HEUR-Trojan[.]Win32[.]Agent[.]gen-19cafe111683bdc80bb5304bf50d0796cdd97f7db1f8a844c4ed80887e90a1e1

General

Target

HEUR-Trojan.Win32.Agent.gen-19cafe111683bdc80bb5304bf50d0796cdd97f7db1f8a844c4ed80887e90a1e1
Size

90KB
MD5

2ae145c014df799274ba760ca0fe1b30
SHA1

361091ec7e641fdf44969e6e4b66e446b509456b
SHA256

19cafe111683bdc80bb5304bf50d0796cdd97f7db1f8a844c4ed80887e90a1e1
SHA512

e3e15d222b3b22aae635fac1e14ab5b377dc286cf21345a5f396e75fabcb74ab8e966a770e590e43a5430af588f2264b2cd5aaa6352db68b43de9bf131e818f1
SSDEEP

1536:ExiqhwlL3qC3+Z52vT6eqUNfdiKRiUUKeKDKaRnBiTXK+Ifyvf5fhW9zXzmfcKOP:EAbL3q6zvT6eqUNfdiKRiUUKeKDKaRBD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.Agent.gen-19cafe111683bdc80bb5304bf50d0796cdd97f7db1f8a844c4ed80887e90a1e1

Files

HEUR-Trojan.Win32.Agent.gen-19cafe111683bdc80bb5304bf50d0796cdd97f7db1f8a844c4ed80887e90a1e1
.exe windows:4 windows x86 arch:x86

3d86c61c5c942872424ab0037ff6d1d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_initterm
_except_handler3
_controlfp
__dllonexit
_onexit
__getmainargs
_acmdln
exit
_XcptFilter
_exit
rename
_mbsicoll
_mbscoll
_mbsicmp
_mbscmp
_ismbcdigit
_mbsnbcmp
wcslen
strlen
_mbclen
vsprintf
_ismbcspace
_mbsrev
_mbslwr
_mbsupr
_mbspbrk
_mbschr
_mbsrchr
_mbsstr
memmove
_mbsinc
srand
rand
_tzset
time
localtime
strftime
_strdup
strcmp
memcpy
sprintf
fopen
fwrite
fclose
atoi
memset
__set_app_type
__CxxFrameHandler
_strlwr

ws2_32

inet_ntoa
WSAGetLastError
gethostbyname

kernel32

GetCurrentProcessId
SetCurrentDirectoryA
CreateThread
InterlockedIncrement
InterlockedDecrement
LocalFree
LocalAlloc
lstrlenA
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrA
MultiByteToWideChar
GlobalLock
GlobalUnlock
GetVersionExA
TerminateProcess
SetFileAttributesA
OpenProcess
GlobalAlloc
GlobalFree
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateMutexA
Sleep
WaitForSingleObject
ReleaseMutex
FindFirstFileA
FindClose
ReadFile
CreateFileA
WriteFile
GetTempPathA
GetTempFileNameA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetLastError
GetCurrentThreadId
GetModuleHandleA
GetStartupInfoA
GetCurrentProcess

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d86c61c5c942872424ab0037ff6d1d0

Headers

File Characteristics

Imports

msvcrt

ws2_32

kernel32

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 23KB