Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Injector.WCB

Trojan.Injector.WCB

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Injector.WCB
Signature status: No Signature

Known Samples

MD5: c5ae1e766fc01420db83e7a228a1b473
SHA1: 7597a76251d6be6a1fef19f69c8598ca06da2068
SHA256: 97F1C5E8669415BCF8CF1A2457ED166053DF7B325AEE5F21040CA78DD510A0F7
File Size: 1.04 MB, 1040496 bytes
MD5: 09fc53bf6d7e485c1d8956d6c10482a0
SHA1: cf04d5e1cefb716f62a36ed3b0552abc9303703e
SHA256: 301AA6D2FD53681EB39411C7D3EB0842ABBE3E06EF75D0F28A9763A5C4DAA09B
File Size: 1.16 MB, 1156435 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • big overlay
  • HighEntropy
  • No Version Info
  • x64

Block Information

Total Blocks: 4,355
Potentially Malicious Blocks: 626
Whitelisted Blocks: 2,400
Unknown Blocks: 1,329

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 x x x x 0 0 x x x x 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 x x x x 0 0 x x x x 0 0 x x x x 0 0 x x x x 0 0 x x x x 0 0 x x x x 0 0 x x x x 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 x x x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x 0 x x x ? 0 ? 0 0 0 0 0 ? ? ? ? 0 0 ? x 0 ? ? 0 0 x ? ? ? x x x 0 0 0 0 0 0 0 x x x 0 0 0 x 0 0 x 0 0 ? ? 0 ? 0 0 0 ? 0 0 0 0 ? x 0 0 x x 0 0 x x 0 x 0 x ? 0 0 0 x x x x x 0 0 0 x x x x x 0 x x 0 x x x x x x 0 x x 0 x x 0 x x 0 x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 x 0 x 0 x 0 x x x x 0 x 0 x 0 x x x 0 0 0 x 0 x x 0 0 0 0 0 x x x 0 0 x x x 0 x x 0 x x 0 0 x x x 0 x x 0 x x 0 0 0 x x 0 0 0 0 x 0 x x 0 0 0 x x 0 0 0 0 x 0 x ? ? 0 0 ? 0 x 0 x x x x 0 x 0 x x x x 0 x x x x x x ? x x x x x x 0 ? ? 0 0 x 0 0 x ? x x ? x x 0 x x 0 x x 0 x 0 x x 0 x x 0 x 0 x x 0 x x 0 x ? ? 0 x x 0 x x 0 x 0 x x 0 x x 0 x 0 x x 0 x x 0 ? 0 x 0 ? x ? 0 ? 0 x x 0 x x 0 x 0 x x x ? 0 ? 0 ? ? ? ? 0 0 ? ? ? x ? x ? ? 0 0 0 x x x x x x x 0 x 0 0 0 0 0 0 0 0 x 0 0 0 x 0 x 0 0 x x x 0 0 ? 0 0 ? 0 0 ? ? 0 0 ? ? ? ? 0 ? 0 0 0 0 ? x 0 x x x x 0 0 x 0 0 0 ? 0 ? 0 0 0 x 0 0 0 x 0 0 x 0 0 x 0 x x x x 0 x 0 x x 0 0 0 0 0 0 x 0 0 x x x 0 0 x 0 0 0 0 0 x x x 0 0 x x x x x x x x x x ? ? ? 0 ? 0 ? 0 x 0 x 0 0 x x 0 0 0 ? 0 0 x 0 0 x x x 0 0 x x x x x x x x x x x x 0 0 0 x 0 0 x x 0 x 0 0 0 0 0 x 0 x x 0 x x 0 0 x x x 0 0 0 0 x 0 0 x x 0 0 0 0 0 0 ? x x 0 ? 0 0 0 x ? 0 0 x 0 x x 0 0 x 0 x x x 0 x ? x x x 0 ? 0 ? 0 0 ? 0 ? ? 0 0 0 x x x x x x 0 x 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 x x 0 0 0 ? ? 0 x 0 0 x ? 0 0 0 x x x 0 0 x x x 0 0 x x 0 0 0 0 x 0 x 0 0 x 0 x 0 0 ? ? 0 ? 0 0 ? ? 0 ? 0 0 x x ? ? x x x 0 0 x x x x x x x x x 0 x x 0 0 0 x 0 x x x x ? x 0 x 0 0 x x x x x x x x x x ? x 0 x x x x 0 0 0 x ? 0 0 ? ? ? 0 0 0 0 ? 0 ? x 0 ? 0 x 0 x 0 0 x x x x x x x x x x 0 x ? 0 0 0 x 0 ? 0 0 0 x x 0 0 0 ? ? 0 x 0 0 x ? 0 0 ? 0 x 0 x ? 0 0 0 x 0 ? 0 0 x 0 x x 0 x x x x x x x x 0 0 0 x 0 x 0 0 0 x 0 ? ? x x x 0 ? 0 0 ? ? 0 0 x x 0 0 0 ? 0 ? ? 0 ? ? 0 ? 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? 0 ? ? x x x ? ? ? 0 ? 0 ? ? 0 ? 0 ? ? x ? ? 0 ? 0 0 0 0 ? 0 ? x 0 x x ? 0 0 ? ? x x 0 0 ? 0 ? 0 ? ? ? ? ? ? ? ? 0 0 0 ? ? 0 ? ? ? ? ? 0 ? 0 0 0 0 0 x 0 0 0 0 ? x 0 0 x x x 0 0 x 0 x 0 ? 0 0 0 x x 0 0 x 0 x x x ? ? 0 0 0 x 0 0 x x x x 0 0 0 0 ? ? x x 0 0 0 0 ? ? 0 0 ? x ? x 0 ? 0 ? ? 0 0 0 ? ? 0 0 ? x 0 ? 0 0 ? 0 0 ? ? 0 0 x 0 x x 0 0 0 ? 0 0 0 ? ? ? ? ? ? 0 ? 0 ? 0 0 x ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? 0 ? 0 ? 0 ? 0 0 0 0 0 x x x x 0 0 ? 0 ? 0 0 0 0 ? ? x ? x ? 0 ? 0 0 0 ? ? 0 ? ? ? x ? ? 0 0 0 0 ? 0 0 0 ? 0 ? 0 ? ? 0 0 0 0 ? ? ? ? 0 0 ? ? ? ? 0 0 ? 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? ? 0 0 ? 0 0 ? 0 ? 0 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? ? ? ? 0 ? ? 0 0 ? x ? ? x 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 ? ? ? 0 0 0 0 ? 0 0 ? ? x x x 0 0 x x ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? x 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? 0 0 ? 0 0 0 0 x 0 ? 0 ? x 0 0 ? 0 0 ? 0 0 ? ? ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 ? 0 ? 0 0 ? 0 0 ? 0 ? x ? 0 0 x 0 0 ? 0 0 ? ? ? ? ? ? 0 x ? ? 0 0 0 0 0 0 ? ? 0 0 ? 0 0 0 x 0 ? 0 ? ? 0 0 ? ? 0 0 ? ? ? 0 ? 0 ? 0 ? 0 ? ? 0 ? 0 ? 0 ? ? ? ? ? ? x ? ? 0 ? ? 0 ? ? ? 0 ? ? 0 ? ? 0 0 ? ? 0 0 ? ? ? 0 ? 0 ? 0 ? ? 0 ? 0 ? 0 ? 0 ? ? 0 0 0 0 0 x x 0 0 0 0 0 ? ? ? ? 0 ? ? ? 0 0 ? 0 0 ? ? 0 x 0 ? 0 0 ? ? ? 0 0 ? 0 0 ? 0 0 0 ? ? 0 ? ? ? ? 0 ? 0 0 ? 0 0 x x 0 x x 0 x x 0 x x 0 ? x x x x 0 0 ? x 0 ? x x x 0 0 ? x x x 0 0 ? ? ? 0 ? 0 0 0 ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 ? 0 ? 0 0 ? 0 ? ? ? 0 ? 0 0 ? ? 0 ? 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 x x 0 0 0 0 ? 0 ? 0 0 0 0 ? 0 ? 0 0 0 0 ? 0 ? ? 0 ? ? 0 0 0 0 0 ? 0 0 ? ? 0 ? ? ? ? ? ? 0 ? ? ? 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 ? ? 0 ? ? 0 0 0 ? ? x ? x 0 0 0 0 0 ? 0 ? ? 0 ? 0 0 0 ? 0 x ? ? ? ? x ? 0 0 x x 0 0 ? ? 0 0 ? ? 0 0 0 ? ? ? 0 0 ? ? ? ? 0 ? 0 ? ? ? ? 0 0 0 ? ? ? ? ? ? ? 0 0 ? ? ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? 0 ? ? 0 ? 0 ? ? ? ?
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
Show More
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
  • send
  • socket

Trending

Most Viewed

Loading...