Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Injector.FHBH

Trojan.Injector.FHBH

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 8,315
Threat Level: 80 % (High)
Infected Computers: 18
First Seen: January 19, 2026
Last Seen: April 17, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Injector.FHBH
Signature status: No Signature

Known Samples

MD5: a6075b9f10829b627c8d4bb652400f5a
SHA1: 7851286c09c38dac3804504c47b3254b542ed842
SHA256: 6A347BFFCBA021372C3286FB2B5362267AE3D927691B71D53360105B4498D5B4
File Size: 3.80 MB, 3795456 bytes
MD5: 5943ad76f8224f1a4b042448208847c9
SHA1: 4a8864a2f6dcdd5a98c79919abdefc0e2add262d
SHA256: A1AA22BF9F6FC141791606E57FB013C6418EA16700F45F33386D1667BD7CF6C5
File Size: 4.75 MB, 4750848 bytes
MD5: 5d749f83708b7d5ba92ea6e35d120d92
SHA1: cda5808de96fe3f91d3b247ff2fe896cdb527984
SHA256: 5F7327BD474D666DFDB74807A8C771DD5FCADF943CC796775F79E7765DF00BBC
File Size: 830.46 KB, 830464 bytes
MD5: a57aeaa65bc62ea8ac89df43f6818253
SHA1: 60d23d6e78ae83516a5aee62ce5a46fe5a149a85
SHA256: 62F2BDA60F8781FAA26651E38826DCA992654DBF5DA2D4466BD1BBBD3DEF3EA5
File Size: 1.57 MB, 1566208 bytes
MD5: a619f116b5a79f34ff1447dd0ff5d2ba
SHA1: ac36090af2be173d09a713478b345715be0b9660
SHA256: 8D9A11CFEE76509AFCCA353949443B47A44B921CAA74D8ED7A6012EBF81878C3
File Size: 6.02 MB, 6017024 bytes
Show More
MD5: f8e1b77000706499d9657afe926d344b
SHA1: 95dbd98222ccdbb2ad9a8913faffce4e688c51d5
SHA256: 1FD8768FEC7314868623AFE7FEC06D68A3F3E4E330A30D9970956ECC7E2AABFD
File Size: 4.67 MB, 4669440 bytes
MD5: b88c2ad308fb71423f62caad599637fd
SHA1: 804384e7d4d44b8c9cc0415c8f2fcada46f4ea07
SHA256: 1D033DC06653189FCA89479EE3741BAA7BBB87336D447AAC1FEB0B74B150AC78
File Size: 1.02 MB, 1018368 bytes
MD5: 76027159f63757f2cfb086d208addf47
SHA1: 9b0b05d8311625d5ae0f001a914b562ac9937e28
SHA256: D13F817B0552E8280828066274A7C4D68BE631E65AC1AEE2B183E968F5E07657
File Size: 6.68 MB, 6675968 bytes
MD5: 097571995fdb72eafe9ec99ffc1bf7e4
SHA1: 628eed8fb251558aa0b85921805be61d1105df7a
SHA256: CFEFD9C0839FE90665DD0786FE1F36CCE6BCC4F1C0C26321EB51E4C7D4A77BB0
File Size: 864.77 KB, 864768 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 2.5.0.0
Build 20140425
Comments
  • This ikstallation was built with Inno setip.
  • This ikstallation was built with Inno setip.
  • This ikstallation was built with Inno setip.
Company Name
  • Glarysoft Ltd
  • Maaaaagneto Software
  • matt.malensek.net
  • pdfforge
  • Safer - Networking Ltd.
  • Safer - Networking Ltd.
File Description
  • 3RVX
  • Delete pdfcmon.dll
  • File Joiner
  • Global Network Inventory Service
File Version
  • 5, 0, 0, 5
  • 4, 1, 0, 4
  • 2.5
  • 2.4.40.1
  • 0.1
Internal Name
  • 3RVX.exe
  • GNI Service
  • SplitFile
Legal Copyright
  • Copyright (c) 2003-2014 Glarysoft Ltd
  • Copyright В© 2008 Matthew Malensek
  • CopyrightВ© Magneto Software
  • pdfforge
  • В© 2010-2014 Safer-Networking Ltd. All rights reserved.
Legal Trademarks SpybotВ® and Spybot - Search & DestroyВ® are registered trademarks.
Original Filename
  • 3RVX.exe
  • gniserv.exe
  • SplitFile
Product Name
  • 3RVX
  • DeleteMonitorDLL
  • Glary Utilities
  • Global Network Inventory
Product Version
  • 5, 0, 0, 1
  • 4, 1, 0, 4
  • 2.5
  • 2.4.40.0
  • 0.1

File Traits

  • HighEntropy
  • x86

Block Information

Total Blocks: 2,483
Potentially Malicious Blocks: 3
Whitelisted Blocks: 2,480
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Banker.GHA
  • Delf.XB
  • Induc.A
  • Injector.FGSA
  • Injector.FHBD
Show More
  • Injector.FHBE
  • Injector.FHBF
  • Injector.FHBG
  • Injector.FHBH
  • Injector.HBFA
  • Injector.KDF
  • Injector.KDG
  • Injector.KDH
  • Injector.KFAD
  • Injector.KFTA
  • Injector.PMB
  • Injector.XN
  • Injector.XNB
  • Kryptik.CLBB
  • Kryptik.GSG
  • Kryptik.YFK
  • Lokibot.G
  • MSIL.ClipBanker.BMA
  • Trojan.Injector.Gen.FBD
  • Trojan.Injector.Gen.FMJ
  • Trojan.Injector.Gen.GEZ
  • Webalta.A

Files Modified

File Attributes
c:\users\user\appdata\local\temp\svchost.exe Read Data,Read Attributes,Synchronize,Write Data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\05ddc6aa91765aacacdb0a5f96df8199 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\24bd96d5497f70b3f510a6b53cd43f3e_3a89246fb90c5ee6620004f1ae0eb0ea Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\c02877841121cc45139cb51404116b25_8c237ca125ef0d4d297707ca16608564 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\05ddc6aa91765aacacdb0a5f96df8199 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\24bd96d5497f70b3f510a6b53cd43f3e_3a89246fb90c5ee6620004f1ae0eb0ea Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\c02877841121cc45139cb51404116b25_8c237ca125ef0d4d297707ca16608564 Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection

Trending

Most Viewed

Loading...