home

injector.txt

Windows

WinTrust

The file injector.txt by WinTrust has been detected as a potentially unwanted program by 2 anti-malware scanners.
Publisher:
Microsoft  (signed by WinTrust)

Product:
Windows

Description:
svchost

Version:
2.23.0.3

MD5:
11a54224df84cc593a8f7a77e183a550

SHA-1:
e04d559d4e53d6acb89c166571a94195dffcdde4

SHA-256:
e6e95c0b85e65f9909d09705c2be21647b630f8b67ec34ceb2cd2ae4ac44599e

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 11:55:19 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Malwarebytes
Trojan.Dropper
v2015.01.24.09

Reason Heuristics
PUP.WinTrust (M)
16.1.15.0

File size:
21.5 KB (22,000 bytes)

Product version:
2.23.0.3

Copyright:
Copyright © 2013 Microsoft Corporation. All rights reserved.

Original file name:
Injector.exe

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\injector.txt

Digital Signature
Signed by:
WinTrust

Authority:
WinCert Certificate Authority

Valid from:
12/20/2014 6:19:52 PM

Valid to:
1/1/2040 5:29:59 AM

Subject:
CN=WinTrust

Issuer:
CN=WinCert Certificate Authority

Serial number:
FC55F0371DED829344D776DFBDD7F5EF

File PE Metadata
Compilation timestamp:
12/19/2014 9:37:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:qjf0NkvwKwq6udu55Sg8fRaCn21TOnzn8LBGvoLSeXdm8IUxiFvWz8u55Ul2H:UInZOXt8seKUxiupnL

Entry address:
0x5F3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9309

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
16 KB (16,384 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to iuscmdistc1201-ge-6-0.msft.net  (207.46.129.137:80)

TCP (HTTP):
Connects to 3a.a6.a86c.ip4.static.sl-reverse.com  (108.168.166.58:80)

TCP (HTTP):
Connects to cd.3e.559e.ip4.static.sl-reverse.com  (158.85.62.205:80)

TCP (HTTP):
Connects to 85.4e.2bd0.ip4.static.sl-reverse.com  (208.43.78.133:80)

TCP (HTTP SSL):
Connects to a-0011.a-msedge.net  (204.79.197.213:443)

TCP (HTTP):
Connects to vip1.g5.cachefly.net  (180.149.246.128:80)

TCP (HTTP):
Connects to sg2plpkivs-v03.any.prod.sin2.secureserver.net  (182.50.136.239:80)

TCP (HTTP):
Connects to server-54-192-159-9.sin3.r.cloudfront.net  (54.192.159.9:80)

TCP (HTTP):
Connects to pc-b.bitgravity.com  (64.185.181.238:80)

TCP (HTTP SSL):
Connects to msnbot-65-52-108-154.search.msn.com  (65.52.108.154:443)

TCP (HTTP):
Connects to ec2-54-251-56-106.ap-southeast-1.compute.amazonaws.com  (54.251.56.106:80)

TCP (HTTP):
Connects to ec2-52-86-123-109.compute-1.amazonaws.com  (52.86.123.109:80)

TCP (HTTP):
Connects to ec2-52-32-67-223.us-west-2.compute.amazonaws.com  (52.32.67.223:80)

TCP (HTTP):
Connects to ec2-52-27-179-23.us-west-2.compute.amazonaws.com  (52.27.179.23:80)

TCP (HTTP):
Connects to ec2-52-200-96-65.compute-1.amazonaws.com  (52.200.96.65:80)

TCP (HTTP):
Connects to ec2-35-163-53-201.us-west-2.compute.amazonaws.com  (35.163.53.201:80)

TCP (HTTP):
Connects to a23-57-219-27.deploy.static.akamaitechnologies.com  (23.57.219.27:80)

TCP (HTTP):
Connects to a23-51-133-109.deploy.static.akamaitechnologies.com  (23.51.133.109:80)

TCP (HTTP):
Connects to a23-49-20-59.deploy.static.akamaitechnologies.com  (23.49.20.59:80)

TCP (HTTP):
Connects to a23-219-135-212.deploy.static.akamaitechnologies.com  (23.219.135.212:80)

Remove injector.txt - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.