Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 32-bit Windows platform, family Injuke
Trojan:Win32/Injuke.RC is a concrete detection of a malicious program targeting Windows 32-bit systems, identified through machine learning behavioral analysis and specific binary patterns. As a Trojan, it is designed to discreetly infiltrate systems, potentially to gain unauthorized access, steal data, or perform other harmful actions.
No specific strings found for this threat
rule Trojan_Win32_Injuke_RC_2147839273_0
{
meta:
author = "threatcheck.sh"
detection_name = "Trojan:Win32/Injuke.RC!MTB"
threat_id = "2147839273"
type = "Trojan"
platform = "Win32: Windows 32-bit platform"
family = "Injuke"
severity = "Critical"
info = "MTB: Microsoft Threat Behavior"
signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
threshold = "1"
strings_accuracy = "High"
strings:
$x_1_1 = {99 f7 f9 8b 45 dc 2b 50 14 8b 45 dc 8b 40 0c 0f b6 04 10 03 c6 99 b9 00 01 00 00 f7 f9 89 55 9c} //weight: 1, accuracy: High
condition:
(filesize < 20MB) and
(all of ($x*))
}7aa63a4b896f5e3679e06bd9dd4565a356f2e9fbd95eb6966b0b0eb03c85c24fImmediately isolate the affected system to prevent further compromise. Perform a full system scan using updated antivirus software like Windows Defender, and remove or quarantine all detected malicious files. Ensure the operating system and all applications are fully patched and updated to remediate any underlying vulnerabilities.