HEUR-Trojan[.]Win32[.]Generic-efba8850adf7cd6aa476585eb70330506de3f9b9817239ec25f0bc5b85b49750

Sharing

Copy URL

Twitter E-mail

General

Target

HEUR-Trojan.Win32.Generic-efba8850adf7cd6aa476585eb70330506de3f9b9817239ec25f0bc5b85b49750
Size

208KB
MD5

1682a7bc024314ba6550d944b8e4619d
SHA1

e644d8becdc86043f4ddf26dee365b5923c9c751
SHA256

efba8850adf7cd6aa476585eb70330506de3f9b9817239ec25f0bc5b85b49750
SHA512

42c31307616fb8418edef3e774a525c7fd7dc45c5b141e7675dc7aa2944a28566828f86288ef493dc2bdc350986df43b6f33e47591c0bef48f9743c5fb143aff
SSDEEP

6144:G+SV/GL9IdslNuVJJf95+F8y9e/fSltQEj:/nL9IdMNIPX+F8y9e/fKQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.Generic-efba8850adf7cd6aa476585eb70330506de3f9b9817239ec25f0bc5b85b49750

Files

HEUR-Trojan.Win32.Generic-efba8850adf7cd6aa476585eb70330506de3f9b9817239ec25f0bc5b85b49750
.exe windows:4 windows x86 arch:x86

03ae0108c7455c49c94d2d60afa1e57a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameA
GetModuleFileNameExA
EnumProcessModules
EnumProcesses

kernel32

GetOEMCP
SetErrorMode
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
ExitProcess
RaiseException
HeapSize
TerminateProcess
UnhandledExceptionFilter
GetCPInfo
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetACP
GetConsoleCP
GetConsoleMode
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetThreadLocale
SetEndOfFile
FlushFileBuffers
SetFilePointer
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
FormatMessageA
LocalFree
MulDiv
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
SetLastError
GlobalAddAtomA
GlobalUnlock
GlobalFree
FreeResource
WritePrivateProfileStringA
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetVersion
CompareStringA
GetLastError
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
Beep
GetModuleHandleA
GetProcAddress
ReadFile
GetFileSize
GetModuleFileNameA
GetCurrentProcess
Sleep
GetCurrentProcessId
OpenProcess
CopyFileA
CloseHandle
WriteFile
CreateFileA
FindClose
FindFirstFileA
GetTickCount
SetUnhandledExceptionFilter

user32

LoadCursorA
ShowWindow
SetWindowTextA
IsDialogMessageA
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetTopWindow
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
LoadIconA
keybd_event
GetForegroundWindow
GetClientRect
DrawTextA
SetTimer
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
DestroyMenu
UnregisterClassA
GetSysColorBrush
GetMessageTime
IsIconic
SendMessageA
GetSystemMetrics
DrawIcon
SetSysColors
KillTimer
EnableWindow
PostMessageA
PostQuitMessage
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA

gdi32

SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
GetDeviceCaps
ExtTextOutA
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetClipBox
CreateBitmap
TextOutA
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
Escape

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyA

shell32

SHGetFolderPathA
ShellExecuteA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03ae0108c7455c49c94d2d60afa1e57a

Headers

File Characteristics

Imports

psapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 20KB - Virtual size: 18KB