» injector.exe
Overview
Analysis
File Details
Downloads (2)

injector.exe

File name:

injector.exe

MD5:

71ce57e8d34e5d7071f1660fd32d4fa2

SHA-1:

96c17a565017e89406d7704dea22e8666a1f799c

SHA-256:

5e36ea0ba5c90780711b6934e89d92424b9a7a362d98a412e3a94e43e8b4ae78

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

12/26/2024 3:05:31 AM UTC (today)

Scan engine

Detection

Engine version

F-Prot

W32/SecRisk-ProcessPatcher-Sml-

4.6.5.141

VIPRE Antivirus

RiskTool.Win32.ProcessPatcher.Sml!cobra

47720

File size:

13.5 KB (13,824 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\injector.exe

File PE Metadata

Compilation timestamp:

2/6/2016 5:48:29 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

12.0

CTPH (ssdeep):

192:F4XpRT2eLmnVk+txQtsu53YHD9f+eTaYL2eMVkdunC9JmfrA3K1PPKNxA:UCeKK+txQautYJHOc9Jmfrt3Kc

Entry address:

0x2095

Entry point:

E8, 47, 04, 00, 00, E9, 91, FE, FF, FF, 55, 8B, EC, FF, 15, 48, 30, 40, 00, 6A, 01, A3, 24, 54, 40, 00, E8, 40, 05, 00, 00, FF, 75, 08, E8, 3E, 05, 00, 00, 83, 3D, 24, 54, 40, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 26, 05, 00, 00, 59, 68, 09, 04, 00, C0, E8, 27, 05, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 38, 05, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 08, 52, 40, 00, 89, 0D, 04, 52, 40, 00, 89, 15, 00, 52, 40, 00, 89, 1D, FC, 51, 40, 00, 89, 35, F8, 51, 40, 00, 89, 3D, F4... 
[+]

Entropy:

5.6962

Code size:

6 KB (6,144 bytes)

The file injector.exe has been seen being distributed by the following 2 URLs.

https://onedrive.live.com/download.aspx?cid=6F39284C57529623&authKey=!AHtXuB9YNrsndrY&resid=6F39284C57529623!178&ithint=.exe

https://ln.sync.com/mfs/.../injector.exe

Scan injector.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.