Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Injector.PMB

Trojan.Injector.PMB

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Injector.PMB
Signature status: Hash Mismatch

Known Samples

MD5: 27792da9c6d685b17c5cb24a684229e8
SHA1: d3c28c5784667f899ae65698fafa130b53c85969
SHA256: 310C5E78342FB82A0D1EBF1DF494D2B498100688F4F2BAC3F65462CC07F00553
File Size: 4.54 MB, 4540176 bytes
MD5: beffc5441991983c5d33df7a293dfdd1
SHA1: d62a7b0eaf7e5c5846acb614325df5640671665e
SHA256: 44A2D2DEDA3128F763FD99DF0FF42DABB999AA562F13595611B59DC238F3B1E5
File Size: 4.52 MB, 4518160 bytes
MD5: 2c1e1d1b99b3c6a5bcaa30951ca82f97
SHA1: f32fb03a9907a670bba3dfe966aac041cf15ff00
SHA256: 7B209977F7B633E386C58EDC90A6799453D9109A392017F59B9A4E474C2FC893
File Size: 5.18 MB, 5179664 bytes
MD5: 1967ce920d437f9c1f4c39ec49b38cd8
SHA1: 1c9184be588d0f2ed2feef35bb8b25ea939cba33
SHA256: 9F868D3C16F75881772CAD365DC6264469AC265E6978C652E5BED4CBD80514B6
File Size: 4.02 MB, 4017936 bytes
MD5: 7f961f713d6d78db1ea2f684f17d9851
SHA1: bc2e49eecb2a09bcc66e4cb0b037e0f0ddc79662
SHA256: FE7C54B8C7DA22FF401BDEF457D72E80D1EB6E8B7135757C7477FF5E6662FCDD
File Size: 5.07 MB, 5068048 bytes
Show More
MD5: 0753e21946322a6c48e759866bffb717
SHA1: ab5736dd8cb5dcb2bbbaae168c7b48d88e77d180
SHA256: 9BE314D6A35D3360CA5DBBA92B81ADB492239131E745279C8CED14FD828C5322
File Size: 5.27 MB, 5273872 bytes
MD5: e25fbab42dd6347114a154cf07ad99a5
SHA1: dc2651b5c7521348837621a1057f125167d45188
SHA256: EA8E667FBFA247C1C18F49F5B29CB71462F193AD72D1AC536DD62E3276A63B91
File Size: 4.93 MB, 4930832 bytes
MD5: 94c2ec7957d4cf571baf0caa5593f74d
SHA1: dbd0fa1bd52d5caa15a6adfb51038077348f788f
SHA256: 655FEAA9BAB4DCF0D3340C2BD996E2C7393C985541C482862CEDFC99651E722A
File Size: 4.22 MB, 4216592 bytes
MD5: a518c1968d85cb816386fdfe2c521e9e
SHA1: 01a991d6c3b1385ea0bbf8a37b91a6ceceb99599
SHA256: 80D7B2FB8168381F4D3516811BEE39482E1E0CA3A5FAD3822727F4A2F19D7F50
File Size: 3.95 MB, 3953936 bytes
MD5: d06efc39209d5e23ecd9a269484d29c2
SHA1: b8772f73eb96fdebf48d681f8ee4336a51065b27
SHA256: 787F273866C31726B66834FAE4B90224E5ABF7457DDBFBE7308602B6B7CE5D05
File Size: 6.14 MB, 6136592 bytes
MD5: fa9d8ca89225df5566e0ef15780b9ee9
SHA1: 96589d1c2a856211e178094af4934d485a13ad92
SHA256: FE0FD94204629DBC62EE3C3CE4B9B0D3B210B450C4EE28508043E013EDE32630
File Size: 4.82 MB, 4818704 bytes
MD5: 46946d2c0f6153dffd5be87fa5b68a31
SHA1: 9c924443f1ef4d5b47a66220af4ca88b23ef1665
SHA256: 07F8EE4C97076AC8EFD2D48E9B37B289DDD5D7E1DB744DEDA0E15BA8238C0F55
File Size: 5.27 MB, 5274384 bytes
MD5: 3b3dc134f283908e6699d1ddf39b9e5e
SHA1: 4bf746e5f191597620bf1b15b0da164e5158dd8c
SHA256: 8ED26FF4EF5A9739653213A9FAB105D8CC4696D31183DF9D1ECA911078A3E22E
File Size: 3.63 MB, 3630352 bytes
MD5: 2799315ed2b17bfc4cbeeab3537d55e7
SHA1: 72861ea7578e75f42f0879869bf88bc1fc12a5c1
SHA256: 40B638AA44AFC05875BCD1A53528585F0C492E5128461172F2F23FD59ED74944
File Size: 4.46 MB, 4460304 bytes
MD5: 3b249bccd9dbb3552544c64121d29e7d
SHA1: c85a760779c5323b75f032cb51f38138eefe651a
SHA256: 6A5B0E5738E80661BE618AF649C5F7C64D74B6CDCC8E9D890C2DAB4745B4E402
File Size: 5.04 MB, 5039888 bytes
MD5: 463922fd03d957df0a832fe11ec2e8cd
SHA1: 9d2073b933dbc2f717dc2921f82800d013c7ee96
SHA256: D8FFCD399B76A0BC78226B7796B8CEB87D4CF2980FCB5EC4C1E7FFA026D8ADB9
File Size: 4.59 MB, 4594960 bytes
MD5: c14160027a78c673851052f86a1c984c
SHA1: 6c296c083c3c727bf31cedc97d82debe32ed5ca7
SHA256: DA0A79AB758D652B59E12440F7B801A448C41AFD2B3253CF8E1279481A19EF9D
File Size: 5.88 MB, 5881104 bytes
MD5: 781f7485c0f4d43e852cc89e4d2cea5c
SHA1: 0074343b80c3ea9f32c24980826267d57bd18e6b
SHA256: C96F93D02A214C26BADE641CCBDB2042AF1F659FEEB89EAFA76C5458DBECFA74
File Size: 4.48 MB, 4484368 bytes
MD5: bc06fb7d0a7b72685cd04bcb5148c8cb
SHA1: b57fd455d4696ab1bf7bcbf1d3e199c72b7478c0
SHA256: 83E46DD6ECEA1F3683AF11CDC8B69A6843E2186861A4DFF3F5B2BAC77483D53D
File Size: 5.05 MB, 5045948 bytes
MD5: af3209f70e2f50c3570a197fd917c1cf
SHA1: d5ede2b6b939dca8f67e7d0560472e6afa770217
SHA256: 2DA6E982454E07C1F29EEAD7D053735D7C5798C942B762DCC6134350C44E79CF
File Size: 5.19 MB, 5188880 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments DompanyName
Company Name
  • 2 T wa re
  • Gl arysoft Ltd
  • Gl arysoft Ltd
  • Gl arysoft Ltd
  • Gl arysoft Ltd
  • Magneto Software
  • Magneto Software
  • Magneto Software
File Description
  • 2 T w are Virtual CD DVD
  • Gl ary Utilities 5
  • Gl ary Utilities 5
  • Gl ary Utilities 5
  • Gl ary Utilities 5
  • Global Network Inventory Scanner
File Version
  • 5, 71, 0, 92
  • 4, 1, 0, 4
  • 2.0.0.1
Internal Name
  • cdmain.exe
  • GNI Scanner
  • Integrator_Portable.exe
Legal Copyright
  • 2Tware. All rights reserved.
  • Copyright (c) 2003-2017 Glarysoft Ltd
  • CopyrightВ© Magneto Software
Original Filename
  • cdmain.exe
  • gniscan.exe
  • Integrator_Portable.exe
Product Name
  • 2Tware Virtual CD DVD
  • Glary Utilities
  • Global Network Inventory
Product Version
  • 5, 0, 0, 1
  • 4, 1, 0, 4
  • 2.0.0.1
Ecial Build D
Gal Trademarks : OriginalFilename
Ivate Build VProductName
Redi Mail Letter Creator Application <FileVersion
Redi Mail, Ltd. v'FileDescription
Ter Creator j#LegalCopyright
Ter Creator Application @ProductVersion
Yright В© 2000 Incredi Mail, Ltd. (

Digital Signatures

Signer Root Status
QIHU 360 SOFTWARE CO. LIMITED Symantec Class 3 SHA256 Code Signing CA Hash Mismatch
QIHU 360 SOFTWARE CO. LIMITED VeriSign Class 3 Code Signing 2010 CA Hash Mismatch

File Traits

  • HighEntropy
  • x86

Block Information

Total Blocks: 2,004
Potentially Malicious Blocks: 0
Whitelisted Blocks: 2,002
Unknown Blocks: 2

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Banker.TH
  • Brute.LBA
  • Delf.XA
  • Delf.XB
  • FareIt.LA
Show More
  • Fareit.LC
  • Injector.DFF
  • Injector.FGSA
  • Injector.FHBB
  • Injector.FHBC
  • Injector.FHBD
  • Injector.FHBE
  • Injector.FHBF
  • Injector.FHBH
  • Injector.GDSA
  • Injector.GSD
  • Injector.KDF
  • Injector.KDG
  • Injector.KFAD
  • Injector.KFTA
  • Injector.KKF
  • Injector.KS
  • Injector.KSJ
  • Injector.KZP
  • Injector.PMB
  • Injector.PMC
  • Injector.XN
  • Kryptik.CLBB
  • Kryptik.GSJ
  • Kryptik.YFH
  • Kryptik.YFK
  • Startpage.GA
  • Trojan.Injector.Gen.FBD

Files Modified

File Attributes
c:\users\user\appdata\local\temp\svchost015.exe Read Data,Read Attributes,Synchronize,Write Data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\24bd96d5497f70b3f510a6b53cd43f3e_3a89246fb90c5ee6620004f1ae0eb0ea Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\24bd96d5497f70b3f510a6b53cd43f3e_3a89246fb90c5ee6620004f1ae0eb0ea Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Winsock2
  • WSAStartup
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
Show More
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent

Trending

Most Viewed

Loading...