SecuriteInfo[.]com[.]Trojan[.]Loader[.]1684[.]12295[.]4048

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.Loader.1684.12295.4048
Size

44KB
MD5

a045c9df7ea13482def712a8d0ed1ee7
SHA1

3cf372ad7b704e888a74c572d173d876bce6c87b
SHA256

b34ef16461be2e9d44e9f77a63c6d46b90dc091ee78ff28af045f1d3ec8fa1b4
SHA512

816cee5089ee1b0a13203dc5406c447e655315844bbe3bdac2ca6f4ea4a39a33119493cbb912d17f15da5652aedba0332fda0aeb3423ea4d1fbdd06fcdcf502e
SSDEEP

768:/VLQDmPDEVplA3jQYubJyqzvDAONtOEJVNnHCd3So9OZR++zRhtiOz1vm+Ydj:/VsDmPDwAz/q70ONwEJVNASoEfhtiOJQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.Loader.1684.12295.4048

Files

SecuriteInfo.com.Trojan.Loader.1684.12295.4048
.dll windows x86

d8ce9fc3542a0847823df385d3c8424f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
malloc
memcpy
memset
printf

kernel32

GetProcAddress
GetModuleHandleW

gdi32

CreateBitmapIndirect
ExtEscape
GetTextExtentPointA
GetTextCharsetInfo
SelectPalette
GetLayout
CombineTransform
gdiPlaySpoolStream
GetWorldTransform

rpcrt4

CStdStubBuffer_IsIIDSupported
I_RpcSend
CStdStubBuffer_QueryInterface
I_RpcTransIoCancelled
RpcMgmtSetServerStackSize

mpr

WNetGetResourceInformationW
WNetCancelConnection2W
WNetCancelConnection2A
WNetGetConnectionW
WNetAddConnection3A
WNetOpenEnumW
WNetGetLastErrorA
WNetAddConnectionW

wininet

FindNextUrlCacheEntryExW
FtpGetCurrentDirectoryW
GetUrlCacheEntryInfoExW
DeleteUrlCacheEntry

ws2_32

getservbyname
WSACreateEvent
WSALookupServiceBeginA
WSAAsyncGetProtoByNumber
WSAGetServiceClassInfoA
WSARemoveServiceClass
WSASendDisconnect
WSAGetLastError

msi

ord54
ord16
ord129
ord78
ord95
ord73
ord125
ord65
ord157

urlmon

CoInternetParseUrl
CreateFormatEnumerator
HlinkGoBack
HlinkGoForward
FindMimeFromData
SetSoftwareUpdateAdvertisementState
HlinkSimpleNavigateToMoniker

winmm

mmioOpenA
midiStreamOpen
timeGetDevCaps
midiInGetDevCapsW
midiOutGetVolume
WOW32DriverCallback
midiInGetNumDevs
mmioGetInfo
midiInPrepareHeader
joyGetNumDevs
midiOutGetDevCapsW
waveInGetErrorTextA
waveInGetErrorTextW
midiStreamPosition

Exports

Exports

HvTkcoed

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d8ce9fc3542a0847823df385d3c8424f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

gdi32

rpcrt4

mpr

wininet

ws2_32

msi

urlmon

winmm

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 256B

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 256B