Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Heracles.BE

Trojan.MSIL.Heracles.BE

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 4,802
Threat Level: 80 % (High)
Infected Computers: 1,068
First Seen: August 23, 2023
Last Seen: April 5, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Heracles.BE
Signature status: No Signature

Known Samples

MD5: c2e26d598cfc6148ee83abacfbff338f
SHA1: b1e28a56696dd12b083290fcf42b856fe69b4da6
SHA256: 552C8E4DC21C5D467681A5514FF67772CE618C8C6D11E39EB16731925BAFF7A0
File Size: 4.61 KB, 4608 bytes
MD5: fdbcb5bd1859f39c5b7177a43adafcb1
SHA1: 7a613c68f7d17d4b2c91dee29fd9a7453bbebbf8
SHA256: E36E9CDD14A63AA2BE1ED0C2F54C232DE8557E32EA530604662370C90F036196
File Size: 4.61 KB, 4608 bytes
MD5: 0f9c4f1b07d78e66da05be31552c2e73
SHA1: d87a50bc60084806ff1c9fece2eaddca7ed67f97
SHA256: B00833B0F6F54FB4F664C2990871FA81926C458D5D3533FADF451EBF171A093D
File Size: 4.61 KB, 4608 bytes
MD5: c963f77b7b1dc2dd9417b4ecbb7e0ad0
SHA1: ab4673f6704470264da929be35729c03e22979da
SHA256: 4031E08EE7683E4B27C70265B1FDCE09CF37EC2670B89CFE30E1069A4AFB2A16
File Size: 4.61 KB, 4608 bytes
MD5: 956d93bf368122df27262cbb27ce75f2
SHA1: e92cafb27f2c48030ee542fc25fdafd8a9de23cb
SHA256: AA80B7C3D53D21F909F6CA91AD44F79D2AE365BEE5E2F7BED523737459B51A1B
File Size: 4.61 KB, 4608 bytes
Show More
MD5: 83550bed363706a125af9a171c63f96c
SHA1: feeb69eee964319a0416dc8dd00d67bfbb79a19b
SHA256: 3FF7A6DCCC8592E9115F8C149B77CA71084330EC5A5B0FB29DF6B929BE51857B
File Size: 4.61 KB, 4608 bytes
MD5: 7ddc1887348f2b2ccb306f94a4849de1
SHA1: bc2bd78a9f7a076d216b56bcaeff087774c4f715
SHA256: 700A0A39330D95447B02AD7553C31E28C113518E869503EF0347B672FB3A85CD
File Size: 4.61 KB, 4608 bytes
MD5: 35d9d61556104948ce12d220ae7a1d82
SHA1: 021b74d69eb0cb6272b561adb4e51648b9f1fc45
SHA256: 1C9643DB7AA77DE957A72409E6AD6E42E05FD826036B91BE9C3A9876AD31F1B8
File Size: 4.61 KB, 4608 bytes
MD5: 9d90739b0a5c4158f486efd229df1588
SHA1: 04dd683e2e0da565db4e66325a33abac812bc76b
SHA256: 0170641F4467F937D14C23AD143AA855EF60E157756D24A9EC206A468DBA0868
File Size: 4.61 KB, 4608 bytes
MD5: 2ef8ef92d45c4e1be7a926e0ae51f130
SHA1: 18573a7ec7872dc9b79063617bd8ccca634a649a
SHA256: 37A5E6A008208B56A272EE4BDA114E7C543C080EE681EEE44F9462E6158596D8
File Size: 4.61 KB, 4608 bytes
MD5: 91180c2f454bdf4527b7bd76fe3b80e2
SHA1: 65614e0959eb8d812381251de39a37b5c675bdff
SHA256: 79B9C56D4317F156E6FE2BE3CA1ED59EC4731DD6959663FC418A167A222FB093
File Size: 4.61 KB, 4608 bytes
MD5: 866ec1f9acaa52c886d96ef19fd72ecd
SHA1: ff4b6adc05c5e5db968a8c495d6a5dac594ae377
SHA256: F26A22278CF56F3A76400785DD704CD7D8160A13C69FC3BE8616B0E3D9716A71
File Size: 4.61 KB, 4608 bytes
MD5: 7c11b7fbf4dec70c33c1256dc10f2eb7
SHA1: 7cfe817225cbded537cfb41a187c334396f8d674
SHA256: 1186C7AA2AE1E9076209BC71D4EF81F25320F989C798F3CF61C7867E7DE06C3B
File Size: 4.61 KB, 4608 bytes
MD5: be7e0613d2bf4f02bece09d7a05f1fa5
SHA1: 81ad922c4ab42e67cd170a30283a9600ebc2e3e1
SHA256: F1F79C1782B7DE44B1E2F09EAE5E464DAB8FAC2E1F9D5FC27EF58DD91BCF8470
File Size: 4.61 KB, 4608 bytes
MD5: fa82c987959c83e97a6fdd24f6ac46f7
SHA1: fab66a0d490ff31a90aaf47c2f975c09132522bb
SHA256: 122496B7BCB305DAEC48BF225E2FEF19A6F4F19413AA4DB993872AF75F654B79
File Size: 4.61 KB, 4608 bytes
MD5: b737924b60f9726c8ad692cb98250b52
SHA1: 135ff5693345241f0b57cacff0f4bab4f1210514
SHA256: B05B4794A72FD113710B9AC0CF29D59BAE6B5ADF37EF32012BC1BB904F9D03A4
File Size: 4.61 KB, 4608 bytes
MD5: 5d3c023b35d207141c315bef4b6888dd
SHA1: 260a00e2abc44c42e781b23c75da753fc412f564
SHA256: A6FD89FC2A9A42501897AE5970F34C302762C006799A8D3D9C226018AEEE3A7A
File Size: 4.61 KB, 4608 bytes
MD5: 0add7562bf6c2ca1028a0bc5ed196391
SHA1: 46821c4c8961bde888ca24f349777333db363ccd
SHA256: 15B6FBF75B009F71E211B366A4EC6805E5CCBB9538D2257A5348C9796AB8FB0E
File Size: 4.61 KB, 4608 bytes
MD5: df929a89da6aecbe529fe7578cbbe104
SHA1: e7cd4a3c58d55be4439a16f92c50109aa29e8e36
SHA256: 9C3BF666E6F64F0E964035C09DBD6CA67874A471FB1D06CB2AA990C28BFA9458
File Size: 4.61 KB, 4608 bytes
MD5: c24d8084907db3dde14b15a5663dbf82
SHA1: 2f38bc69cd8ad0b0f656a8428296d1382588938d
SHA256: C59AA8470DE85E5D4E56A009594DFDC5EF68F54F7B5736142B5B6C15C8A3AA20
File Size: 4.10 KB, 4096 bytes
MD5: 1fdf03fbcc80d6d0a714d26198f08ae2
SHA1: 775afb8af395232c7dcabd33d4da1141a4332dc5
SHA256: DE271AAD621672E5672BE2CCDE264FBA779EF03ADD4EE333F6DE8CE103D05214
File Size: 4.61 KB, 4608 bytes
MD5: a84ad8cb764dae60a55f7aff983d6eeb
SHA1: dc1cf98a4711618e86364bc2af5069577a4268ab
SHA256: B05CA407B0359D3DDDCB1AA558DB788BDDACF385442338771770DC93F8722653
File Size: 4.61 KB, 4608 bytes
MD5: e397347fd32b5feaee8f69745cab197e
SHA1: 3a846f51ca2cb625813ac6df16e2c9d0f15d290a
SHA256: A64E252AE86326AE9933C4A0120E5CECB7460F6E80B82CC28D3EA6D920A1DA3C
File Size: 4.61 KB, 4608 bytes
MD5: 8c11278faf8cef39788ccd8d05b7d1b8
SHA1: 34d293f95b72d209011406af84746d591d4fab65
SHA256: 07150B9251BBCAD663A59EF7E6324215886140708527CAB0B56BCBE9732F8D8B
File Size: 4.61 KB, 4608 bytes
MD5: 24d9bf8f52286c6436d2c31119be0874
SHA1: 32a183480e031ab441b714517c5ca514b57bc7c1
SHA256: 47D9BED648BAEF2D021B17941E392F2B17CEB49AD8DC266AFA067DD5543F2CAA
File Size: 4.61 KB, 4608 bytes
MD5: 7325ea79eea8903b5048e2411a2b004b
SHA1: efaaaf409deb5d89a7236b21fa01cea588f4aed2
SHA256: AA2C6049DABB4AD1B1E739261E765DBE830DD9FB4BA7496D7880087D44D81A09
File Size: 4.61 KB, 4608 bytes
MD5: e20b4d37bf1c26436173f9ba0f36c821
SHA1: 30842b0662c43cfa830668a1ec354b7503fc73a2
SHA256: 52E52F25CB3DB65A764DBF953A5919DC5B38B38FD1699BAFAA373660F42BC5D7
File Size: 4.61 KB, 4608 bytes
MD5: 8a48b051faa44c10386ea92dd4be9b14
SHA1: e56eed4500674ea7192b42ba3f4df374d5694eb3
SHA256: 558099D7591DE35F4813CBD6D6C238BD80AF8DB96B20377C7132BDCF47C5EEC2
File Size: 4.61 KB, 4608 bytes
MD5: 276c998e477e8dc527b5da898626b043
SHA1: c82015762326063dc5b3d8d644b218b9ad1b319b
SHA256: CA625B48C29A990A5BB00A6D05A02EBC9C5784A704DC651A43FED43862C9C4B7
File Size: 4.61 KB, 4608 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
File Version 0.0.0.0
Internal Name
  • 0A83B
  • 0ACED
  • 0AFD0
  • 0B4C
  • 0B8AE
  • 0B60E
  • 0C75F
  • 0C285.tmp
  • 0D6D3
  • 0E010
Show More
  • 0E1E0.tmp
  • 0E3F5
  • 0EEA2
  • 0F75B
  • 02E4E
  • 02F1F.tmp
  • 05C46
  • 08CCC.tmp
  • 08EDC
  • 08F39
  • 025A8
  • 063A
  • 074CE
  • 0679C.tmp
  • 0848F.tmp
  • 01362
  • 03745
  • 08728
  • 09434
Original Filename
  • 0A83B.tmp
  • 0ACED.tmp
  • 0AFD0.tmp
  • 0B4C.tmp
  • 0B8AE.tmp
  • 0B60E.tmp
  • 0C75F.tmp
  • 0C285.tmp
  • 0D6D3.tmp
  • 0E010.tmp
Show More
  • 0E1E0.tmp
  • 0E3F5.tmp
  • 0EEA2.tmp
  • 0F75B.tmp
  • 02E4E.tmp
  • 02F1F.tmp
  • 05C46.tmp
  • 08CCC.tmp
  • 08EDC.tmp
  • 08F39.tmp
  • 025A8.tmp
  • 063A.tmp
  • 074CE.tmp
  • 0679C.tmp
  • 0848F.tmp
  • 01362.tmp
  • 03745.tmp
  • 08728.tmp
  • 09434.tmp

File Traits

  • .NET
  • dll
  • x86

Block Information

Total Blocks: 5
Potentially Malicious Blocks: 2
Whitelisted Blocks: 3
Unknown Blocks: 0

Visual Map

x 0 0 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Heracles.BE

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
Show More
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiRestoreDC
  • win32u.dll!NtGdiSaveDC
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetDIBitsToDeviceInternal
  • win32u.dll!NtUserBuildHwndList
  • win32u.dll!NtUserCallTwoParam
  • win32u.dll!NtUserCreateEmptyCursorObject
  • win32u.dll!NtUserCreateWindowEx
  • win32u.dll!NtUserDestroyWindow
  • win32u.dll!NtUserFindExistingCursorIcon
  • win32u.dll!NtUserGetAncestor
  • win32u.dll!NtUserGetClassInfoEx
  • win32u.dll!NtUserGetClassName
  • win32u.dll!NtUserGetDC
  • win32u.dll!NtUserGetGUIThreadInfo
  • win32u.dll!NtUserGetIconInfo
  • win32u.dll!NtUserGetIconSize
  • win32u.dll!NtUserGetImeInfoEx
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetObjectInformation
  • win32u.dll!NtUserGetProcessWindowStation
  • win32u.dll!NtUserGetProp
  • win32u.dll!NtUserGetThreadDesktop
  • win32u.dll!NtUserGetThreadState
  • win32u.dll!NtUserGetWindowCompositionAttribute
  • win32u.dll!NtUserIsNonClientDpiScalingEnabled
  • win32u.dll!NtUserIsTopLevelWindow
  • win32u.dll!NtUserMessageCall
  • win32u.dll!NtUserRegisterClassExWOW
  • win32u.dll!NtUserRegisterWindowMessage
  • win32u.dll!NtUserReleaseDC
  • win32u.dll!NtUserRemoveProp
  • win32u.dll!NtUserSelectPalette
  • win32u.dll!NtUserSetCursorIconData
  • win32u.dll!NtUserSetWindowFNID
  • win32u.dll!NtUserSetWindowLongPtr
  • win32u.dll!NtUserSetWindowPos
  • win32u.dll!NtUserUpdateInputContext

Trending

Most Viewed

Loading...