HEUR-Trojan[.]Win32[.]Generic-df833e16ec99645da195bd342ffee17d9b6bd18ce3d6a7dd559f33e557668676 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HEUR-Trojan.Win32.Generic-df833e16ec99645da195bd342ffee17d9b6bd18ce3d6a7dd559f33e557668676
Size

146KB
MD5

f18a4d8b40c943b9f49d5e36c6d93204
SHA1

7239e0088a4a1d822274d5ec45ab80927bbd6aa9
SHA256

df833e16ec99645da195bd342ffee17d9b6bd18ce3d6a7dd559f33e557668676
SHA512

bf71ced3ca5b0be994fc27d16df229d1f5e0dd23a42ddf8d6ecde6a3e15ba70b64f90d0071c3c414e2ec1361b44f9e6ae1d7fad832e573f254c7ccebc02132fe
SSDEEP

3072:HHe852dsJ4vznn8mQUm+/3i6jX45va2r6XPQr6BzlR:nT52GJ475Q0/3fjX45S4oPw6Bz7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.Generic-df833e16ec99645da195bd342ffee17d9b6bd18ce3d6a7dd559f33e557668676

Files

HEUR-Trojan.Win32.Generic-df833e16ec99645da195bd342ffee17d9b6bd18ce3d6a7dd559f33e557668676
.exe windows:1 windows x86 arch:x86

7a52a4667afe1f5c46098e68be4d95a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

kernel32

GetModuleHandleA
GetProcAddress
CloseHandle
GetTickCount
RtlUnwind
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
HeapAlloc
LoadLibraryA
lstrlenA

crtdll

__GetMainArgs
exit
raise
signal

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFromStringBindingW
NdrClientCall2
RpcBindingFree
NdrClientCall2

user32

LoadStringW

netapi32

NetApiBufferFree

advapi32

RegOpenKeyExA
RegQueryValueExA

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 344B - Virtual size: 344B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ