Trojan.Danger_Trojan.GenericKD.72677122_145.vir

HOSTILE

Mal-ecule

Size 48.0 KB download

First seen 54 days ago

Analyzed 45 days ago

Ecosystem datamaliciousorder

Well-known

malware/dropper Chocolatey-mimic dropper with Linux tool decoys

anti-static/obfuscation Minimal PE imports with dynamic loading

evasion/self-delete cmd /c del argument fragment

fs/path References legacy DOS/Windows boot configuration files

process/inject Dynamic LoadLibraryA resolution for remote injection

mem/protect Modify memory page protection

binary Overlay exceeds one-third

encoded-payload Encoded payload detected: xor

signed::unsigned-pe-executable PE executable is unsigned

unsigned Binary is not digitally signed

binary/section UPX packed section name

dylib::kernel32 links KERNEL32.DLL (LoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect)

dylib::mfc42 links MFC42.DLL (ORDINAL 859)

dylib::msvcrt links MSVCRT.dll (exit)

dylib::shell32 links SHELL32.dll (SHChangeNotify)

dylib::user32 links USER32.dll (LoadIconA)

hardening Writable and executable section (W^X violation)

hardening::no-pie Binary is not position-independent (fixed load address)

signed::unsigned Binary is not digitally signed

embedded Embedded PE binary at file offset 0x28fa (~69632 bytes)

20 of 44 traits shown

SHA-256	8932e9fe7509d707b08ab75218b131249a5134c6d4b3bd9ffdb63ae4f3f43f1a
Filename	Trojan.Danger_Trojan.GenericKD.72677122_145.vir

Not seeing what you expected? Let us know