c4394fb4daaf350cdbf5303d812e917e

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Oct-23 00:10:59
Comments
CompanyName master131
FileDescription Extreme Injector
FileVersion 3.7.2.0
InternalName Extreme Injector.exe
LegalCopyright Copyright © 2017
LegalTrademarks master131
OriginalFilename Extreme Injector.exe
ProductName Extreme Injector
ProductVersion 3.7.2.0
Assembly Version 3.7.2.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Suspicious PEiD Signature: Crunch 4
Malicious VirusTotal score: 43/73 (Scanned on 2020-06-25 04:07:20) MicroWorld-eScan: Application.Hacktool.ANO
FireEye: Generic.mg.c4394fb4daaf350c
CAT-QuickHeal: PUA.InjectorFC.S12590146
Cylance: Unsafe
Zillya: Trojan.DllInject.Win32.356
SUPERAntiSpyware: Trojan.Agent/Gen-Injector
Sangfor: Malware
CrowdStrike: win/malicious_confidence_90% (W)
K7GW: Unwanted-Program ( 00520cc31 )
K7AntiVirus: Unwanted-Program ( 00520cc31 )
Arcabit: Application.Hacktool.ANO
Invincea: heuristic
Symantec: Trojan.Gen.2
APEX: Malicious
Paloalto: generic.ml
Kaspersky: not-a-virus:HEUR:RiskTool.MSIL.Generic
BitDefender: Application.Hacktool.ANO
NANO-Antivirus: Trojan.Win32.DllInject.fcluxu
AegisLab: Trojan.Win32.Generic.llVQ
Ad-Aware: Application.Hacktool.ANO
Sophos: Generic PUA GK (PUA)
Comodo: Malware@#1nuni5recb1ux
VIPRE: Trojan.Win32.Generic!BT
TrendMicro: TROJ_GEN.R002C0PF420
McAfee-GW-Edition: GenericRXFK-KY!C4394FB4DAAF
Emsisoft: Application.Hacktool.ANO (B)
Webroot: W32.Injector
Fortinet: W32/DllInject.XQ!tr
Antiy-AVL: Trojan/Win32.BTSGeneric
Endgame: malicious (high confidence)
Microsoft: PUA:Win32/Presenoker
ZoneAlarm: not-a-virus:HEUR:RiskTool.MSIL.Generic
AhnLab-V3: HackTool/Win32.Injector.C3340657
McAfee: GenericRXFK-KY!C4394FB4DAAF
MAX: malware (ai score=100)
Malwarebytes: RiskWare.Injector.DC
ESET-NOD32: a variant of MSIL/DllInject.XQ potentially unsafe
TrendMicro-HouseCall: TROJ_GEN.R002C0PF420
Yandex: Trojan.Igent.bTKAcV.30
eGambit: Unsafe.AI_Score_99%
GData: Application.Hacktool.ANO
Panda: Trj/RnkBend.A
MaxSecure: Trojan.Malware.7164915.susgen

Hashes

MD5 c4394fb4daaf350cdbf5303d812e917e
SHA1 6a780c9f1c15e555b72640299b9c10e7927252f6
SHA256 0ac3387b6e0283c972722c2a6664ee23ac5ba10640d18b827e8732f5c57e7d2c
SHA3 7c8a7d0fdc5ba9cb654f9553352aff1983c03adf18e9e72028f7b8d0770938ac
SSDeep 49152:7oHuLeTSY8W7DDDDDDNc/9Lqd9gpaPk+hTM:7oHu29c/909gpa
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2017-Oct-23 00:10:59
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x1dee00
SizeOfInitializedData 0x4e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x001E0C1E (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x1e2000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1ea000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0x79844151
NumberOfRvaAndSizes 15

.text

MD5 6ac0b4749be5b1ee14d4df7da6473cdc
SHA1 acb84f9a19acad96e23f787af655c1b959e5948a
SHA256 39d61c061cffa35e9a0ea3e7c45e9a397032b58af560dd19a196c4e474b8ccb4
SHA3 2a05c41e61c197f38a3b0325fff17ce3c489de1520286b83423f444abd518bda
VirtualSize 0x1dec24
VirtualAddress 0x2000
SizeOfRawData 0x1dee00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.26228

.rsrc

MD5 c1a23cc74aea2d256b111c2adfb3ebf0
SHA1 d2f97049857a93ab4600f7eb9f16617d869aa77f
SHA256 150083ada3f7fe89db1cbf66ca20067f1f0b8f46aa643baf5fe6c9593a341326
SHA3 9a722fbe118af1c53e01def5d2d318854d742ee584c7f2ff721c472ed163e979
VirtualSize 0x4b98
VirtualAddress 0x1e2000
SizeOfRawData 0x4c00
PointerToRawData 0x1df000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.04068

.reloc

MD5 26a7968f85d1ed8b2e58692015015298
SHA1 bd9f42f32e360f3d89cea5c5d96c1dae6e889304
SHA256 a8d3e1d03e166138f4da2882bfad5f801fed477fd6711cd71f0a1dad282073f6
SHA3 2714dabb478c8a2c8561bef3e160b95ed9eea50f3bd0a5be34e1dbe63c401cf1
VirtualSize 0xc
VirtualAddress 0x1e8000
SizeOfRawData 0x200
PointerToRawData 0x1e3c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.48876
MD5 e76cc6366d6025be19fbbbd0b8a02a2a
SHA1 ac7d498bb5e315e5e6b81347a4e22d1f4b2d4a1f
SHA256 ca20a6f7c53b03e83029915dc9b8970dabaea0f4cad4ac4edcf506c4827f660f
SHA3 acfdf408240f9e39591321d80db57ed31e9845cd45b98e54bda09b1d58dca4bd

2

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.75208
MD5 cb4f380c6e551fbf139be039020e4ca7
SHA1 aa7f82c5363601b7c8e87b92ff730a0b002f6924
SHA256 3447b8b465e3094dbab27c49c65870432ca38ab4a5b7e314bca035926e6cb092
SHA3 7286e4a83ce90cc7f5cac4397fb954b42f01395638c702b89b9bd20363b3c92b

3

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.48935
MD5 9c997a7226c68372595e6bb58082e217
SHA1 86cbd7be57a98d9f43d127f1681cfa3e8acb9cc6
SHA256 124a500188c3db4087895504f1aa0068f446e7862d709c6bcb64f52d3a25b3f1
SHA3 f75d80dabbfe9bc03c04c8a9cb28b33a5f5d2a3bcbc692c7fbb5fb6a2138141c

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x30
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.45849
Detected Filetype Icon file
MD5 1ec6a7b3300970378c29695a6cc13d36
SHA1 99ce74251d19d800608e30bed6e0d793931da56e
SHA256 77a1efb6136f52dd2372987b13bf486aa75baeacb93bad009aa3e284c57b8694
SHA3 7a94ba315b3ab461cec9dad3048599d32b0e597047f9655159bd6dfdc694e4a3

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x37c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.35433
MD5 16f41363306b8b8026064991be53693d
SHA1 1e9d38f94b84bd191ad8b6a49f18cf2963e4ee4a
SHA256 2698da04e62c1b28bc736018b709636acbb26d4e335b6729c8cf6f57915852b9
SHA3 6950d286d5801de78e5b584e2042f854fbe870cff12e091aa5bab803eb7b5cb9

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0xb9f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.04023
MD5 8d178f6640424ccbde04dc2839c38485
SHA1 1b2449c0584816ba23be761a6b58d3a73a839132
SHA256 fcb1b49b9624f37788ce30acc67b3dede97c5ebf039458009bf8304c786c882c
SHA3 293d21179a311c882336db494b0af0e6ee9cea99e8f6767c43a50403e937e344

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 3.7.2.0
ProductVersion 3.7.2.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments
CompanyName master131
FileDescription Extreme Injector
FileVersion (#2) 3.7.2.0
InternalName Extreme Injector.exe
LegalCopyright Copyright © 2017
LegalTrademarks master131
OriginalFilename Extreme Injector.exe
ProductName Extreme Injector
ProductVersion (#2) 3.7.2.0
Assembly Version 3.7.2.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->