DaemonClaw exe Trojan Znyonm File Malware Analysis: 5c328ec9fc7c16af454a43ff5c68fe30

DaemonClaw.exe Trojan Znyonm Analysis

Updated 1 year ago

Checked by Malaware Check

DaemonClaw.exe

Hash Type	Value	Action
MD5	5c328ec9fc7c16af454a43ff5c68fe30
SHA1	bc4527ed1fd7dc436c362be6f6b5232d043d5f49
SHA256	8d737c5273782bee9081f555051fc33014afd83cd587c2a257b810626722218b
SHA512	682b92e74b58a408c5ad36edb57b1162676f0b4a775cbba4d04b4aebced6cde5d328c254dd083fe947647822c561c9405138d5e7b70dc1edf7a57fc7e5fe2c84
ImpHash	f18952a1b4265d767ec0bab410377559

Hash Type

Value

Action

MD5

5c328ec9fc7c16af454a43ff5c68fe30

SHA1

bc4527ed1fd7dc436c362be6f6b5232d043d5f49

SHA256

8d737c5273782bee9081f555051fc33014afd83cd587c2a257b810626722218b

SHA512

682b92e74b58a408c5ad36edb57b1162676f0b4a775cbba4d04b4aebced6cde5d328c254dd083fe947647822c561c9405138d5e7b70dc1edf7a57fc7e5fe2c84

ImpHash

f18952a1b4265d767ec0bab410377559

PE Analysis

Basic Information

▼

Icon	Hash: c78ea2e284ddc9feb131b0bb9b0335f2 Fuzzy: 359bb7409f6d66c2043431322b378e73 dHash: 70f0b23319aecc70
Image Base	`0x140000000`
Entry Point	`0x1401452c0`
Compilation Time	2023-05-07 05:00:00
Checksum	0x00000000 (Actual: 0x0023e7c0)
OS Version	5.2
PEiD Signatures	`PE32+ executable (GUI) x86-64, for MS Windows`
PDB Path	`E:\nw85_sdk_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdb`
Digital Signature	The PE file does not contain a certificate table.
Imports	4 libraries nw_elf, KERNEL32, VERSION, ntdll
Exports	3 functions
Resources	62 Resources
Sections	13 Sections

Version Information

▼

CompanyName	The NW.js Community
FileDescription	nwjs
FileVersion	0.85.0
InternalName	nw_exe
LegalCopyright	Copyright 2023, The NW.js community and The Chromium Authors. All rights reserved.
OriginalFilename	nw.exe
ProductName	nwjs
ProductVersion	0.85.0
CompanyShortName	nwjs.io
ProductShortName	nwjs
LastChange	0000000000000000000000000000000000000000-0000000000000000000000000000000000000000
Translation	0x0409 0x04b0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	1,567,832 bytes	1,568,256 bytes	6.54 (Compressed)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`F7FABD42E741B3786FAD91855E2B25CF`
`.rdata`	`0x00180000`	259,204 bytes	259,584 bytes	5.91 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`5C1B2023A64E7C37DA18CD7367A0E9CE`
`.data`	`0x001c0000`	42,384 bytes	17,920 bytes	3.04 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`3F6AE5FDEAEE7B2397C655AC64501BD8`
`.pdata`	`0x001cb000`	61,164 bytes	61,440 bytes	5.99 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`AE937B998ACE42C5436031ABEDA35FA9`
`.gxfg`	`0x001da000`	11,856 bytes	12,288 bytes	5.11 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`4EC578B1EC89E882AFA14560783DD61B`
`.retplne`	`0x001dd000`	168 bytes	512 bytes	1.32 (Normal)	`0x00000000`	`5ECCA2C6EA1D296F112E2A3940D7AF4A`
`.tls`	`0x001de000`	531 bytes	1,024 bytes	0.21 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`B975BBE1F330B7A699D04CF9E069F382`
`.voltbl`	`0x001df000`	68 bytes	512 bytes	1.14 (Normal)	`0x00000000`	`3E0C0EC85F664161CF947E236F80C926`
`CPADinfo`	`0x001e0000`	56 bytes	512 bytes	0.12 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`60D3EA61D541C9BE2E845D2787FB9574`
`_RDATA`	`0x001e1000`	244 bytes	512 bytes	2.45 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`46BA4075596D5633861C2AEEB8156FF3`
`malloc_h`	`0x001e2000`	304 bytes	512 bytes	4.42 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`1DFF7F77A7F6C1CF22E6EF94BB666793`
`.rsrc`	`0x001e3000`	379,416 bytes	379,904 bytes	4.71 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`59D45FD1B01C3F36C01693DEDD4F772E`
`.reloc`	`0x00240000`	8,512 bytes	8,704 bytes	5.42 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`12C03C9188DF48FE9AD95160A0F6D644`

Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 62 (375,883 bytes)

Resource Type	Count	Total Size	Percentage
GOOGLEUPDATEAPPLICATIONCOMMANDS	1	4 bytes	0%
RT_CURSOR	23	56,516 bytes	15%
RT_ICON	12	316,655 bytes	84.2%
RT_GROUP_CURSOR	21	448 bytes	0.1%
RT_GROUP_ICON	3	186 bytes	0%
RT_VERSION	1	1,096 bytes	0.3%
RT_MANIFEST	1	978 bytes	0.3%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

File Name	DaemonClaw.exe
File Type	PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version	1.0.172.174
Database Version	2024-04-25 11:00:38 UTC

DaemonClaw.exe Trojan Znyonm Analysis

Technical Analysis

Trojan.Win64.Znyonm.oa!s1

Scan Another File

File Identification