Threat Database Trojans Trojan.Rozena.M

Trojan.Rozena.M

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Rozena.M
Signature status: No Signature

Known Samples

MD5: 28485bc1f3ec2626934cdcf5cae69968
SHA1: 7f941fccf44aa4277114c2e31db819929f0cc6c3
SHA256: 269960228FC367B1383C503916B2FD72016E76A0A892CE30061EB1AD476B6D43
File Size: 408.88 KB, 408882 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
File Description CORE-X-Convert
File Version 1.8.2.00
Product Name CORE-X-Convert
Product Version 1.8.2.00

File Traits

  • Installer Manifest
  • nosig nsis
  • Nullsoft Installer
  • x86

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation

Trending

Most Viewed

Loading...