HEUR-Trojan[.]Win32[.]Generic-fb25565a73f119e89d1ee6e761f5b86d50daf21ceaef02435e50929cd23f36d8

General

Target

HEUR-Trojan.Win32.Generic-fb25565a73f119e89d1ee6e761f5b86d50daf21ceaef02435e50929cd23f36d8
Size

138KB
MD5

bac1152f9913848b019b471132b5a2dd
SHA1

a93e7b6c477f8508db2578634c748e9ab16d858a
SHA256

fb25565a73f119e89d1ee6e761f5b86d50daf21ceaef02435e50929cd23f36d8
SHA512

ac02e2a62e22579942e47691d70a4504b5042e65cb26babd2d09b88c03b3e563f3a02a9c3ae82a587e9defa9d41c69fce1db1e6418e54f3e9040e1be7ca6ef6d
SSDEEP

3072:xlSb61UPyd9wsSaorkMUZC84dxeCGD8ROZ/AO:xoKzeaorpTHNGD0+AO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.Generic-fb25565a73f119e89d1ee6e761f5b86d50daf21ceaef02435e50929cd23f36d8

Files

HEUR-Trojan.Win32.Generic-fb25565a73f119e89d1ee6e761f5b86d50daf21ceaef02435e50929cd23f36d8
.exe windows:4 windows x86 arch:x86

d21af85b4d8f71c33b346de557a81107

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateFileW
FormatMessageW
FreeLibrary
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStdHandle
GetTickCount
HeapAlloc
HeapFree
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
SystemTimeToFileTime
VirtualProtect
WriteFile
lstrcpyW
lstrcmpW

shell32

SHGetFolderPathW

user32

GetDC
LoadAcceleratorsA
LoadCursorA
LoadIconA
LoadStringW
RegisterClassW
IsClipboardFormatAvailable

pdh

PdhCloseLog
PdhAddCounterW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

ntdll

NtQueryInformationProcess

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.htext
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d21af85b4d8f71c33b346de557a81107

Headers

File Characteristics

Imports

kernel32

shell32

user32

pdh

advapi32

ntdll

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 117KB - Virtual size: 364KB

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 632B

.reloc Size: 1024B - Virtual size: 518B

.htext Size: 8KB - Virtual size: 8KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 117KB - Virtual size: 364KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 632B

.reloc
Size: 1024B - Virtual size: 518B

.htext
Size: 8KB - Virtual size: 8KB