HEUR-Trojan-Banker[.]Win32[.]Shifu[.]gen-e92ca5788e9bbfe1e75c64a652d201c785fc03eb126739f3930c6f1b77022296

Sharing

Copy URL

Twitter E-mail

General

Target

HEUR-Trojan-Banker.Win32.Shifu.gen-e92ca5788e9bbfe1e75c64a652d201c785fc03eb126739f3930c6f1b77022296
Size

404KB
MD5

1330d6bae771a9b047ead1dfdfc7328d
SHA1

343d12b38c4d22c1e6c43cb57020ab3ca96d160e
SHA256

e92ca5788e9bbfe1e75c64a652d201c785fc03eb126739f3930c6f1b77022296
SHA512

6381a9730e7cde087b0d7bac77a981b366904e17171797b1a852ce6276acfa6fee7957d6c6ebc487fe49bbb12099e059ef01bcfb86c53b95bbbbfcb295df1059
SSDEEP

6144:4ck18MipfIUaQYu8tbS6JBcj0U5hjX/Tvf8MJYFW8jb/HVbdsifRe9+fHrGJS:4X8Djadu8J4YSjX/THmxr1bBGsHrGJS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan-Banker.Win32.Shifu.gen-e92ca5788e9bbfe1e75c64a652d201c785fc03eb126739f3930c6f1b77022296

Files

HEUR-Trojan-Banker.Win32.Shifu.gen-e92ca5788e9bbfe1e75c64a652d201c785fc03eb126739f3930c6f1b77022296
.exe windows:4 windows x86 arch:x86

a3cd30cc30d79a7a89ca3c454827da96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACloseEvent
gethostname
WSAAddressToStringW
WSAStartup
WSAConnect
getsockname
setsockopt
sendto
WSACleanup
socket
gethostbyname

kernel32

GetModuleHandleA
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
GetLocaleInfoW
GetFileSize
SetEndOfFile
CreateProcessW
CreateDirectoryW
VirtualFree
WriteFile
LoadLibraryW
Sleep
MulDiv
CreateFileW
GetProcAddress
VirtualAlloc
GetDiskFreeSpaceW
ResetEvent
LocalAlloc
RemoveDirectoryW
VirtualProtect
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
DeleteFileW
LocalFree
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetCPInfo
GetLastError
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
ExitProcess
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
LoadLibraryA

Sections

.text
Size: 280KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3cd30cc30d79a7a89ca3c454827da96

Headers

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 280KB - Virtual size: 278KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 20KB - Virtual size: 97KB

.rsrc Size: 28KB - Virtual size: 26KB

.text
Size: 280KB - Virtual size: 278KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 20KB - Virtual size: 97KB

.rsrc
Size: 28KB - Virtual size: 26KB