SecuriteInfo[.]com[.]Win32[.]TrojanX-gen[.]29424[.]21595[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.TrojanX-gen.29424.21595.exe
Size

298KB
MD5

2e7dcc9c6f336cd6352f2da45de28d00
SHA1

ca23f4532ec078d757aa90d0f4018ee86c25e8f1
SHA256

4d4ea573023a4362be5fd6780672f4af67c2c7ffae508888a7e6b89bbde11d21
SHA512

007499ca22cc3f2fd0da8448fec20e74d8c9ce8210d6c1c9e0726f571607d0a4097949ea2a9845be52eb6dfa8ce2a8d62c5125e7ce6d226e92ec68ce073a59c1
SSDEEP

6144:VYYpnug3+Fm1/BHIt0tuQ0NGbluRvjhBCtSt1tud7pIlZiSfcQ2yd5LXg:VYYpnuHFm1/BHItguQ0NGblut1jt1tu/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Win32.TrojanX-gen.29424.21595.exe

Files

SecuriteInfo.com.Win32.TrojanX-gen.29424.21595.exe
.exe windows:6 windows x86 arch:x86

0952fa0a4af71390e412a32cb229b819

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmUnregisterWordA
ImmRequestMessageA
ImmGetHotKey
ImmEnumRegisterWordA
ImmGetDefaultIMEWnd
ImmGetCandidateListCountW
ImmSetCompositionFontW
ImmShowSoftKeyboard

shlwapi

StrStrIA
SHIsLowMemoryMachine
SHRegCloseUSKey
PathFindNextComponentA
PathQuoteSpacesA
PathParseIconLocationW
SHCreateShellPalette
SHQueryInfoKeyA

kernel32

SetFilePointerEx
GetConsoleCP
VirtualAlloc
GetModuleHandleW
LoadResource
LockResource
SizeofResource
FindResourceW
FlushFileBuffers
ReadFile
ReadConsoleW
CreateFileW
CloseHandle
WriteConsoleW
GetFileSizeEx
GetConsoleMode
HeapReAlloc
HeapSize
SetConsoleCtrlHandler
GetProcessHeap
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
OutputDebugStringW
HeapAlloc
GetCurrentThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
GetLastError
InterlockedFlushSList
InterlockedPushEntrySList
DecodePointer
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter

gdi32

CloseMetaFile
AddFontResourceExA
EnumFontFamiliesW
EndDoc
PolyBezier
GetCharWidth32W

wsock32

ord1114
WSAAsyncGetProtoByName
WSAStartup
getsockopt
ord1111

wininet

FtpSetCurrentDirectoryA
InternetCreateUrlW
InternetAutodialHangup
FindNextUrlCacheEntryExA
InternetHangUp

shell32

SHGetDataFromIDListW
DragAcceptFiles
SHLoadInProc

winspool.drv

SplDriverUnloadComplete
AddPrinterDriverExW
FindClosePrinterChangeNotification
ScheduleJob
ord208
GetPrinterDataExA
FindFirstPrinterChangeNotification
DeletePrinterConnectionA

oleaut32

VarCyFromUI2
VarI2FromDec
VarFormatCurrency
VarCyFromDisp
VarUI2FromStr
VarUI1FromStr
SafeArrayGetElemsize
VarOr
VariantInit
VariantClear

resutils

ResUtilGetMultiSzProperty
ResUtilAddUnknownProperties
ResUtilFindSzProperty
ResUtilSetExpandSzValue
ResUtilSetBinaryValue
ResUtilSetDwordValue
ResUtilGetEnvironmentWithNetName
ResUtilStopService

user32

UpdateWindow
MessageBoxW
ShowWindow
GetMessageW
RegisterClassW
GetClientRect
PostQuitMessage
TranslateMessage
DispatchMessageW
CreateWindowExW
DefWindowProcW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

Sections

.text
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0952fa0a4af71390e412a32cb229b819

Headers

DLL Characteristics

File Characteristics

Imports

imm32

shlwapi

kernel32

gdi32

wsock32

wininet

shell32

winspool.drv

oleaut32

resutils

user32

ole32

Sections

.text Size: 219KB - Virtual size: 219KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 219KB - Virtual size: 219KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 9KB - Virtual size: 8KB