HEUR-Trojan[.]Win32[.]Generic-a1620cb359687bb70e7df9f1854c1bcc13364b6ae9c0e411d58e3bbb28284fe1

General

Target

HEUR-Trojan.Win32.Generic-a1620cb359687bb70e7df9f1854c1bcc13364b6ae9c0e411d58e3bbb28284fe1
Size

172KB
MD5

2f02d30c4bf2de83b961727092201a6a
SHA1

98b31eb069145aa486b9b2fac935847cdda90887
SHA256

a1620cb359687bb70e7df9f1854c1bcc13364b6ae9c0e411d58e3bbb28284fe1
SHA512

0d7974b4dca9ca281008d54f263ea9c13aed457a537dcc02f78a34ab7ecc35860d7990e6a3e980e4c6ed31627f9a76ad56685267941c1f5cc9d604cd5d73bb5e
SSDEEP

3072:pN0GPaXTWQmnfizgd3AWO0/5OXb6e4NRoRicExK6zzama+9eQrso:8rC8P4Gf2zzRaee

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.Generic-a1620cb359687bb70e7df9f1854c1bcc13364b6ae9c0e411d58e3bbb28284fe1

Files

HEUR-Trojan.Win32.Generic-a1620cb359687bb70e7df9f1854c1bcc13364b6ae9c0e411d58e3bbb28284fe1
.exe windows:4 windows x86 arch:x86

d6ab6775185fcba9fcc8050f09decb78

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CreateThread
lstrcpyA
TerminateProcess
SetEnvironmentVariableA
CompareStringW
CompareStringA
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
HeapFree
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar

user32

MessageBoxA

ws2_32

__WSAFDIsSet
recv
WSAStartup
gethostbyname
select
socket
inet_addr
htons
connect
closesocket
send
inet_ntoa

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6ab6775185fcba9fcc8050f09decb78

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

Sections

.text Size: 76KB - Virtual size: 72KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 1KB

.0 Size: 68KB - Virtual size: 67KB

.text
Size: 76KB - Virtual size: 72KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 1KB

.0
Size: 68KB - Virtual size: 67KB