Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Heracles.YE

Trojan.MSIL.Heracles.YE

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.MSIL.Heracles.YE
Signature status: No Signature

Known Samples

MD5: 0110add815e924c4da617fa60e4c2cf1
SHA1: 649cfcb6e6c86014570666fe6b3ac5087ae4cf10
SHA256: 89BD93F5D70BD9E4C9619F51786D3566F3758D50CE405325ED112A9EAF1AEA7F
File Size: 9.46 MB, 9457152 bytes
MD5: f145af39a0bd1fe3fa199fce567b8dd7
SHA1: 04ee056ae715c5ff7e23b73a99600f67df63b9bd
SHA256: EBD0D19A6FAB4306027FCB3FBD5CD6E146595E3ED1A2C910030A23D2A65057E6
File Size: 8.45 MB, 8447550 bytes
MD5: f4b4c99dcf304a672a0ed4d16014bfa9
SHA1: a5719d65bf4d2791d03bebdb76ce2901aefff47b
SHA256: 2C118CE9250AE9FFB95E9C5B3A18A4A94ADDC82F32EC56D28B20056FC5C1B663
File Size: 7.53 MB, 7527660 bytes
MD5: ab1adea7856532d9e49c35d5fde303f2
SHA1: e14a59b8ee50647e37ad46addb0e06c3aa8b476c
SHA256: 06BEE243A9A4F4CD02F3FFE8B5FB3F0F848280B4F96880A9BC30664BA06AC912
File Size: 8.84 MB, 8836787 bytes
MD5: 665db85cc8b35041c80b036fdb532f51
SHA1: bca3b2accadbf8438d73b0d7327655f52ab60854
SHA256: 240772475556B1DD296338BED41B005D8655B34D94A54E83EBEA89DF5B1622E4
File Size: 8.83 MB, 8826880 bytes
Show More
MD5: e7da24902279eb005a7fa61043f3be88
SHA1: 69b9edb0e0dd7005d60683fa9744803dbd3bff61
SHA256: 066BC9386A74D5D03D6B82DA6C1A8B971BCABA663027AEDBFE907BF678C9C536
File Size: 7.46 MB, 7464448 bytes
MD5: 88599babd9df02422be1a8a9ac051352
SHA1: 4e17f22e3a3f2fdcb894c49f21fd14c0068b7b6b
SHA256: 80C535D696DF99D536875CE114F00340914F7F407CEEAC2E5B4FC9A111A65EE9
File Size: 6.36 MB, 6355304 bytes
MD5: ff34d6f994acf51ffd97cec3eeaccd75
SHA1: 94e029aad4804a9f78d341e285069f6e4617e4be
SHA256: D430677C6C2082C04456D9E13E1C1081F602F08843EBE59FD356FE683662B8AB
File Size: 7.05 MB, 7049955 bytes
MD5: 2a6315b78fcfa264027522e73c42f0ee
SHA1: 2f16f17dd79bbfdd4fefb97dd8eda8c68f411abd
SHA256: 814DDD49AEF0DBF1AD28CF758E969D8DC86B77F540116E4026E2B827030B9E8A
File Size: 6.32 MB, 6318893 bytes
MD5: c68fc4915dc96b8352bb18f1880dbdd0
SHA1: 215accbdbc5b0a27acd4476c91d890e2388a8de1
SHA256: B1603381AF961C7F6FF0FBE99219387559F409244122378BFDABE22E72BDA643
File Size: 8.40 MB, 8396882 bytes
MD5: 30e6d191d999e0506775b739ebc222a4
SHA1: 862a6ddaf5224d794d2e0acb935236d092e053ae
SHA256: 0E5D31C59AA4B34F560A67D56650C2C1D2F180B647C93CACA7D3899BBC1CA1BE
File Size: 7.45 MB, 7446092 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Comments
  • Dynamic AI that protects your productivity. Reliable suite that detects your performance. Reliable extension that analyzes your integration. Dynamic AI that protects your productivity. Reliable suite that detects your performance. Reliable extension that analyzes your integration. akinu_295 Dynamic AI that protects your productivity. Reliable suite that detects your performance. Reliable extension that analyzes your integration.
  • Reliable service that boosts your data. Versatile service that optimizes your data. Advanced technology that detects your integration. Reliable service that boosts your data. Versatile service that optimizes your data. Advanced technology that detects your integration. edo_2176 Reliable service that boosts your data. Versatile service that optimizes your data. Advanced technology that detects your integration.
  • Scalable assistant that enhances your speed. Dynamic platform that coordinates your analytics. Versatile interface that protects your automation. Scalable assistant that enhances your speed. Dynamic platform that coordinates your analytics. Versatile interface that protects your automation. uve_5705 Scalable assistant that enhances your speed. Dynamic platform that coordinates your analytics. Versatile interface that protects your automation.
Company Name
  • Dynamic AI that protects your productivity. Reliable suite that detects your performance. Reliable extension that analyzes your integration.
  • Reliable service that boosts your data. Versatile service that optimizes your data. Advanced technology that detects your integration.
  • Scalable assistant that enhances your speed. Dynamic platform that coordinates your analytics. Versatile interface that protects your automation.
File Description
  • algar Flaxman Flaxman knowle Impeachments Flaxman Causality Millenniums algar Flaxman Flaxman knowle Impeachments Flaxman Causality Millenniums algar Flaxman Flaxman knowle Impeachments Flaxman Causality Millenniums algar Flaxman Flaxman knowle Impeachments Flaxman Causality Millenniums
  • aveq_1103
  • Dacs toggled costly permutation aragon Perils Dacs detracting Bryan Dacs toggled costly permutation aragon Perils Dacs detracting Bryan Dacs toggled costly permutation aragon Perils Dacs detracting Bryan Dacs toggled costly permutation aragon Perils Dacs detracting Bryan
  • Glamorous Glamorous parliamentarian bonnier Deregulating Gaze Am Glamorous Deregulating gents bonnier parliamentarian Glamorous Glamorous parliamentarian bonnier Deregulating Gaze Am Glamorous Deregulating gents bonnier parliamentarian Glamorous Glamorous parliamentarian bonnier Deregulating Gaze Am Glamorous Deregulating gents bonnier parliamentarian Glamorous Glamorous parliamentarian bonnier Deregulating Gaze Am Glamorous Deregulating gents bonnier parliamentarian Glamorous Glamorous parliamentarian bonnier Deregulating Gaze Am Glamorous Deregulating gents bonnier parliamentarian Glamorous Glamorous parliamentarian bonnier Deregulating Gaze Am Glamorous Deregulating gents bonnier parliamentarian Glamorous Glamorous parliamentarian bonnier Deregulating Gaze Am Glamorous Deregulating gents bonnier parliamentarian
  • Havard Namers regurgitates merchandising ripens knead barre Havard cranium Havard Namers regurgitates merchandising ripens knead barre Havard cranium Havard Namers regurgitates merchandising ripens knead barre Havard cranium Havard Namers regurgitates merchandising ripens knead barre Havard cranium
  • ikea Teri Galaxies Teri nd ikea concessionary Safeties concessionary nd advisers advisers ikea Teri Galaxies Teri nd ikea concessionary Safeties concessionary nd advisers advisers ikea Teri Galaxies Teri nd ikea concessionary Safeties concessionary nd advisers advisers ikea Teri Galaxies Teri nd ikea concessionary Safeties concessionary nd advisers advisers
  • juleps Millon accompanist bebel Laughed moneys moneys whittaker Deviating accompanist juleps inexperience Wheaton Jib juleps Millon accompanist bebel Laughed moneys moneys whittaker Deviating accompanist juleps inexperience Wheaton Jib juleps Millon accompanist bebel Laughed moneys moneys whittaker Deviating accompanist juleps inexperience Wheaton Jib juleps Millon accompanist bebel Laughed moneys moneys whittaker Deviating accompanist juleps inexperience Wheaton Jib
  • nug_1405
  • ramu_5528
  • scammell inventive Pluribus inventive surroundings informal Culinary avedon Spells inventive Inserted Frequents surroundings adverts scammell inventive Pluribus inventive surroundings informal Culinary avedon Spells inventive Inserted Frequents surroundings adverts scammell inventive Pluribus inventive surroundings informal Culinary avedon Spells inventive Inserted Frequents surroundings adverts scammell inventive Pluribus inventive surroundings informal Culinary avedon Spells inventive Inserted Frequents surroundings adverts
Show More
  • stevens conforming stevens Gayness Gayness Lo sniped stevens Bullfights census sniped Gayness stevens conforming stevens Gayness Gayness Lo sniped stevens Bullfights census sniped Gayness stevens conforming stevens Gayness Gayness Lo sniped stevens Bullfights census sniped Gayness stevens conforming stevens Gayness Gayness Lo sniped stevens Bullfights census sniped Gayness
File Version
  • 9.6.8.96
  • 9.5.8.19
  • 8.8.4.168
  • 8.6.5.178
  • 7.6.8.40
  • 5.8.6.77
  • 4.4.3.64
  • 1.3.6.189
  • 1.0.0.0
Internal Name
  • akinu_295.exe
  • edo_2176.exe
  • uve_5705.exe
Legal Copyright
  • 2025 Glamorous
  • Copyright © 2025
  • Dewar
  • Galaxies
  • Jib
  • Millenniums
  • Namers
  • Outbreaks
  • Pluribus
Original Filename
  • akinu_295.exe
  • Dewar
  • edo_2176.exe
  • Galaxies
  • Glamorous.exe
  • Jib
  • Millenniums
  • Namers
  • Outbreaks
  • Pluribus
Show More
  • uve_5705.exe
Product Name
  • aveq_1103
  • Dewar
  • Galaxies
  • Glamorous
  • Jib
  • Millenniums
  • Namers
  • nug_1405
  • Outbreaks
  • Pluribus
Show More
  • ramu_5528
Product Version
  • 9.6.8.96
  • 9.5.8.19
  • 8.8.4.168
  • 8.6.5.178
  • 7.6.8.40
  • 5.8.6.77
  • 4.4.3.64
  • 1.3.6.189
  • 1.0.0.0

File Traits

  • .NET
  • HighEntropy
  • x86

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa51bc.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb43e7.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskd096.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna8bf.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqbe06.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsse17e.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv41a5.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx9523.tmp\nsexec.dll Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ณ詚谯ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ኳ룧鎷ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 潴踽镝ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䰝隍飲ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 믬냦ꋌǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㪈꟡ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Anti Debug
  • IsDebuggerPresent
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ZwMapViewOfSection
Process Shell Execute
  • CreateProcess

Shell Command Execution

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Jzwuefna\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Xeaxopcm\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Gnvkurpa\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Oyxjswrp\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Gluqdbkc\AppData\Local\""
Show More
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Uawbzybe\AppData\Local\""
powershell -Command "Add-MpPreferencaY23a1aY23a1 -ExclusionPath \"C:\Users\Wenbvarw\AppData\Local\""
powershell -Command "Add-MpPreferencaS95a1aS95a1 -ExclusionPath \"C:\Users\Tasnrpla\AppData\Local\""

Trending

Most Viewed

Loading...