SecuriteInfo[.]com[.]FileRepMalware[.]11822[.]21779

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.FileRepMalware.11822.21779
Size

3.3MB
MD5

dedf7471d1b65ba4bb1396bc73d85b28
SHA1

6f2498e6d6343fb784cd70b38643abe1c282643d
SHA256

9b606db757dc796a2ff88accaec3364d3e83590ba4d361437dc199800c51012a
SHA512

7c3d2c5672c87545ec4e4d706531d6575c1d99fbccdac863c6e94675d122713813d1fcb1502e10f36ac8bf177e4ff5214dd3c6a9ed471cfde831e6dd1785f4d8
SSDEEP

49152:u3/0e6aTrHGw0g83XXoTg18CuDHwb0X3nOhRr7+:ze6hgdHQS+hRr7+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.FileRepMalware.11822.21779

Files

SecuriteInfo.com.FileRepMalware.11822.21779
.exe windows:6 windows x64 arch:x64

5384c3a03162dd958eac65794939d508

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

E:\MetaTrader5\Installers\Distributive Core\Release64\core64.pdb

Imports

ws2_32

FreeAddrInfoW
GetAddrInfoW
closesocket
InetPtonW
WSAStartup
htons
WSASocketW
setsockopt
WSAConnect
ioctlsocket
select
WSARecv
WSASend
WSAGetLastError
shutdown
WSACleanup

kernel32

CreateProcessW
CopyFileW
GetDiskFreeSpaceExW
GetTempPathW
ExpandEnvironmentStringsW
Process32FirstW
K32GetProcessImageFileNameW
Process32NextW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
ExitProcess
GetModuleHandleExW
MoveFileExW
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
RtlUnwindEx
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
EnumResourceNamesW
FreeResource
IsValidCodePage
LockResource
GlobalFree
VerSetConditionMask
VerifyVersionInfoW
lstrlenW
CompareStringW
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapSize
HeapFree
OpenProcess
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
DecodePointer
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
GetEnvironmentVariableW
K32GetProcessMemoryInfo
GetLocalTime
GetLogicalProcessorInformationEx
GetProcessHandleCount
Module32FirstW
Module32NextW
GetCurrentThread
CreateToolhelp32Snapshot
Thread32First
OpenThread
SuspendThread
GetThreadContext
ResumeThread
ReadProcessMemory
Thread32Next
GetCurrentProcessId
GetCurrentProcess
InitializeCriticalSectionEx
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
RaiseException
lstrcmpiW
GetModuleHandleW
FileTimeToDosDateTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FindNextFileW
FindClose
FindFirstFileW
FileTimeToSystemTime
DosDateTimeToFileTime
DeviceIoControl
GetSystemDirectoryW
GetVolumeInformationW
GetVersionExW
GetSystemTimeAsFileTime
GetFileAttributesExW
GetFileAttributesW
CreateDirectoryW
SetFileAttributesW
RemoveDirectoryW
WriteFile
SetEndOfFile
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount64
WideCharToMultiByte
GetTickCount
GetCurrentThreadId
SetThreadStackGuarantee
DeleteFileW
Sleep
LeaveCriticalSection
GetExitCodeThread
EnterCriticalSection
GetSystemInfo
GetUserDefaultUILanguage
GlobalMemoryStatusEx
GetModuleFileNameW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateFileW
GetFileSizeEx
SetFilePointer
GetLastError
ReadFile
VirtualAlloc
VirtualFree
IsBadReadPtr
VirtualQuery
LocalFree
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCPInfo
GetStringTypeW
GetACP
GetOEMCP
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
FreeLibraryAndExitThread

user32

ClientToScreen
CreateAcceleratorTableW
GetParent
ScreenToClient
MoveWindow
DestroyWindow
GetDlgItem
GetWindowThreadProcessId
GetTopWindow
EndDialog
MessageBeep
LoadBitmapW
LoadIconW
EnableWindow
GetWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
SetWindowPos
GetSysColor
GetClassNameW
IsWindow
SetCapture
SendMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
DialogBoxParamW
BringWindowToTop
SetForegroundWindow
ShowWindow
GetWindowRect
SetClassLongPtrW
PostQuitMessage
MessageBoxW
LoadStringW
IsWindowVisible
LoadImageW
SetTimer
KillTimer
SystemParametersInfoW
IsWindowEnabled
DrawFocusRect
SetCursor
TrackMouseEvent
GetCapture
GetCursorPos
UpdateWindow
OffsetRect
DrawTextW
SetRectEmpty
PtInRect
GetDlgCtrlID
GetActiveWindow
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetFocus
GetSystemMetrics
PostMessageW
CharNextW
CharLowerW
DefWindowProcW
UnregisterClassW
RegisterClassExW
LoadCursorW
GetFocus
IsChild
EndPaint
BeginPaint
SetWindowLongW
GetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
CallWindowProcW
InvalidateRgn
GetClientRect
FillRect
SetWindowTextW
ReleaseCapture

gdi32

DeleteDC
GetDeviceCaps
GetObjectW
GetStockObject
BitBlt
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreateFontIndirectW
SetBkColor
ExtTextOutW
SetTextColor
SetBkMode
GetTextExtentPoint32W
GetTextExtentPointW
TextOutW
RestoreDC
SaveDC
CreateFontW
EnumFontFamiliesExW
GetDIBits
GdiGradientFill
CreateDIBitmap

advapi32

CryptReleaseContext
QueryServiceConfigW
ControlService
QueryServiceStatus
OpenServiceW
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW
RegEnumKeyW
RegDeleteKeyExW
RegQueryValueW
CryptVerifySignatureW
CryptDestroyHash
CryptHashData
CryptCreateHash
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
OpenProcessToken
GetTokenInformation
GetFileSecurityW
GetSecurityDescriptorDacl
GetAclInformation
GetAce
EqualSid
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptDestroyKey
CryptAcquireContextW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHChangeNotify
SHGetFileInfoW
SHGetPathFromIDListW
ShellExecuteExW

ole32

OleInitialize
CoTaskMemFree
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
OleUninitialize
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CLSIDFromString

oleaut32

SysFreeString
SysAllocString
OleCreateFontIndirect
VariantClear
SysStringLen
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantInit
SysAllocStringLen

shlwapi

PathCanonicalizeW
PathFindExtensionW

comctl32

ImageList_Draw
ImageList_Destroy
ImageList_AddMasked
InitCommonControlsEx
CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Create
ImageList_SetBkColor

bcrypt

BCryptGenRandom

secur32

InitializeSecurityContextW
FreeCredentialsHandle
AcquireCredentialsHandleW
EncryptMessage
DeleteSecurityContext
QueryContextAttributesW
DecryptMessage

crypt32

CertCreateCertificateChainEngine
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CryptHashCertificate
CertNameToStrW
CertFreeCertificateChain
CertFreeCertificateChainEngine
CryptImportPublicKeyInfo
CertGetNameStringW
CertCreateCertificateContext
CertFreeCertificateContext
CertCloseStore

dbghelp

MiniDumpWriteDump
SymFunctionTableAccess64
SymGetModuleBase64
StackWalk64
SymLoadModule64
SymInitialize
SymSetOptions
SymGetOptions

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdiplus

GdiplusStartup
GdiplusShutdown
GdipFree
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData

Sections

.text
Size: 483KB - Virtual size: 483KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5384c3a03162dd958eac65794939d508

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

bcrypt

secur32

crypt32

dbghelp

version

gdiplus

wintrust

Sections

.text Size: 483KB - Virtual size: 483KB

.rdata Size: 161KB - Virtual size: 160KB

.data Size: 91KB - Virtual size: 303KB

.pdata Size: 17KB - Virtual size: 17KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 483KB - Virtual size: 483KB

.rdata
Size: 161KB - Virtual size: 160KB

.data
Size: 91KB - Virtual size: 303KB

.pdata
Size: 17KB - Virtual size: 17KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 6KB - Virtual size: 6KB