SecuriteInfo[.]com[.]Trojan-Dropper[.]MSIL[.]Agent[.]17756[.]11675[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan-Dropper.MSIL.Agent.17756.11675.dll
Size

3.6MB
MD5

e715eefc00703a57a66ecd95b8760365
SHA1

463f66271f4f1680b22ea3f765b5ff25d500a195
SHA256

9bb24b92a4fbf1f0a2f22c701224a3ffca38fef128db14e1de510160348d5a59
SHA512

bf481e0808fbf6f9b88a2b39ec14c09c387cddf87d3d3a937ea97fce2afcad2eaa122969e7c15a0b389abd30c7f8561ffb624109a5b468d65f1f7230f094ad7e
SSDEEP

98304:1Jq7wT+1S2rVmYQZyLvX6Nsqx1wEY10RyF1:MwT+1SBYQkvWsl/1Am

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan-Dropper.MSIL.Agent.17756.11675.dll

Files

SecuriteInfo.com.Trojan-Dropper.MSIL.Agent.17756.11675.dll
.dll windows:4 windows x86 arch:x86

86271b658a7990fcadc21a4381dd0938

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler3
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
_vsnprintf

kernel32

DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
GetLastError
CreateDirectoryA
MoveFileExA
MoveFileA
GetWindowsDirectoryA
InterlockedIncrement
DeleteFileA
SetFileAttributesA
RemoveDirectoryA
GetFileAttributesA
lstrcmpiA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime

advapi32

RegEnumValueA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

msi

ord79
ord249
ord245
ord73
ord160
ord159
ord31
ord115
ord166
ord163
ord49
ord50
ord117
ord8
ord17
ord103
ord121
ord124
ord48

Exports

Exports

CustomAction_SxsMsmCleanup
CustomAction_SxsMsmInstall

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ