SecuriteInfo[.]com[.]Win32[.]PWSX-gen[.]16770[.]26321

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.PWSX-gen.16770.26321
Size

189KB
MD5

b794418cce0beacb8eab531605e194b7
SHA1

859a978d7252563cffd21140a6869f0f685f8f6d
SHA256

a94ed8371035cbc5f21d14be02444b5d85cf2d4feeba9a869ec3a446222721df
SHA512

faffc010ac7a8fdf9159b3b3d5754526c3bf9859746ede2979c5dcaeeabae49c6ab65789968967e23a994e8c092873aa69642070bb9f014f98c9a03f0dcc0644
SSDEEP

3072:dvYj4niJm88KBNW6scNkdDsodx6C2gE2Y7rn+/CYUJlx6:dW/m88KnW6Bk7jv2wYHn9H6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Win32.PWSX-gen.16770.26321

Files

SecuriteInfo.com.Win32.PWSX-gen.16770.26321
.exe windows:6 windows x86 arch:x86

514246b26cc42ae53e2b91f498f2884e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmIsUIMessageA
ImmRegisterWordA
ImmGetIMEFileNameW
ImmGetIMEFileNameA
ImmCreateContext
ImmGetIMCLockCount
ImmGetDefaultIMEWnd

kernel32

VirtualAlloc
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LoadLibraryExW
HeapReAlloc
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WriteFile
GetModuleFileNameW
GetFileType
GetStdHandle
GetCurrentThreadId
GetProcessHeap
HeapSize
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
GetStartupInfoW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetLastError
HeapFree
RaiseException
RtlUnwind
GetCommandLineW
GetCPInfo
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

winspool.drv

DeleteMonitorW
DeletePrintProvidorW
GetPrinterDriverDirectoryA
GetFormW

mswsock

GetNameByTypeW
TransmitFile
SetServiceA
AcceptEx
dn_expand
GetNameByTypeA
getnetbyname
GetServiceA
rcmd
s_perror
EnumProtocolsW
GetServiceW
GetAddressByNameW
GetAddressByNameA

mpr

WNetDisconnectDialog1A
WNetConnectionDialog1W
WNetGetUserA
WNetGetConnectionA
WNetGetResourceInformationW
WNetGetUniversalNameW

oleaut32

LPSAFEARRAY_Marshal
VariantCopy
SafeArrayGetDim
VarImp
VarCyFromR4
VarI2FromBool
VarDecFromI4
VarBoolFromI2
VarDecFromR4
SafeArrayGetIID

resutils

ResUtilPropertyListFromParameterBlock
ResUtilResourcesEqual
ResUtilSetBinaryValue
ClusWorkerTerminate

wsock32

recv
WSAIsBlocking
WSAAsyncGetHostByName
getsockname

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

514246b26cc42ae53e2b91f498f2884e

Headers

DLL Characteristics

File Characteristics

Imports

imm32

kernel32

winspool.drv

mswsock

mpr

oleaut32

resutils

wsock32

Sections

.text Size: 140KB - Virtual size: 140KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 13KB - Virtual size: 21KB

.text
Size: 140KB - Virtual size: 140KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 13KB - Virtual size: 21KB