Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Heracles.E

Trojan.MSIL.Heracles.E

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 4,653
Threat Level: 80 % (High)
Infected Computers: 3,499
First Seen: October 22, 2021
Last Seen: April 28, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.MSIL.Heracles.E
Signature status: No Signature

Known Samples

MD5: 653b60068eec2e63bf581dac36c8922b
SHA1: b3b9d0beb6640a09f3f1349a20d54f7489d73c40
SHA256: E06F93ABFCB86D7A4710E277D08FCF998ADC8880ACBB2B5C935C934292D6C485
File Size: 72.19 KB, 72192 bytes
MD5: 8985d75f397cb53885d4f2db98d2f029
SHA1: 468c90439576d5a073ab14b46a0fdd6a269f2c2b
SHA256: 570ABA477586E259AEA223A20EFAB7148FF67E33866AB9E42818C96419769F48
File Size: 204.29 KB, 204288 bytes
MD5: e422a9ed00759db547d4b9fb6af383c0
SHA1: a37df03f6f3c68e3339d4edb65a6295844d04261
SHA256: D29B96215A70F1A3E5222FD6A794CA5DC1769F94476D99AA191BD27F4F213655
File Size: 288.39 KB, 288392 bytes
MD5: bb1ead1952619f25f78b537c5f699e45
SHA1: 894b20abd172de3cedb56998d6660a41610f5f69
SHA256: 8FF420665335738E1D57361B46F51087FC0ECAAB50E0A2A04CB1E31CAAF7B6DC
File Size: 69.12 KB, 69120 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 10.5.1.0
  • 1.0.15602.0
  • 1.0.0.0
  • 0.0.22.0
Comments
  • Ads-Killer for Paltalk Messenger. Blocks and Kills Ads on all Builds
  • Makes SAI Production Suite running :-))
Company Name
  • China-Cheats Team
  • Cracker: Ponos
  • detectomat GmbH
  • Metasoft
File Description
  • Ads-Killer
  • Production Suite Scanner 10.5.1 Build 1806
  • SteuerungenSimulation
  • TCommander.Crosscutting.Core
File Version
  • 10.5.1.0
  • 1.0.15602.0
  • 1.0.0.0
  • 0.0.22.0
Internal Name
  • Ads-Killer.exe
  • dpt3500.detectomat.dpt.SteuerungenSimulationV1.dll
  • Production Suite Scanner 10.5.1 Build 1806.exe
  • TCommander.Crosscutting.Core.dll
Legal Copyright
  • Copyright © 2013
  • Copyright © 2014 - China-Cheats.com
  • Copyright © detectomat 2014
  • Copyright © Metasoft 2017
Original Filename
  • Ads-Killer.exe
  • dpt3500.detectomat.dpt.SteuerungenSimulationV1.dll
  • Production Suite Scanner 10.5.1 Build 1806.exe
  • TCommander.Crosscutting.Core.dll
Product Name
  • Ads-Killer
  • dpt
  • Production Suite Scanner 10.5.1
  • TCommander.Crosscutting.Core
Product Version
  • 10.5.1.0
  • 1.0.15602.0
  • 1.0.0.0
  • 0.0.22.0

File Traits

  • .NET
  • 2+ executable sections
  • dll
  • HighEntropy
  • RijndaelManaged
  • SmartAssembly
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 262
Potentially Malicious Blocks: 6
Whitelisted Blocks: 221
Unknown Blocks: 35

Visual Map

0 ? 0 0 0 ? 0 ? ? 0 0 0 0 0 0 ? 0 0 0 0 ? 0 ? x x 0 ? ? ? ? ? 0 ? 0 0 0 ? x x 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? 0 0 0 ? ? 0 ? x 0 ? ? ? x 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
Show More
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN
User Data Access
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Anti Debug
  • NtQuerySystemInformation

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\894b20abd172de3cedb56998d6660a41610f5f69_0000069120.,LiQMAxHB

Trending

Most Viewed

Loading...