Trojan.Danger_Trojan.GenericKD.72677122_40.vir

HOSTILE

Mal-ecule

Size 57.8 KB download

First seen 54 days ago

Analyzed 45 days ago

Ecosystem datamaliciousorder

Well-known

malware/dropper Chocolatey-mimic dropper with Linux tool decoys

anti-static/obfuscation Malformed importless PE stub with embedded payload

evasion/self-delete cmd /c del argument fragment

data/embedded Embedded PE/MZ binary

fs/path References legacy DOS/Windows boot configuration files

process/inject Dynamic LoadLibraryA resolution for remote injection

binary PE checksum mismatch (modified binary)

encoded-payload Encoded payload detected: xor

lang/compiler PE linked with binutils 2.x (MinGW/GCC)

signed::unsigned-pe-executable PE executable is unsigned

unsigned Binary is not digitally signed

binary/section UPX packed section name

dylib::kernel32 links KERNEL32.DLL (LoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect)

dylib::mfc42 links MFC42.DLL (ORDINAL 859)

dylib::msvcrt links MSVCRT.dll (exit)

dylib::shell32 links SHELL32.dll (SHChangeNotify)

hardening Writable and executable section (W^X violation)

hardening::no-pie Binary is not position-independent (fixed load address)

signed::unsigned Binary is not digitally signed

embedded Embedded PE binary at file offset 0x28fa (~69632 bytes)

20 of 47 traits shown

SHA-256	3ad38ab7400516be9a19764ea06e5989b0a6cf1cf900070b4a06a21b64eace05
Filename	Trojan.Danger_Trojan.GenericKD.72677122_40.vir

Not seeing what you expected? Let us know