HEUR-Trojan[.]Win32[.]Generic-64e5d76a733a4bf525c76a222082543e1962d444174501c4384c940796d130f1

Sharing

Copy URL

Twitter E-mail

General

Target

HEUR-Trojan.Win32.Generic-64e5d76a733a4bf525c76a222082543e1962d444174501c4384c940796d130f1
Size

75KB
MD5

c82a7573dbc27c92599e0106728f0624
SHA1

97c1e4d40c8133c7f20d530a2ebab8772215970d
SHA256

64e5d76a733a4bf525c76a222082543e1962d444174501c4384c940796d130f1
SHA512

9919c89d03c7e1d7547a353691c590c0c856a87853a622462fe12c8494230c48139036fc9357cff7e42de7876824d506f686c55effa4aea31a34a94624e08c2d
SSDEEP

768:jxDDnyAiIbhn+oRTaFSxjquEDFAnA1tLRNk2djaYoCMHosOAJCC5NVNC5P3CHOxX:jxDDnd1Raqq2uBNdSCMACjCPyuzLwgq8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.Generic-64e5d76a733a4bf525c76a222082543e1962d444174501c4384c940796d130f1

Files

HEUR-Trojan.Win32.Generic-64e5d76a733a4bf525c76a222082543e1962d444174501c4384c940796d130f1
.exe windows:5 windows x86 arch:x86

5f259a07286d0de03289b72c296c1693

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdiplusShutdown
GdiplusStartup
GdipDrawImageI
GdipBitmapGetPixel
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdipCreateFromHDC

kernel32

GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapSize
RtlUnwind
Sleep
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetProcessHeap
HeapAlloc
ReadFile
CloseHandle
HeapFree
WriteFile
LoadLibraryW
GetProcAddress
HeapReAlloc
FreeLibrary
LoadLibraryA
GetModuleFileNameW
FindResourceW
LoadResource
SizeofResource
LockResource
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
InterlockedDecrement
GetLastError
GetCurrentThreadId
GetCurrentProcess
IsProcessorFeaturePresent
GetCommandLineA
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
ExitProcess
DecodePointer
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError

user32

DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassExW
LoadCursorW
DefWindowProcW
FillRect
GetClientRect
BeginPaint
InvalidateRect
PostQuitMessage
SendMessageW
EndPaint

gdi32

SetPixel

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f259a07286d0de03289b72c296c1693

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 2KB - Virtual size: 2KB