SecuriteInfo[.]com[.]Win32[.]TrojanX-gen[.]16641[.]14472

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Win32.TrojanX-gen.16641.14472
Size

68KB
MD5

2b983ecbf9901b06b6e91a8fdbe21a28
SHA1

547eae14097c6ecedf3529d90f9db02223400926
SHA256

fbb1aff6a6d2ffb62e4173f4c313f0e480a8d52a53398829369f763e2cd674e1
SHA512

c2c07170da84b19ae08183b7be741a4e770ed0cf19955eda5eade0862481017b9e5c8350ce2d6bf2e0a352592bb1babb2a259bb3922c90d6aeb7412eecf020e8
SSDEEP

768:wTr4XWSGvSewnYVLx60SAbkR5XIJn8kEV9tNk8A+Q5bYWrLEWWHNKaqX3GqXyfdl:wgBG6wdVSGSXSOUXZP2rFaxTtBqgg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Win32.TrojanX-gen.16641.14472

Files

SecuriteInfo.com.Win32.TrojanX-gen.16641.14472
.dll windows x86

b64ce983d84fce30f9137da1f913d5f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindNextComponentW
StrCpyW
PathRemoveArgsA
SHQueryInfoKeyW
SHRegEnumUSValueA

kernel32

GetCurrentThreadId
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
CancelIo
SetProcessPriorityBoost
GetNamedPipeInfo
SignalObjectAndWait
ReadFile
SetCalendarInfoW
PeekNamedPipe
GetDiskFreeSpaceExW
Sleep
GetCurrentProcess
VirtualProtect
EnumSystemCodePagesW
K32GetProcessMemoryInfo
GetConsoleCP
FlushFileBuffers
LCMapStringEx
HeapSize
LoadLibraryW
OutputDebugStringW
GetStringTypeW
HeapReAlloc
HeapAlloc
RtlUnwind
LoadLibraryExW
GetModuleFileNameW
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
TerminateProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapFree
GetModuleFileNameA
GetStartupInfoW
InitOnceExecuteOnce
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCommandLineA
CreateFileW
EncodePointer
GetLastError
SetLastError
InterlockedIncrement
InterlockedDecrement
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType

mscms

CheckBitmapBits
GetPS2ColorRenderingIntent
DisassociateColorProfileFromDeviceA
ord1
GetStandardColorSpaceProfileA
SetColorProfileElementReference
TranslateBitmapBits
GetColorDirectoryA

winspool.drv

ord207
OpenPrinterW
EndPagePrinter
AddPrintProvidorA
EnumMonitorsA
EnumMonitorsW
ResetPrinterW
EnumPortsW
EnumPrinterKeyA

oleaut32

SysAllocString
VariantCopyInd
CreateDispTypeInfo
VectorFromBstr

wsock32

ord1120
gethostbyname
ntohl
WSAIsBlocking
ord1105
WSACancelAsyncRequest
ord1141
MigrateWinsockConfiguration
__WSAFDIsSet
ord1103

pdh

PdhGetFormattedCounterValue
PdhCloseQuery
PdhCollectQueryData
PdhOpenQueryA
PdhGetDefaultPerfCounterA
PdhUpdateLogFileCatalog
PdhIsRealTimeQuery
PdhOpenQueryW
PdhAddCounterW

msi

ord85
ord89
ord53
ord27
ord82
ord78

Exports

Exports

JKbtgdfd
_GetCPUUsage@0
_GetDiskIOUsage@0
_GetDiskUsage@0
_GetMemoryUsage@0
_GetNetworkUsage@0

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b64ce983d84fce30f9137da1f913d5f7

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

mscms

winspool.drv

oleaut32

wsock32

pdh

msi

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 10KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 10KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB