HEUR-Trojan[.]Win32[.]Generic-2518e01763a62ef0a50e9a9fac9dbac6f43a4138f6f7f04b5bdc32c1dabbcacc

General

Target

HEUR-Trojan.Win32.Generic-2518e01763a62ef0a50e9a9fac9dbac6f43a4138f6f7f04b5bdc32c1dabbcacc
Size

272KB
MD5

74a212d77fd4cbd7a59b50ab04c858a9
SHA1

30fa7b51eca0bb24ef5c5d2309c140bdcf400b9c
SHA256

2518e01763a62ef0a50e9a9fac9dbac6f43a4138f6f7f04b5bdc32c1dabbcacc
SHA512

e9867ae0c0e635d892ae2151be747ae3832a6b3b08f61ca373f5353cd2bf658d02359dd74feed19d9b0bd1042b059477c88772d6a11809ecf550f14e9783af8a
SSDEEP

6144:3Jq9MWSpK74kpKuF/hONulCjukvO4jzWs1+6ptIXgoS:5CMWSpKVKooccjuEOwWs1+9j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.Generic-2518e01763a62ef0a50e9a9fac9dbac6f43a4138f6f7f04b5bdc32c1dabbcacc

Files

HEUR-Trojan.Win32.Generic-2518e01763a62ef0a50e9a9fac9dbac6f43a4138f6f7f04b5bdc32c1dabbcacc
.exe windows:4 windows x86 arch:x86

b7cf201992856e66e34f6bea4e636322

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
CreateEventA
GetVersionExA
GetStdHandle
VirtualAlloc
GetModuleHandleW
CreateSemaphoreA
GetProcAddress
IsBadWritePtr
HeapReAlloc
HeapAlloc
FatalAppExitA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleFileNameA
WriteFile
RtlUnwind
HeapFree
VirtualFree
GetModuleHandleA
GetStartupInfoW
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
HeapDestroy
HeapCreate
LoadLibraryA

user32

IsChild
OpenIcon
CloseWindow
IsIconic
GetParent
AnimateWindow
IsWindow

shlwapi

StrPBrkW
StrRStrIW

secur32

LsaFreeReturnBuffer

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 236KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.norman
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7cf201992856e66e34f6bea4e636322

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

secur32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 236KB - Virtual size: 272KB

.norman Size: 4KB - Virtual size: 988B

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 236KB - Virtual size: 272KB

.norman
Size: 4KB - Virtual size: 988B

.rsrc
Size: 4KB - Virtual size: 2KB