SecuriteInfo[.]com[.]Trojan[.]Win32[.]Lokibot[.]DECC[.]MTB[.]3873[.]4739[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.Win32.Lokibot.DECC.MTB.3873.4739.dll
Size

49KB
MD5

39be1e514275c927d27bc00bf520f8f3
SHA1

0150c263af5879339746aed427360da01f7ffb4e
SHA256

174f7b02bab7fd2ccf3cb8018c1b03e851bea9f91b013098330d18105892c450
SHA512

bc82ae7d8a0d44ab7b376f373745514eb76087ea458c22106f5517f3eba4a6d274eb428acf5b01f843e4f26cfb726cf2c77236d72dff9042f2aa4f3f887334e5
SSDEEP

768:mkJvh5T+EKFW2J9A6UbYqrE7KWANK+IsQymdjHTtB077wSoSK:3JvGNjMUQkHTtBPSZK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.Win32.Lokibot.DECC.MTB.3873.4739.dll

Files

SecuriteInfo.com.Trojan.Win32.Lokibot.DECC.MTB.3873.4739.dll
.dll windows x86

b75316755c341c81f20ea9365d85eda8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
Sleep
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringEx
HeapSize
LoadLibraryW
OutputDebugStringW
GetStringTypeW
HeapReAlloc
HeapAlloc
RtlUnwind
LoadLibraryExW
GetModuleFileNameW
WriteFile
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCommandLineA
GetCurrentThreadId
GetLastError
SetLastError
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
CreateFileW

comdlg32

PrintDlgW
PrintDlgExA
GetOpenFileNameW
GetOpenFileNameA

rtutils

MprSetupProtocolFree
TracePrintfExW
RouterLogDeregisterW
TraceDeregisterExW
TraceGetConsoleA
TracePutsExW

mapi32

ord180
ord44
ord22
ord53
ord43

rtm

MgmGetFirstMfe
MgmInitialize

ws2_32

WSALookupServiceNextA
WSAJoinLeaf
closesocket
WSAAsyncGetServByName
WSAEnumProtocolsW
WSADuplicateSocketA
WSAHtonl
WSALookupServiceBeginW
WSAAccept

wlanapi

WlanConnect
WlanQueryInterface
WlanEnumInterfaces
WlanCloseHandle
WlanDisconnect
WlanFreeMemory
WlanOpenHandle

Exports

Exports

HvTkcoed
_wifi_cleanup@0
_wifi_connect@8
_wifi_disconnect@0
_wifi_get_signal_strength@0
_wifi_initialize@0

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b75316755c341c81f20ea9365d85eda8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comdlg32

rtutils

mapi32

rtm

ws2_32

wlanapi

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 9KB - Virtual size: 16KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 9KB - Virtual size: 16KB

.reloc
Size: 3KB - Virtual size: 3KB