HEUR-Trojan[.]Win32[.]Generic-2f41879d3656e45471a0a784d61eb339f343f7614a19d2916be28685d1501c0b

Sharing

Copy URL Twitter E-mail

General

Target

HEUR-Trojan.Win32.Generic-2f41879d3656e45471a0a784d61eb339f343f7614a19d2916be28685d1501c0b
Size

57KB
MD5

b64b313d391dcd613afd09452bd8a85d
SHA1

90f2dd4e0cb57f1a589afd01b1ea65fe7772b931
SHA256

2f41879d3656e45471a0a784d61eb339f343f7614a19d2916be28685d1501c0b
SHA512

3857a2967aa42970df0bb4061c6088051c5766e99fe50d3f336de28c9fa9cf101a7192f240c838fc09cbcefd7340ead5e17fc67e0925fd75aac6819834e19ad5
SSDEEP

384:5Zcsr9MNC3HD0Fz8u3t1EB4MDgDbH74vCTHrGLjqcKYpz6Wv8ZjXPfAUxRmLlByc:5nbj0l9meMDgHHsSXcKmjvU+lGDG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.Generic-2f41879d3656e45471a0a784d61eb339f343f7614a19d2916be28685d1501c0b

Files

HEUR-Trojan.Win32.Generic-2f41879d3656e45471a0a784d61eb339f343f7614a19d2916be28685d1501c0b
.exe windows x86

22ff769dfb6e1532bb4d95a3fde86c7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetUserNameA

kernel32

AddAtomA
CloseHandle
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
ExitProcess
FindAtomA
FreeLibrary
GetAtomNameA
GetComputerNameA
GetFileAttributesA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemInfo
GetTempPathA
GetVersionExA
GetVolumeInformationA
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
WaitForSingleObject
WriteFile

msvcrt

_itoa
_strlwr
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
atoi
exit
fclose
fflush
fopen
fprintf
fread
free
fwrite
malloc
memcpy
memmove
memset
signal
strcat
strcmp
strcpy
strlen
strncat

shell32

ShellExecuteExA

user32

GetSystemMetrics

wsock32

WSACleanup
WSAStartup
closesocket
connect
gethostbyname
htons
inet_addr
inet_ntoa
recv
send
socket

Exports

Exports

_Z10aBypassUACv
_Z10aCharToIntPc
_Z10aGetOsArchv
_Z10aIntToChari
_Z10bBasicTH_1Pv@4
_Z10bBasicTH_2Pv@4
_Z10bBasicTH_3Pv@4
_Z11aAutoRunSetPc
_Z11aCheckAdminv
_Z11aCreateFilePc
_Z11aFileExistsPKc
_Z11aGetTempDirv
_Z11aProcessDllPcS_S_S_
_Z11aProcessExePcS_S_S_S_S_
_Z11aRunAsAdminPc
_Z12aGetHostNamev
_Z12aGetSelfPathv
_Z12aGetUserNamev
_Z12aProcessTaskPcS_S_
_Z12aResolveHostPc
_Z12aWinSockPostPcS_S_
_Z13aDropToSystemPc
_Z13aGetProcessILv
_Z14aCreateProcessPc
_Z14aGetProgramDirv
_Z15aUrlMonDownloadPcS_
_Z16aDirectoryExistsPc
_Z16aExtractFileNamePc
_Z16aGetHomeDriveDirv
_Z16aProcessDllLocalPcS_S_S_S_S_
_Z16aProcessExeLocalPcS_S_S_S_S_
_Z19aGetSelfDestinationi
_Z5aCopyPcii
_Z5aParsPcS_S_S_
_Z6aBasicPcS_i
_Z6aGetIdv
_Z6aGetOsv
_Z6aMkDirPc
_Z6cBasici
_Z7aPathAVPc
_Z7aRaportPcS_S_S_
_Z8aCheckAVv
_Z8aDecryptPc
_Z8aPosLastPcS_
_Z8bBasic_1v
_Z8bBasic_2v
_Z8bBasic_3v
_Z9aCopyFilePcS_
_Z9aFileSizePc
_Z9aFillCharPc
_Z9aFreeFilePc
_Z9aPosFirstPcS_
_Z9aRunDll32PcS_
aAV00
aAV01
aAV02
aAV03
aAV04
aAV05
aAV06
aAV07
aAV08
aAV09
aAV10
aAV11
aAutoRunCmd
aCMD0
aCMD1
aDll
aDomain_1
aDomain_2
aDomain_3
aDropDir
aDropName
aElevateFile
aExe
aGetProgDir
aKey
aOS_AR0
aOS_AR1
aParam0
aParam1
aParam2
aParam3
aParam4
aParam5
aParam6
aParam7
aParam8
aParam9
aPost0
aPost1
aPost2
aPost3
aPost4
aPost5
aPost6
aRunAs
aRunDll_0
aScript_1
aScript_2
aScript_3
aShell
aSid
aTimeOut
aURLMon_0
aURLMon_1
aVers
aZoneIdent
a_d1
a_e0
a_e1
main
main_d_1
main_d_2
main_d_3
main_m_1
main_m_2
main_m_3
main_s_1
main_s_2
main_s_3

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22ff769dfb6e1532bb4d95a3fde86c7e

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

user32

wsock32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 8KB

.rdata Size: 512B - Virtual size: 256B

.bss Size: - Virtual size: 83KB

.edata Size: 3KB - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 784B

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 256B

.bss
Size: - Virtual size: 83KB

.edata
Size: 3KB - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 784B