Trojan.Injector.JOC
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 5,262 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 39 |
| First Seen: | December 18, 2025 |
| Last Seen: | May 12, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Injector.JOC |
|---|---|
| Signature status: | Self Signed |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
f6b9eefe4cb9b85a269155104063c583
SHA1:
ba6df01bde8bf6f597a370de880b8af4d6f186db
SHA256:
6F7E92F5A8BA51936E4427C7A31B6F38F431C1547FBA55C78001FD88EF041A4F
File Size:
4.83 MB, 4830232 bytes
|
|
MD5:
264f73db42ff5f7b7d0ddb009204b455
SHA1:
7e2f867d791700e15abe959d68b6fc5b5e301c25
SHA256:
12D6BC86581FCC2CB5D2371EC9DAC5269CCB8D1EAADF0B6E8B286AF389B8FBC8
File Size:
569.65 KB, 569648 bytes
|
|
MD5:
379f8617e3a4bac75967865fd515e16d
SHA1:
5749dc730db3da44b692fe65cb01bbc7861ea612
SHA256:
8EA0A4E1EBAA2134DBF13284DB36B0EDF8FFB728C99D3F2EA00E481B64AE84A5
File Size:
654.09 KB, 654088 bytes
|
|
MD5:
07841339c7e0b56dcbb8b6c9f217c0da
SHA1:
15d456fb4a507f73280acd7b07509bf6c77e1d1f
SHA256:
445AE1255969696CFEE5823F3D64D4C0FB9E81C636EDF5FE71BA503B8CA58D14
File Size:
756.08 KB, 756080 bytes
|
|
MD5:
5e4e7436d6119a120aefee3b21e33971
SHA1:
551642f7075c8ae66d8acaf7ed6c883ed3350b62
SHA256:
369462CB7AB83C14F977A8EE8E921344959113DC7F56D01FEAF849D6DBA4693F
File Size:
726.38 KB, 726376 bytes
|
Show More
|
MD5:
c63049c6af9420698b8dd7b6f778c25e
SHA1:
6b56f1e28688f89ae7c37c60ae63223d516463c1
SHA256:
E3B98DB22BA73554A6B6E09437BE6F9104E625E011A024458C9D75B724141CBA
File Size:
4.86 MB, 4855808 bytes
|
|
MD5:
17b98834950098c86391ca25b88ae90f
SHA1:
cda2262f514222ea3224e32d2e98e259aacea615
SHA256:
BBF44F6AAF0F46088607589491844F3776C492B4B69203FEAB23FCC5A8713718
File Size:
666.46 KB, 666456 bytes
|
|
MD5:
bae00642c809512d5a349c95ea7e9d35
SHA1:
622efd2e6ff1dd652ace557a370b35376ebb025c
SHA256:
2D5F7E2338ADE5AE68DC82758126A60FDCECD36D44D08ADED3F92DF35FD7BDFF
File Size:
616.50 KB, 616504 bytes
|
|
MD5:
51d3b8daef141be10e805a6f37cc8049
SHA1:
08d676c904be10d7023eb8da34a3d9802a3d9535
SHA256:
D49F69B555858AE50827B2DF8AF7B14B6674F9F1DCC83C158EDF9DB90339D9AD
File Size:
649.97 KB, 649968 bytes
|
|
MD5:
d52c8c3781377bac68f9bc5b99293f10
SHA1:
e5edce44eb499d12221c0355d2f459b7441bec94
SHA256:
FDF36FF2282200118280CAC46684BA5727B0D74560D459A4B7699D86CD0831B5
File Size:
750.65 KB, 750648 bytes
|
|
MD5:
61ba7071eb63f7cb6a4d71d14508718a
SHA1:
6485d100928bf8fb7cb02b17ab2e6504fa5bdf44
SHA256:
B912971E6D356C0F765317A8734FBFC6A7072AD9D661C210C3F90926FF101860
File Size:
678.20 KB, 678200 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File has exports table
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Show More
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments |
Show More
|
| Company Name |
Show More
|
| Company Short Name | DynamicEdge |
| File Description |
Show More
|
| File Version |
Show More
|
| Internal Name |
Show More
|
| Legal Copyright |
Show More
|
| Legal Trademarks |
Show More
|
| Original Filename |
Show More
|
| Product Name |
Show More
|
| Product Short Name | TheModularConverter |
| Product Version |
Show More
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Becker - Rogahn | Becker - Rogahn Intermediate CA 2 | Self Signed |
| DynamicEdge Intelligent | DynamicEdge Intelligent | Self Signed |
| Funk LLC | Funk LLC Intermediate CA 2 | Self Signed |
| Hamill - Becker | Hamill - Becker Intermediate CA 3 | Self Signed |
| Nienow - Deckow | Nienow - Deckow Intermediate CA 2 | Self Signed |
Show More
| Paucek - Okuneva | Paucek - Okuneva Intermediate CA 3 | Self Signed |
| Sawayn Group | Sawayn Group Intermediate CA 2 | Self Signed |
| Schuppe - Fahey | Schuppe - Fahey Intermediate CA 2 | Self Signed |
| Steuber and Sons | Steuber and Sons Intermediate CA 2 | Self Signed |
| Will Group | Will Group Intermediate CA 2 | Self Signed |
File Traits
- HighEntropy
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 51 |
|---|---|
| Potentially Malicious Blocks: | 29 |
| Whitelisted Blocks: | 11 |
| Unknown Blocks: | 11 |
Visual Map
x
x
x
?
x
x
?
0
?
?
?
?
?
?
x
?
?
?
0
x
x
x
x
0
0
0
0
x
x
x
x
x
x
x
x
0
x
x
x
0
x
0
x
x
x
0
0
x
x
x
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Injector.JOC
- Injector.JOE
- Trojan.Kryptik.Gen.ECL
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
