Trojan[.]Win32[.]Agent[.]ijlz-26e0e8f419356f5a4e3623f3c71373d4d9114abb5358690dc0506db2addc070e

General

Target

Trojan.Win32.Agent.ijlz-26e0e8f419356f5a4e3623f3c71373d4d9114abb5358690dc0506db2addc070e
Size

102KB
MD5

de15aa9a7aefd24ff0839cab20b91a08
SHA1

1de0296905ea6bbde7107185b42acde2a485000f
SHA256

26e0e8f419356f5a4e3623f3c71373d4d9114abb5358690dc0506db2addc070e
SHA512

c6c8753c2a55f1184c570742ab341c02711614edded6096ddb42c4ddfa1c50183b4f288353c5158829c15af606c6959c3637bcf14e2a701b4d22575f2f4a12b2
SSDEEP

1536:BhdjXnhDuGu8ERm5qD9OFOj+NwZKNPac1dGPz75T2clKUCQsL7XsYmdkdLt1J1Ja:DdjhqGPERt+zUKBEcQsXs1ELbXwX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Trojan.Win32.Agent.ijlz-26e0e8f419356f5a4e3623f3c71373d4d9114abb5358690dc0506db2addc070e

Files

Trojan.Win32.Agent.ijlz-26e0e8f419356f5a4e3623f3c71373d4d9114abb5358690dc0506db2addc070e
.exe windows x86

8f54a00233d220c9ce88e4951b8f9431

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

odbctrac

TraceSQLFetch
TraceSQLConnect

uxtheme

GetThemeFont
GetCurrentThemeName
OpenThemeData
IsAppThemed
GetThemeColor
DrawThemeBackground
IsThemeActive
CloseThemeData
SetWindowTheme
DrawThemeEdge
GetThemeBool
GetThemeSysSize
GetThemeInt
GetWindowTheme

kernel32

HeapReAlloc
GetStartupInfoA
GetProcAddress
GetDiskFreeSpaceA
GetModuleHandleA
WriteFile
CreateDirectoryW
CloseHandle
SetLastError
GetBinaryTypeA
GetDateFormatA
MoveFileExW
GetNumberFormatW
InterlockedDecrement
GetLogicalDriveStringsW
lstrcpynW
lstrcatA
OpenEventW
GetSystemDirectoryA
RemoveDirectoryA
WaitForSingleObject
CreateFileA
ReadFile
GetLocaleInfoA
GetTickCount
DeleteFileW
GetExpandedNameW
CreateEventA
GetWindowsDirectoryA
GetStringTypeW
GetStdHandle
GetFileAttributesA
WriteProfileStringW
CreateWaitableTimerW

shell32

SHGetNewLinkInfoW
SHGetMalloc
SHQueryRecycleBinW
DragQueryFileW
SHOpenFolderAndSelectItems
SHDefExtractIconA
SHGetDataFromIDListW
SHGetFileInfoA
SHFreeNameMappings
SHGetFolderLocation

esent

JetBeginTransaction
JetCloseTable

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f54a00233d220c9ce88e4951b8f9431

Headers

File Characteristics

Imports

odbctrac

uxtheme

kernel32

shell32

esent

Sections

.text Size: 93KB - Virtual size: 92KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 93KB - Virtual size: 92KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 5KB - Virtual size: 5KB