Threat Database Trojans Trojan.Injector.GSF

Trojan.Injector.GSF

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Injector.GSF
Signature status: Hash Mismatch

Known Samples

MD5: 4ddf40a13bb31a224c2b239caa651cb7
SHA1: 9eae7d56ee4c748a6f2017f00f2c3e3b02fb3ef2
SHA256: 7646BDC19E7D22CAFE18C35D33345D02065E4206AC80EE013D04508986064D75
File Size: 1.78 MB, 1779440 bytes
MD5: 3da6b9df096feeda0b3bdb3de9bbb053
SHA1: c056d6a38056779df6b7f85b48240cdaf54371dd
SHA256: 8C46E7FEBFE97D07B8D41D54A7392F0CB378136D47FDC65EFEF9D8AB3DCF0B77
File Size: 1.65 MB, 1654512 bytes
MD5: fa34f56da117fe337b7d536f162e4fe5
SHA1: 87915e2ac78fa89d89f60ed4a03931cc0edb8a2f
SHA256: D28039599DC1FE1E4B1D5CEDAE5800D42086C7972322B3316C1DBFA5665AD030
File Size: 2.47 MB, 2470536 bytes
MD5: e481b6e876b8dfc5e210f6d7edf5162a
SHA1: ecb6a702182a3e87315f0097c622580a4c91df5a
SHA256: 0C8FF3C614ADC6127863BDC229854D4C5B5F77E36BF578AF2EC662C7BBBA0511
File Size: 2.49 MB, 2488968 bytes
MD5: 4fed345536a5077f7698ffae3884e742
SHA1: 58a520f6d401c368a23aa76a583770158ec6bbe5
SHA256: 391BEBFE667BE40E1A1EE6CF1DF66353C0A17FE8BA78BCBE37AE09657EFA6FC0
File Size: 1.88 MB, 1877832 bytes
Show More
MD5: 0c347c00021e023a84e9641a794b5c1c
SHA1: c197a6249917b02ce4669f1848969b55d87132d8
SHA256: 9109FFD0652D8B2BCC5870E62A44865A923133646341C19CD074175BC6B25825
File Size: 1.86 MB, 1858680 bytes
MD5: 46ec0f2235edc0a7004e1201a3fb4bb1
SHA1: 6bdfb566137e6ca50dd1e1217245b088754b1fa4
SHA256: 5C8C8D98C55A213DFCF1F4B76497276E8DF2D7A15032ADAE1CE6D91F4AA96F74
File Size: 2.20 MB, 2204808 bytes
MD5: f83bfddc93b25633a89263b8ee6df4a8
SHA1: 625a25f95d60443b5fb92ffd1400bec51a37a56c
SHA256: 8124580668ADBF6D9CFBA43BB2F4E0075F3CA923EF4D19C52BCC34B093460ED8
File Size: 1.66 MB, 1657160 bytes
MD5: 1ca49b2378ac7a8ad757f55b4901eefe
SHA1: 58f3bcd81942048f5758a8465cde5d17058816b4
SHA256: 2848FE91A1F2332732FCEF31297C492E54190C26433C26FB276BFF2AF3219BB1
File Size: 1.79 MB, 1790792 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Epic Games, Inc.
  • PageBites, Inc
  • voidtools
File Description
  • Easy Anti-Cheat Service (EOS)
  • Everything
  • Everything Setup
  • ImoSetup
File Version
  • 1.4.15
  • 1.4.1.986
Internal Name
  • Easy Anti-Cheat Service (EOS)
  • Everything
  • setup
Legal Copyright
  • Copyright (c) 2019 David Carpenter
  • Copyright (c) PageBites, Inc. All rights reserved.
  • Copyright Epic Games, Inc. All Rights Reserved.
  • Copyright © 2020 voidtools
Original Filename
  • Everything.exe
  • ImoSetup.exe
Product Name
  • Easy Anti-Cheat Service (EOS)
  • Everything
  • ImoSetup
Product Version
  • 1.4.15
  • 1.4.1.986
  • 1.4.0

Digital Signatures

Signer Root Status
voidtools DigiCert SHA2 Assured ID Code Signing CA Hash Mismatch
EasyAntiCheat Oy GlobalSign Code Signing Root R45 Hash Mismatch
Pagebites, Inc. SSL.com Code Signing Intermediate CA RSA R1 Hash Mismatch
F.lux Software LLC Sectigo Public Code Signing Root R46 Hash Mismatch

File Traits

  • 2+ executable sections
  • golang
  • HighEntropy
  • Installer Version
  • No Version Info
  • x64

Block Information

Total Blocks: 512
Potentially Malicious Blocks: 154
Whitelisted Blocks: 358
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x x x 0 x 0 x 0 0 0 0 0 0 x 0 x x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 x x x 0 x 0 0 0 0 0 x 0 0 0 x 0 x x x 0 0 0 0 x 0 x x x 0 0 x 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 x x x x 0 x x 0 x 0 x 0 0 0 x x 0 x 0 x x x 0 0 x 0 0 0 0 0 0 0 x 0 0 x x 0 0 0 0 0 x 0 x 0 x x x 0 x 0 0 x 0 x 0 x x 0 x 0 0 x x x x 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x 0 0 x 0 x x x x 0 x 0 x 0 0 0 0 0 x x x x 0 0 x x x 0 x x 0 x x 0 x 0 x x 0 0 0 0 0 x 0 x x 0 x 0 0 x 0 0 x 0 0 x 0 0 0 0 x x 0 0 0 0 0 x 0 0 x 0 x 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x x 0 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 x 0 x x x 0 0 0 0 x x 0 x x 0 0 0 0 0 0 x 0 x 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.GHW
  • GoBot
  • GoBot.B
  • Injector.GSF

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryTimerResolution
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimerResolution
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • ntdll.dll!NtYieldExecution
  • UNKNOWN
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Network Winsock2
  • WSAStartup

Trending

Most Viewed

Loading...