HEUR-Trojan[.]Win32[.]ShipUp[.]gen-8ac6881452f3958147de69f430ca7f99efd53a58da68d84c49cfb597b563909b

Sharing

Copy URL

Twitter E-mail

General

Target

HEUR-Trojan.Win32.ShipUp.gen-8ac6881452f3958147de69f430ca7f99efd53a58da68d84c49cfb597b563909b
Size

153KB
MD5

3ae1a7f23ff9298bc6d616e04d6731cd
SHA1

f6c1c3473a1e3e3b6e0e2d50e45a315f690840e6
SHA256

8ac6881452f3958147de69f430ca7f99efd53a58da68d84c49cfb597b563909b
SHA512

3a63ae1b9e84bcb8045371fa05be38b17671d4a1a0d05b38e1d97bce1ef1578045957f74243aff02735dc3b90e625676d589055b3f75bd5a52fc87b3bda719e8
SSDEEP

3072:ZHrEI6rvvMV0nE17B+TnFnW5/bi13lNvuCLeEPbUXHrJ61em:5wHMV0nE1l+LtuTS/aSUXLJ8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan.Win32.ShipUp.gen-8ac6881452f3958147de69f430ca7f99efd53a58da68d84c49cfb597b563909b

Files

HEUR-Trojan.Win32.ShipUp.gen-8ac6881452f3958147de69f430ca7f99efd53a58da68d84c49cfb597b563909b
.exe windows:1 windows x86 arch:x86

c47b9ac44c97af7db2dce0a1a39c7f20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetProcAddress
GetTempPathA
LoadLibraryA
RtlUnwind
CreateFileA
VirtualAlloc
GetModuleHandleA
CloseHandle
LocalFree
lstrcpyA
GetStartupInfoA
lstrlenA

user32

EnumWindows
DdeClientTransaction
SetTimer
KillTimer
LoadIconA
LoadStringA
SendMessageA
wsprintfA

crtdll

__GetMainArgs
exit
raise
signal

ntdll

NtOpenFile
RtlInitUnicodeString
NtClose

advapi32

CloseEventLog
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ReadEventLogW
OpenEventLogW
RegSetValueExA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 312B - Virtual size: 312B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc1
Size: 370B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.XdowLkz
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ

.mmdc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vnn
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.YNbr
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c47b9ac44c97af7db2dce0a1a39c7f20

Headers

File Characteristics

Imports

kernel32

user32

crtdll

ntdll

advapi32

gdi32

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 128KB - Virtual size: 128KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 312B - Virtual size: 312B

.reloc1 Size: 370B - Virtual size: 370B

.XdowLkz Size: 3KB - Virtual size: 3KB

.mmdc Size: 1024B - Virtual size: 1024B

.vnn Size: 1024B - Virtual size: 1024B

.YNbr Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 128KB - Virtual size: 128KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 312B - Virtual size: 312B

.reloc1
Size: 370B - Virtual size: 370B

.XdowLkz
Size: 3KB - Virtual size: 3KB

.mmdc
Size: 1024B - Virtual size: 1024B

.vnn
Size: 1024B - Virtual size: 1024B

.YNbr
Size: 1KB - Virtual size: 1KB