SecuriteInfo[.]com[.]Trojan[.]Loader[.]1689[.]4082[.]30490

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.Loader.1689.4082.30490
Size

126KB
MD5

afc9661c91e47851309ffb6d42444537
SHA1

ef3e5acf3a454ae51295f29b03f6c5b04af58c1a
SHA256

7243499e498823d1f6db5407ceea0f12e009bfa837f9355fd7bfd94af94b9b53
SHA512

b77a37cab794c77c7e1ef5703504661498ebb3a8fbe2964d0aed0bb9916b538d92fc3d2943a6fadafab29b56476751d840ff0a6d94637713af9bb36cc45a6cb0
SSDEEP

3072:a8BP7n0dUfLn8bGRmH8/hRtp+XIosUHqdtSY6:o+fgaRA8/hRtIVs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.Loader.1689.4082.30490

Files

SecuriteInfo.com.Trojan.Loader.1689.4082.30490
.dll windows x86

0b8af3550b5710c15669b5b350fa662d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathCreateFromUrlW
SHRegWriteUSValueA
PathRemoveExtensionW
PathMatchSpecW
StrDupW
PathParseIconLocationA

kernel32

GetLocaleInfoEx
CompareStringEx
GetModuleHandleW
GetProcAddress
GetDateFormatEx
GetTimeFormatEx
HeapSize
LoadLibraryW
OutputDebugStringW
WriteConsoleW
SetStdHandle
GetUserDefaultLocaleName
SetFilePointerEx
GetStringTypeW
SetConsoleCtrlHandler
LoadLibraryExW
FreeLibrary
InterlockedExchange
HeapReAlloc
HeapAlloc
GetProcessHeap
GetModuleFileNameW
GetConsoleMode
GetConsoleCP
WriteFile
LCMapStringEx
IsValidLocaleName
EnumSystemLocalesEx
CloseHandle
FlsSetValue
FlushFileBuffers
RtlUnwind
WideCharToMultiByte
InitOnceExecuteOnce
GetFileType
GetStdHandle
GetCurrentThreadId
GetCurrentThread
SetLastError
GetCPInfo
GetOEMCP
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
CreateFileW
FlsFree
GetCurrentProcess
TerminateProcess
GetStartupInfoW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FatalAppExitA
GetLastError
HeapFree
Sleep
InterlockedDecrement
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
InterlockedIncrement
IsValidCodePage
GetACP

wininet

FindFirstUrlCacheEntryExW
InternetErrorDlg
FindNextUrlCacheEntryW
InternetGetCookieW
InternetTimeToSystemTime
CreateUrlCacheEntryW
CommitUrlCacheEntryA
InternetFindNextFileW

oleaut32

VarCyMul
VarR4FromUI1
VarBstrFromUI4
OleSavePictureFile
VarAdd
VarCat
SysReAllocStringLen

rtm

RtmLookupIPDestination
MgmDeRegisterMProtocol
MgmGetNextMfe

crypt32

CryptDecryptMessage
CertAddEncodedCertificateToStore
CryptRegisterDefaultOIDFunction
CertComparePublicKeyInfo

wsnmp32

ord503
ord302
ord900
ord502
ord605

setupapi

SetupGetMultiSzFieldW
SetupDiGetINFClassA
SetupDecompressOrCopyFileA
SetupSetSourceListW

Exports

Exports

HvTkcoed

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0b8af3550b5710c15669b5b350fa662d

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

wininet

oleaut32

rtm

crypt32

wsnmp32

setupapi

Exports

Exports

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 10KB

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 10KB