HEUR-Trojan[.]Win32[.]BHO[.]gen-22c0310915fd0997f7af555aad822049c5d1ade8cf232326ef0d03dcdd403c64 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HEUR-Trojan.Win32.BHO.gen-22c0310915fd0997f7af555aad822049c5d1ade8cf232326ef0d03dcdd403c64
Size

21KB
MD5

6688a7effba010aaf709093635e83c4e
SHA1

c1d7b88e8ca81892d66edad47f8001c2572b4296
SHA256

22c0310915fd0997f7af555aad822049c5d1ade8cf232326ef0d03dcdd403c64
SHA512

c8c174afd69bed12f7f3b6a35fa375daa4f59a361e341a9bf72ae3df82c20c713607beee2db13274ffff92d33949d4dcd3325ddeb5b7deb23551d77bd979d85c
SSDEEP

192:tkAaMic5gTYTB5taMGmKdKtNouAftOITHhdA1:tn7ic5gTYF2MnKkGuNIjh+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.BHO.gen-22c0310915fd0997f7af555aad822049c5d1ade8cf232326ef0d03dcdd403c64

Files

HEUR-Trojan.Win32.BHO.gen-22c0310915fd0997f7af555aad822049c5d1ade8cf232326ef0d03dcdd403c64
.exe windows:4 windows x86 arch:x86

02376308418421528e156fa07838a46c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
FreeLibrary
LoadLibraryA
lstrcpyA
lstrcatA
GetCurrentProcess
SuspendThread
GetFileAttributesW
GetCurrentThread
HeapFree
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
CloseHandle
ExitProcess
GetModuleHandleA
Process32First
CreateToolhelp32Snapshot
CompareStringA
CreateFileA
WriteFile
GetFileAttributesA
GetTempPathA

advapi32

RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyExA

user32

MessageBoxA
ExitWindowsEx
CharToOemA
wsprintfA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gu_idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ