Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Heracles.RA

Trojan.MSIL.Heracles.RA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 21,862
Threat Level: 80 % (High)
Infected Computers: 7
First Seen: February 22, 2023
Last Seen: August 19, 2025
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Heracles.RA
Signature status: No Signature

Known Samples

MD5: b076d8e28897fc242addd99b467bc40c
SHA1: 27b03102084518dccc21fc51160bd30704280bda
SHA256: BB6A88CE8EEFFE24F2C430A3086A47DE5026BD528B73774F2085DAA1052A7AF0
File Size: 3.96 MB, 3959296 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
File Description HEXER
File Version 1.0.0.0
Internal Name DOBBEX CHEAT.exe
Legal Copyright Copyright © 2024
Original Filename DOBBEX CHEAT.exe
Product Name DOBBEX CLEANER
Product Version 1.0.0.0

File Traits

  • .NET
  • Agile.net
  • Fody
  • HighEntropy
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 122
Potentially Malicious Blocks: 32
Whitelisted Blocks: 53
Unknown Blocks: 37

Visual Map

0 x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 ? x ? 0 ? x x ? ? ? 0 ? 0 0 ? ? ? ? 0 0 ? x ? 0 x ? 0 ? 0 0 ? ? 0 0 0 0 0 0 ? ? ? ? ? ? x ? ? ? ? 0 ? x ? ? 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\.net clr data\linkage::export .NET CLR Data RegNtPreCreateKey
HKLM\system\controlset001\services\.net clr networking\linkage::export .NET CLR Networking RegNtPreCreateKey
HKLM\system\controlset001\services\.net data provider for oracle\linkage::export .NET Data Provider for Oracle RegNtPreCreateKey
HKLM\system\controlset001\services\.net data provider for sqlserver\linkage::export .NET Data Provider for SqlServer RegNtPreCreateKey
HKLM\system\controlset001\services\msdtc bridge 3.0.0.0\linkage::export MSDTC Bridge 3.0.0.0 RegNtPreCreateKey
HKLM\system\controlset001\services\servicemodelendpoint 3.0.0.0\linkage::export ServiceModelEndpoint 3.0.0.0 RegNtPreCreateKey
HKLM\system\controlset001\services\servicemodeloperation 3.0.0.0\linkage::export ServiceModelOperation 3.0.0.0 RegNtPreCreateKey
HKLM\system\controlset001\services\servicemodelservice 3.0.0.0\linkage::export ServiceModelService 3.0.0.0 RegNtPreCreateKey
HKLM\system\controlset001\services\smsvchost 3.0.0.0\linkage::export SMSvcHost 3.0.0.0 RegNtPreCreateKey
HKLM\system\controlset001\services\windows workflow foundation 3.0.0.0\linkage::export Windows Workflow Foundation 3.0.0.0 RegNtPreCreateKey
Show More
HKLM\system\controlset001\services\bits\performance::1008 ਠ鎌ᆫǜ RegNtPreCreateKey
HKLM\system\controlset001\services\msdtc\performance::1009 ṯ鎟ᆫǜ RegNtPreCreateKey
HKLM\system\controlset001\services\msdtc\performance::disable performance counters  RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
Show More
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenPrivateNamespace
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueryWnfStateNameInformation
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetSystemInformation
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUnsubscribeWnfStateChange
  • ntdll.dll!NtUpdateWnfStateData
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Anti Debug
  • IsDebuggerPresent

Trending

Most Viewed

Loading...