Trojan.Injector.JOC
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 6,439 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 28 |
| First Seen: | December 18, 2025 |
| Last Seen: | April 24, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Injector.JOC |
|---|---|
| Signature status: | Self Signed |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
f6b9eefe4cb9b85a269155104063c583
SHA1:
ba6df01bde8bf6f597a370de880b8af4d6f186db
SHA256:
6F7E92F5A8BA51936E4427C7A31B6F38F431C1547FBA55C78001FD88EF041A4F
File Size:
4.83 MB, 4830232 bytes
|
|
MD5:
264f73db42ff5f7b7d0ddb009204b455
SHA1:
7e2f867d791700e15abe959d68b6fc5b5e301c25
SHA256:
12D6BC86581FCC2CB5D2371EC9DAC5269CCB8D1EAADF0B6E8B286AF389B8FBC8
File Size:
569.65 KB, 569648 bytes
|
|
MD5:
379f8617e3a4bac75967865fd515e16d
SHA1:
5749dc730db3da44b692fe65cb01bbc7861ea612
SHA256:
8EA0A4E1EBAA2134DBF13284DB36B0EDF8FFB728C99D3F2EA00E481B64AE84A5
File Size:
654.09 KB, 654088 bytes
|
|
MD5:
07841339c7e0b56dcbb8b6c9f217c0da
SHA1:
15d456fb4a507f73280acd7b07509bf6c77e1d1f
SHA256:
445AE1255969696CFEE5823F3D64D4C0FB9E81C636EDF5FE71BA503B8CA58D14
File Size:
756.08 KB, 756080 bytes
|
|
MD5:
5e4e7436d6119a120aefee3b21e33971
SHA1:
551642f7075c8ae66d8acaf7ed6c883ed3350b62
SHA256:
369462CB7AB83C14F977A8EE8E921344959113DC7F56D01FEAF849D6DBA4693F
File Size:
726.38 KB, 726376 bytes
|
Show More
|
MD5:
c63049c6af9420698b8dd7b6f778c25e
SHA1:
6b56f1e28688f89ae7c37c60ae63223d516463c1
SHA256:
E3B98DB22BA73554A6B6E09437BE6F9104E625E011A024458C9D75B724141CBA
File Size:
4.86 MB, 4855808 bytes
|
|
MD5:
17b98834950098c86391ca25b88ae90f
SHA1:
cda2262f514222ea3224e32d2e98e259aacea615
SHA256:
BBF44F6AAF0F46088607589491844F3776C492B4B69203FEAB23FCC5A8713718
File Size:
666.46 KB, 666456 bytes
|
|
MD5:
bae00642c809512d5a349c95ea7e9d35
SHA1:
622efd2e6ff1dd652ace557a370b35376ebb025c
SHA256:
2D5F7E2338ADE5AE68DC82758126A60FDCECD36D44D08ADED3F92DF35FD7BDFF
File Size:
616.50 KB, 616504 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File has exports table
- File is 64-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Show More
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments |
|
| Company Name |
|
| Company Short Name | DynamicEdge |
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Legal Trademarks |
|
| Original Filename |
|
| Product Name |
|
| Product Short Name | TheModularConverter |
| Product Version |
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Becker - Rogahn | Becker - Rogahn Intermediate CA 2 | Self Signed |
| DynamicEdge Intelligent | DynamicEdge Intelligent | Self Signed |
| Hamill - Becker | Hamill - Becker Intermediate CA 3 | Self Signed |
| Nienow - Deckow | Nienow - Deckow Intermediate CA 2 | Self Signed |
| Schuppe - Fahey | Schuppe - Fahey Intermediate CA 2 | Self Signed |
Show More
| Steuber and Sons | Steuber and Sons Intermediate CA 2 | Self Signed |
| Will Group | Will Group Intermediate CA 2 | Self Signed |
File Traits
- HighEntropy
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 48 |
|---|---|
| Potentially Malicious Blocks: | 36 |
| Whitelisted Blocks: | 11 |
| Unknown Blocks: | 1 |
Visual Map
x
x
x
?
x
x
x
x
x
x
x
x
0
x
0
x
x
0
0
x
0
x
x
0
x
x
0
0
0
x
x
x
x
x
x
x
x
x
x
0
x
x
0
x
x
x
x
x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Injector.JOC
- Injector.JOE
- Trojan.Kryptik.Gen.ECL
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
