HEURTrojan[.]Win32[.]Generica1566b0b4783b58fefb512872ed01310fe5c9c3a64303f547739787be68a45da[.]bin

General

Target

HEURTrojan.Win32.Generica1566b0b4783b58fefb512872ed01310fe5c9c3a64303f547739787be68a45da.bin
Size

77KB
MD5

9448fc34ecb9f95825442ae14c39fda6
SHA1

7dd4a2005211ddc5e001cc8ecd857929797a08f9
SHA256

a1566b0b4783b58fefb512872ed01310fe5c9c3a64303f547739787be68a45da
SHA512

b33e2eafb9f3b75a151312c0fbceb6c88e3c851624b0847b8229ffaf375dbe29a6f88ee0a0f3003344007751301c095ce4558dec0afa9bfe471a0f012aa84203
SSDEEP

1536:RdloGy9Cy3QuQv8VtYOxJ06pifrpE/Aw1f:R/oGYQ/kVphpif611f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEURTrojan.Win32.Generica1566b0b4783b58fefb512872ed01310fe5c9c3a64303f547739787be68a45da.bin

Files

HEURTrojan.Win32.Generica1566b0b4783b58fefb512872ed01310fe5c9c3a64303f547739787be68a45da.bin
.exe windows x86

199b7e92fdebd65631f97f47bf8f9af3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

clusapi

ClusterEnum
CloseCluster
CloseClusterNode
CloseClusterGroup

crypt32

CertOpenSystemStoreA
CryptHashMessage
CryptDecodeMessage
CryptFindOIDInfo
CryptDecryptMessage
CryptEnumOIDInfo
CryptMemRealloc
CertDeleteCTLFromStore
CryptUnprotectData
CryptProtectData

advapi32

OpenEventLogW
CryptSignHashA
RegCreateKeyExA
ClearEventLogW
RegLoadKeyW
RegRestoreKeyA
ReadEventLogA
RegUnLoadKeyA
RegOpenKeyW
RegReplaceKeyW
RegEnumKeyA
RegSaveKeyA
RegDeleteValueA
IsTextUnicode

modemui

CountryRunOnce
drvGetDefaultCommConfigA

kernel32

RemoveDirectoryA
AddAtomW
GetProcAddress
LoadLibraryExA
OpenMutexA
FindFirstFileA
CreateMutexA
GetBinaryTypeW
GetVersionExA
GetCurrentDirectoryA
GetTempFileNameA
FindClose
FormatMessageW
lstrcatW
CreateSemaphoreA
IsBadReadPtr
LoadLibraryA
ResetEvent
HeapReAlloc
GetConsoleAliasW
WaitForSingleObjectEx

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: - Virtual size: 256B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

199b7e92fdebd65631f97f47bf8f9af3

Headers

DLL Characteristics

File Characteristics

Imports

clusapi

crypt32

advapi32

modemui

kernel32

Sections

.text Size: 65KB - Virtual size: 65KB

.data1 Size: - Virtual size: 256B

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 65KB - Virtual size: 65KB

.data1
Size: - Virtual size: 256B

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 5KB - Virtual size: 4KB