SecuriteInfo[.]com[.]Trojan-Dropper[.]Win32[.]Small[.]20398[.]15794[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Trojan-Dropper.Win32.Small.20398.15794.exe
Size

3.0MB
MD5

f027c23da36d00edf4d880050c7950b3
SHA1

51608e84f6220dc779bda6c9a6a6115279c32a5f
SHA256

8f656f5dc635a4269bda0853043fd939aa2ddefa40d9d56c55f9d7e5319a85f2
SHA512

ab318a1e463aa5cc54e51f56bc27ae9e1bd1eb7a0c9d0775c2b11567c2e93c127d2267c598606a64aa87faf203545d56f4b9b8c51d1041777cc0472964e885ef
SSDEEP

24576:+b3ERl7Tc2BkI2iIPGxg0C9QJECee3JoVy/WMyQDYwjx7NDUT9/rN+XAPQmXu:aURb2/cDeeWNMZUJ2m+

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.Trojan-Dropper.Win32.Small.20398.15794.exe
.exe windows x86

5bb79a6caa12076a6d140085cb53892e

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:c1:a7:98:b8:75:89:43:35:c7:8c:dd:bf:05:cb:ff
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02-02-2006 00:00

Not After

04-04-2007 23:59

Subject

CN=Sysinternals,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarters,O=Sysinternals,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e0:91:38:1e:32:35:a9:6a:0b:51:eb:fb:07:14:1e:ed:f1:7a:b2:1b
Signer

Actual PE Digest

e0:91:38:1e:32:35:a9:6a:0b:51:eb:fb:07:14:1e:ed:f1:7a:b2:1b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntoskrnl.exe

ObQueryNameString
ZwClose
ZwDuplicateObject
ZwOpenProcess
KeDetachProcess
ObfDereferenceObject
ObReferenceObjectByHandle
KeAttachProcess
PsLookupProcessByProcessId
MmIsAddressValid
ObOpenObjectByPointer
ZwQueryInformationProcess
NtBuildNumber
RtlUnicodeStringToAnsiString
IofCompleteRequest
SeReleaseSubjectContext
SePrivilegeCheck
ExGetPreviousMode
SeCaptureSubjectContext
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
ExAllocatePoolWithTag
RtlUnwind
strncpy
ZwOpenProcessToken
RtlFreeAnsiString

hal

KfLowerIrql
KfRaiseIrql

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 864B - Virtual size: 856B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 320B - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bb79a6caa12076a6d140085cb53892e

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

75:c1:a7:98:b8:75:89:43:35:c7:8c:dd:bf:05:cb:ffCertificate

Extended Key Usages

Key Usages

e0:91:38:1e:32:35:a9:6a:0b:51:eb:fb:07:14:1e:ed:f1:7a:b2:1bSigner

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 3KB - Virtual size: 3KB

INIT Size: 864B - Virtual size: 856B

.rsrc Size: 896B - Virtual size: 896B

.reloc Size: 320B - Virtual size: 302B

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

75:c1:a7:98:b8:75:89:43:35:c7:8c:dd:bf:05:cb:ff
Certificate

e0:91:38:1e:32:35:a9:6a:0b:51:eb:fb:07:14:1e:ed:f1:7a:b2:1b
Signer

.text
Size: 3KB - Virtual size: 3KB

INIT
Size: 864B - Virtual size: 856B

.rsrc
Size: 896B - Virtual size: 896B

.reloc
Size: 320B - Virtual size: 302B