Multi-License Discount Quote

Change Region

English
Threat Database Trojans TR/Injector.EB.64

TR/Injector.EB.64

By Sumo3000 in Trojans

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 35
First Seen: April 12, 2013
Last Seen: October 14, 2025
OS(es) Affected: Windows

TR/Injector.EB.64 is a Trojan that proliferates via spam emails linked to Cupid written in German language and carrying confusing sources. The 'From' field suggests a name, the author of the email is another one and the contact email address in the email that is a completely different one. It looks like the girl looking for a German husband has some kind of personality disorder. The Russian girl sends a link to a harmful file called 'photo.jpg_______.exe' that is assumed to be a photo of herself. The harmful file is identified as TR/Injector.EB.64. If the victim opens and runs the file, the computer is affected by TR/Injector.EB.64.

File System Details

TR/Injector.EB.64 may create the following file(s):
Expand All | Collapse All
# File Name Detections
1. photo.jpg_______.exe

Analysis Report

General information

Family Name: Trojan.Zegost.M
Signature status: No Signature

Known Samples

MD5: 6a10ad7090717e7421af9d63daaedb22
SHA1: eaedc1d14b5d7014b8b6c70eea15b5f8576739c4
SHA256: BD9583680651E5D2AE3709CE6FDBBC7BD296DCFCDBC2163160B9F6B3BDFBC1E7
File Size: 598.11 KB, 598109 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Labeter 2005-2017
File Description Proteug 10 AppLication
File Version 7, 10, 33, 380
Internal Name Server.exe
Legal Copyright Proteug (C) 保留所有权利。
Original Filename Server.exe
Product Name TODO: <产品名>
Product Version 7, 10, 33, 380

File Traits

  • x86

Block Information

Total Blocks: 221
Potentially Malicious Blocks: 12
Whitelisted Blocks: 209
Unknown Blocks: 0

Visual Map

x x x x x x x x x x x x 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Exploit.YG
  • Gamehack.DSD
  • Gamehack.FHA
  • Genome.B
  • Juched.A
Show More
  • Zegost.MB

Files Modified

File Attributes
c:\windows\explorer.exe.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\services\superproserver::deletefiles c:\users\user\downloads\eaedc1d14b5d7014b8b6c70eea15b5f8576739c4_0000598109 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
Show More
HKLM\system\controlset001\services\superproserver::connectgroup ĬÈÏ·Ö×é RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • AdjustTokenPrivileges
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecute
Service Control
  • OpenSCManager
  • StartService

Shell Command Execution

open C:\WINDOWS\Explorer.EXE.exe

Trending

Most Viewed

Loading...