HEUR-Trojan[.]Win32[.]Generic-dfabf991c81b2d9f1ff6c8797915db9a8692b391ee45766e01d459f0e77659e7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HEUR-Trojan.Win32.Generic-dfabf991c81b2d9f1ff6c8797915db9a8692b391ee45766e01d459f0e77659e7
Size

126KB
MD5

76dff5f727214d1f4b9ea9f970bf7a7f
SHA1

277ea14c92348b12e6d3ffd3e7f0a9c5fbf4e57b
SHA256

dfabf991c81b2d9f1ff6c8797915db9a8692b391ee45766e01d459f0e77659e7
SHA512

38f2cd96bc6e93e624488322c82581bb6da4c6403b2f2d382a17030bd013484f2765d2334a35f3363e2673ab21a23b10b7a7253916ad6f62ae205fe45bc1a906
SSDEEP

3072:0NmwqRYr/XBbNAtXUCle7LRLqsz5nXLSGi2pxS:+1qRaBkUClefRLB1LPS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.Generic-dfabf991c81b2d9f1ff6c8797915db9a8692b391ee45766e01d459f0e77659e7

Files

HEUR-Trojan.Win32.Generic-dfabf991c81b2d9f1ff6c8797915db9a8692b391ee45766e01d459f0e77659e7
.exe windows:1 windows x86 arch:x86

c97798005dd480024acd9b99958bda27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCombineA
PathFileExistsW

shfolder

SHGetFolderPathW

kernel32

CloseHandle
CreateEventA
CreateFileW
CreateMutexA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileTime
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
LoadLibraryA
LocalFree
QueryPerformanceCounter
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
lstrcmpiA
lstrcpyA
lstrlenA
LocalAlloc

advapi32

GetSecurityDescriptorSacl
RegCloseKey
RegCreateKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
OpenProcessToken

Sections

AUTO
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DGROUP
Size: 115KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ