HorionInjector.exe?ex=670c7b4e&is=670b29ce&hm=827b2d98caf111fe6317988ca765f6ae39449903f30ebb3e9dfa13f1849b67b8&

First submission 2024-10-13 17:11:01

File details

File type: PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Mime type: application/x-dosexec
File size: 147.5 KB (151040 bytes)
Compile time: 2050-11-10 12:43:35
MD5: 6b5b6e625de774e5c285712b7c4a0da7
SHA1: 317099aef530afbe3a0c5d6a2743d51e04805267
SHA256: 2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
Sections 2 .text .rsrc
Directories 2 resource debug

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 10/77 VT report date: 2024-10-13 16:45:12
Malware Type 1 trojan
Threat Type 2 dllinject msil

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://cdn.discordapp.com/attachments/1268546170125422663/1279984335621066824/HorionInjector.exe?ex=670c7b4e&is=670b29ce&hm=827b2d98caf111fe6317988ca765f6ae39449903f30ebb3e9dfa13f1849b67b8& VirusTotal Report cdn.discordapp.com VirusTotal Report 2024-10-13 17:11:01

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x2000 0x13a84 80896 47a87f37c22d44931f1a3bb6190f6a9a9537a49c c9fb42d65c8559d253288b947d58a481
.rsrc 0x16000 0x10ef8 69632 5ad75e23e1b38c81cd88299b6f36831d39904e26 acc68f5534455f9517260452652c6db0

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x16100 67624
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x26938 20
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x2695c 924
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x26d08 490

Meta infos 11

LegalCopyright: \xa92021
Assembly Version: 1.1.2.0
InternalName: HorionInjector.exe
FileVersion: 1.1.2.0
CompanyName: Horion Developers
Comments: Injector for Horion, a Minecraft: Bedrock Edition utility mod
ProductName: Horion Injector
ProductVersion: 1.1.2
FileDescription: HorionInjector
Translation: 0x0000 0x04b0
OriginalFilename: HorionInjector.exe

Packers detected 2

Microsoft Visual C++ vx.x DLL
Microsoft Visual C++ v6.0

Strings analysis - File found

Library
Horion.dll
KERNEL32.dll
dll files (*.dll)|*.dll
https://horion.download/bin/Horion.dll
USER32.dll

Strings analysis - Possible URLs found 9

http://schemas.openxmlformats.org/markup-compatibility/2006
https://horion.download
http://schemas.microsoft.com/winfx/2006/xaml/presentation
https://horion.download/bin/Horion.dll
http://schemas.microsoft.com/expression/blend/2008
https://horion.download/latest
https://github.com/horionclient/Injector
http://schemas.microsoft.com/winfx/2006/xaml
https://horion.download/bin/HorionInjector.exe