Threat Database Trojans Trojan.Injector.NA

Trojan.Injector.NA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 23,710
Threat Level: 80 % (High)
Infected Computers: 401
First Seen: January 16, 2013
Last Seen: January 6, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Injector.NA
Packers: UPX
Signature status: No Signature

Known Samples

MD5: 9d0bf4504f855140bbd6f4eca2f97f2d
SHA1: 1d775565defa32d5b3b2d00c74c156578b8b31f4
SHA256: 0E549137BAA62344B7F9BD6B095593E31B86611527AE797F8F64C80C28FDCB6B
File Size: 18.43 KB, 18432 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • HighEntropy
  • No Version Info
  • packed
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 182
Potentially Malicious Blocks: 38
Whitelisted Blocks: 144
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x 0 0 x x x x x 0 0 x 0 x x x x x x x 0 x 0 x x 0 0 x x x x x 0 x 0 x x x x x x x x 0 x x 0 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\roaming\svchost.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::windows security notifier C:\Users\Ionyzqkm\AppData\Roaming\svchost.exe RegNtPreCreateKey

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
  • ShellExecute
Network Winsock
  • gethostbyname
  • inet_addr
  • send
  • socket

Shell Command Execution

C:\Users\Ionyzqkm\AppData\Roaming\svchost.exe "C:\Users\Ionyzqkm\AppData\Roaming\svchost.exe"
open C:\Users\Ionyzqkm\AppData\Roaming\svchost.exe

Trending

Most Viewed

Loading...