Threat Database Trojans Trojan.Injector.AK

Trojan.Injector.AK

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 13,198
Threat Level: 80 % (High)
Infected Computers: 24
First Seen: May 25, 2021
Last Seen: April 10, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Injector.AK
Signature status: Hash Mismatch

Known Samples

MD5: 831f39d80b505e9426947a5f6ceeae82
SHA1: 73c65bd963ff4748a84756ccc2dc12595a2be499
SHA256: 3CB7D1849918290A17FCFFFD904CA832A9656DE053EAB88AE5817B211556373E
File Size: 4.13 MB, 4129616 bytes
MD5: 8d66b5306e21a25724feaeb437107dbd
SHA1: bd2857dc207ff9c17e97ef5b16599024e06a9455
SHA256: 121C1C8FA7898C0BA0767F6F4B8FCE35510097B9CDB861D38D579AE63128C61B
File Size: 1.62 MB, 1621952 bytes
MD5: e373d14a71502c284d839de567bd5fac
SHA1: fab0802c3978f096223ff3b29188c3617e3cfa62
SHA256: 6902FB93AC6A7C6A7F1F4E6DDE2ED968D452488D61935C5700D09919A37508C8
File Size: 1.03 MB, 1026712 bytes
MD5: ad183da19c56cbfea97555abb6c2b1b1
SHA1: d46ff48daeedfebf9dd33b339a358e194e0d9fcf
SHA256: 135F302BF50A9579824205C9AEE1A832E886BB0A0189EAECFBC75CED73A884E3
File Size: 1.46 MB, 1455536 bytes
MD5: 108849450dd8410bf6217c9a7af82ab3
SHA1: 952ffa71595f56f58d0a392e0e86c6bf8c2a8aad
SHA256: BE5A5E44DDCC8EB6D94FDB484246A4D3A6B41568BEC7EB825AC633B9A27DCD44
File Size: 465.68 KB, 465680 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments Weiqi Updater
Company Name
  • Kingsoft Corporation
  • Microsoft Corporation
  • Netmarble Games
  • TODO: Snail Games
  • UCWeb Inc.
  • Корпорация Майкрософт
Company Short Name UCWeb Inc.
File Description
  • CAB-файл с автоизвлечением
  • gamefetch
  • Self-Extracting Cabinet
  • UC浏览器
  • Weiqi Updater
  • 猎豹安全浏览器诊断专家
File Version
  • 6.2.4094.1
  • 6.1.0022.5 (SRV03_QFE.031113-0918)
  • 5.9.111.14278
  • 1.0.0.1
  • 1, 0, 0, 12
Internal Name
  • FixBrowser
  • GameFetchEx.exe
  • setup
  • SFXCAB.EXE
  • Weiqi Updater
Last Change 60e03d5abd381c718d56842246c8e2b685afc391
Legal Copyright
  • (C) Snail Games。保留所有权利。
  • Copyright (C) 2013 Netmarble Games
  • Copyright (C) 2015 Kingsoft Corporation
  • Copyright 2008-2017 UCWeb Inc. All rights reserved.
  • © Microsoft Corporation. All rights reserved.
  • © Корпорация Майкрософт. Все права защищены.
Official Build
  • 1
Original Filename
  • FixBrowser.exe
  • GameFetchEx.exe
  • SFXCAB.EXE
  • WeiqiUpdater.exe
Product Name
  • gamefetch
  • Microsoft® Windows® Operating System
  • UC浏览器
  • Weiqi Updater
  • Операционная система Microsoft® Windows®
  • 猎豹安全浏览器
Product Short Name UC浏览器
Product Version
  • 6.2.4094.1
  • 6.1.0022.5
  • 5.9.111.14278
  • 1.0.0.1
  • 1, 0, 0, 12
Special Build 200909101648

Digital Signatures

Signer Root Status
Adobe Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Microsoft Corporation Microsoft Root Authority Hash Mismatch
SuZhou Snail Digital Technology Co., Ltd thawte Primary Root CA Hash Mismatch

File Traits

  • CAB SFX
  • Default Version Info
  • HighEntropy
  • Installer Manifest
  • Installer Version
  • ntdll
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 1,552
Potentially Malicious Blocks: 2
Whitelisted Blocks: 1,543
Unknown Blocks: 7

Visual Map

0 0 0 0 0 0 ? 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 2 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1 1 0 3 1 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 1 0 0 1 1 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\$shtdwn$.req Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\eula.1049.txt Generic Write,Read Attributes
c:\globdata.ini Generic Write,Read Attributes
c:\install.exe Generic Write,Read Attributes
c:\install.ini Generic Write,Read Attributes
c:\install.res.1049.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\chromium_installer.log Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\dd_vcredistui0e8a.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\fixbrowser.log Generic Write,Read Attributes
c:\vc_red.cab Generic Write,Read Attributes
Show More
c:\vc_red.msi Generic Write,Read Attributes
c:\vcredist.bmp Generic Write,Read Attributes

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx

Shell Command Execution

\.\install.exe

Trending

Most Viewed

Loading...