca&h=2q6t1ZhqIbor7orioiPVvMRPMjixqVtNH2PsDoJ6S5Q=

https://cdn.discordapp.com/attachments/204127054453669888/.../Extreme_Injector_v3.exe

http://www.conecptcontentgrab.com/hSPLl07GT1S06eof_ yG918fl2DNPLhlRVV8JWEcQp6uX6zE_necIjqK8pvDhbD3hEjl3ZJyD9YORrSv_nK4z Am4pKe0E2DBkeDiqcfD5omcRjz1FWnlDOh9xwNTey2wXZyOgf4PN7sLHG7rzPdjJSmBWrx4PwaqTNSiZ9SH4EukdJLIm1mLH7 jgWLPCV ZMzUXy3988N4VEmXtOd6TITPR0GuJQ==-Ow==

https://storage-ap-45.sharefile.com/download.ashx?dt=dtf6aab25945f24675998ac6fcf11dbd41&h=rL 37lJFgVlz/d1PF/72QAHgmfiRw/.../B4Ih8vNfI=

https://mega.nz/temporary/.../4ps0CZAA

https://storage-ap-45.sharefile.com/.../6m5bYi9W3o=

https://storage-ap-45.sharefile.com/.../3Gf6WNMwFg=

http://online.b1.org/rest/online/download/.../Extreme Injector v3.exe

https://storage-ap-38.sharefile.com/download.ashx?dt=dt885e0a222f014468a36368b55018c9c3&h=bIPcegYKMwSpZTOqs4irRfnivYwtVyKBzFJ6ObmyBMM=

https://mega.nz/temporary/.../ikAh1KbT

http://www.filedropper.com/.../filedownload.php?id=extremeinjectorv361_12

https://storage-ap-38.sharefile.com/.../ fG4tfAJmPr9m68n18dsWzBCPs9l5wjC4f0r0NKc=

https://storage-ap-135.sharefile.com/download.ashx?dt=dtad97a7415cbd493682eade8f3ee061c1&h=Ak //.../8IIHjWvQhm7Crs=

http://www.conecptcontentgrab.com/hgx1Z2kGv4wYcVYAOXrKuB u3UPE3IshE0BjHPCT4Wgq8N7_KCzBGlwLzFPUKSxPOm86_oDAwjrjOMmjim36PxlahPMQLOi_O5vc27rOoMugNdWYpRW6p3vN uQbwgokxUiBILemB7eu0S8IcOhDH5 Ync3G1SEnOylfRDKeGwPo0Ukbfh3XZIthr33 OPY4hlPmvMuDST82jJCJYtXppdwaHKUFAQ==-Ow==

https://storage-ap-38.sharefile.com/.../u6nZpY2efEFjfk=

http://www.conecptcontentgrab.com/OChtLMXqfotDtrFChwStwoM_vd ULo6G3MvnafXH3TG3hYPFyXTfffXKSQ4lFAIGDVAvkD1mnEfTZ2OyjcDIKf4cYsQrANTOjRdegPlxqYrLJ8WpzpP3ZonwYGKED5E5sx0 fWqXGNQLE3Z75699aH3X2Sh7CK3RLkpp19eIU8oLYEZeAgqxKKYhbJS2d20P6W7UyAfOhBT4kqX2 gVlHeqjnLnh5g==-Ow==

https://storage-ap-45.sharefile.com/download.ashx?dt=dtd929034dd9184134906e3c2272e54c4a&h=puKBXXcYCRzeNN1islc3s8C1DZYsaz8IWTb7bHMS 9o=

http://www.conecptcontentgrab.com/fCTGir4g8PjSrLlI1e7wmrc0rOOUZfCSPy5b3KUCIatNq6NE22V2Napfs3BEt4zmdlafTEQp9ZdsPnHypg 81swJq0 J8mqa73zY349iR4IgfRxxau1LSEmopHSuUuYPVLDaxRU3rkmaqXOr6IE5KIaP58B_rTopIBPwB4 d0vnKaGt5ga7PZksU5bkXw0epxD_aynD6iPu8n5OllqmDmwZfj40aig==-Ow==

Latest 30 of 229 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to a-0011.a-msedge.net  (204.79.197.213:443)

Remove extreme injector v3.exe - Powered by Reason Core Security