HEUR-Trojan[.]Win32[.]Zenpak[.]gen-1de272d1038a4da0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

HEUR-Trojan.Win32.Zenpak.gen-1de272d1038a4da0.exe
Size

1.1MB
MD5

134ba0a636c16478f5af66d7b00882eb
SHA1

abb04b8b4ff9fb80bab48a9a91add7d51bdaf9bd
SHA256

1de272d1038a4da0e2d177520ae647d33a44333e95be0033f7935c2f545d90dc
SHA512

b71321e7745a535a56da5cdc286c399e89f6e1eca4e1528f73944836d7c5de2277d0d8cf9372b4f5b5d277b5c241d9978ce22e381c024659afd162777615042e
SSDEEP

24576:ej0xZaRe2QNI5yotLfdzXmYA/9HgdNl9vaSz6iMpYh4/y0LK5K65:ej4aAK8Kfdz7dXzjCYm60LKn5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.Zenpak.gen-1de272d1038a4da0.exe

Files

HEUR-Trojan.Win32.Zenpak.gen-1de272d1038a4da0.exe
.exe windows x86

4b2f006e9c8103411c7e9e0d41005636

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
InterlockedIncrement
ReadConsoleA
GetSystemWindowsDirectoryW
GetEnvironmentStringsW
WaitForSingleObject
GetSystemDefaultLCID
QueryActCtxW
GetEnvironmentStrings
LeaveCriticalSection
VerifyVersionInfoA
GetModuleFileNameW
ReleaseSemaphore
GetLocaleInfoA
GetProcAddress
EnterCriticalSection
DisableThreadLibraryCalls
ResetEvent
OpenMutexA
WriteConsoleA
LocalAlloc
SetConsoleOutputCP
GlobalGetAtomNameW
WaitForMultipleObjects
SetSystemTime
GetModuleFileNameA
GetModuleHandleA
EraseTape
FindFirstVolumeA
GetCurrentProcessId
AddConsoleAliasA
FindActCtxSectionStringW
GetCommandLineW
GetLastError
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
VirtualAlloc
CloseHandle
Sleep
ExitProcess
WriteFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
CreateFileA
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
LoadLibraryA
SetEndOfFile
GetProcessHeap
MultiByteToWideChar
ReadFile
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetConsoleOutputCP
WriteConsoleW

user32

RealChildWindowFromPoint

advapi32

CloseEventLog

winhttp

WinHttpSetOption

Exports

Exports

@SetFirstEverVice@8
@SetViceVariants@12

Sections

.text
Size: 1014KB - Virtual size: 1013KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 906KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b2f006e9c8103411c7e9e0d41005636

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

winhttp

Exports

Exports

Sections

.text Size: 1014KB - Virtual size: 1013KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 906KB

.rsrc Size: 90KB - Virtual size: 89KB

.text
Size: 1014KB - Virtual size: 1013KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 906KB

.rsrc
Size: 90KB - Virtual size: 89KB