HEUR-Trojan[.]Win32[.]Generic-ab4181467d7c2c029a103894f4b8b4923747ac156662ca06b5b0a724693b79e6

Sharing

Copy URL Twitter E-mail

General

Target

HEUR-Trojan.Win32.Generic-ab4181467d7c2c029a103894f4b8b4923747ac156662ca06b5b0a724693b79e6
Size

208KB
MD5

bc0b75edc90891e1144b68be09e75f51
SHA1

b998df4aa97009e5f3c3dd9cb03d3d752004f553
SHA256

ab4181467d7c2c029a103894f4b8b4923747ac156662ca06b5b0a724693b79e6
SHA512

53a8339c43c9dffdb857746228021cfed3b3ef20434d14d4abb1cba46b0eda90bf84b7c30e6b9dcdbb20e8b0b0b8b0e2841c38f845c0ed4a4fb8b40b9205c5bd
SSDEEP

3072:jAFlEsfFoK6ru8/+ILcnHDD+8LG+ntr0lMo0Kyz8KgZsRE1EYam4hJ4NLthEjQTG:jUhCK6ru0+IoHDD+8LG+B0yoivJQEj9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.Generic-ab4181467d7c2c029a103894f4b8b4923747ac156662ca06b5b0a724693b79e6

Files

HEUR-Trojan.Win32.Generic-ab4181467d7c2c029a103894f4b8b4923747ac156662ca06b5b0a724693b79e6
.exe windows:4 windows x86 arch:x86

03ae0108c7455c49c94d2d60afa1e57a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameA
GetModuleFileNameExA
EnumProcessModules
EnumProcesses

kernel32

GetOEMCP
SetErrorMode
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
ExitProcess
RaiseException
HeapSize
TerminateProcess
UnhandledExceptionFilter
GetCPInfo
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetACP
GetConsoleCP
GetConsoleMode
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetThreadLocale
SetEndOfFile
FlushFileBuffers
SetFilePointer
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
FormatMessageA
LocalFree
MulDiv
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
SetLastError
GlobalAddAtomA
GlobalUnlock
GlobalFree
FreeResource
WritePrivateProfileStringA
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetVersion
CompareStringA
GetLastError
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
Beep
GetModuleHandleA
GetProcAddress
ReadFile
GetFileSize
GetModuleFileNameA
GetCurrentProcess
Sleep
GetCurrentProcessId
OpenProcess
CopyFileA
CloseHandle
WriteFile
CreateFileA
FindClose
FindFirstFileA
GetTickCount
SetUnhandledExceptionFilter

user32

LoadCursorA
ShowWindow
SetWindowTextA
IsDialogMessageA
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetTopWindow
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
LoadIconA
keybd_event
GetForegroundWindow
GetClientRect
DrawTextA
SetTimer
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
DestroyMenu
UnregisterClassA
GetSysColorBrush
GetMessageTime
IsIconic
SendMessageA
GetSystemMetrics
DrawIcon
SetSysColors
KillTimer
EnableWindow
PostMessageA
PostQuitMessage
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA

gdi32

SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
GetDeviceCaps
ExtTextOutA
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetClipBox
CreateBitmap
TextOutA
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
Escape

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyA

shell32

SHGetFolderPathA
ShellExecuteA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03ae0108c7455c49c94d2d60afa1e57a

Headers

File Characteristics

Imports

psapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 20KB - Virtual size: 18KB