SecuriteInfo[.]com[.]Trojan[.]MulDrop6[.]20495[.]15510[.]1055[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.MulDrop6.20495.15510.1055.exe
Size

911KB
MD5

b346fe6b3d1da26a0d39bcb95c1dffa9
SHA1

90f84bc1f97b171bf1f54accd13a346ddc2a3735
SHA256

04121c481ff182c37d7be69dde3fc98ac9df808545f46e71afb796491fd0a94b
SHA512

ba7c762f9ef369db1a1b77cdc9b7205feb8034421aa338526f80e0505d437c8314e0733e8125207b275bf29f71b3f7cab6f07e9790a2fbe3d6493240a2febda3
SSDEEP

12288:hCscS1TLgLOEYczVPA5AREjlxXWijaeEFxIuLGOTNVlTsdNMdr8noVd/WViATSRk:tcSxYhDzJmjlxXW8aXIGro86oT7A/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.MulDrop6.20495.15510.1055.exe

Files

SecuriteInfo.com.Trojan.MulDrop6.20495.15510.1055.exe
.exe windows:4 windows x86 arch:x86

22977549f5973f29d9952f5032e325b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\adsoft_setup\sfx\sfx_Release\sfx.pdb

Imports

kernel32

FindFirstFileA
lstrlenA
GetFileAttributesA
lstrcpynA
GetLastError
MultiByteToWideChar
AreFileApisANSI
SetLastError
GetFullPathNameA
GetProcAddress
GetModuleHandleA
FreeLibrary
LoadLibraryA
Sleep
GetSystemTimeAsFileTime
GetTempPathA
lstrcmpA
SetFilePointer
GetShortPathNameA
GetModuleFileNameA
GetCommandLineA
SetFileAttributesA
FindClose
SetEvent
lstrcmpiA
ResetEvent
CreateEventA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetTickCount
FindNextFileA
lstrcatA
HeapSize
FlushFileBuffers
SetStdHandle
lstrcpyA
WriteFile
CreateFileA
ReadFile
SetFileTime
CloseHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetConsoleMode
ExitProcess
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
LCMapStringA
WideCharToMultiByte
LCMapStringW
DeleteCriticalSection
GetConsoleCP
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW

user32

PostMessageA
CharLowerA
wsprintfA
RegisterWindowMessageA
FindWindowA
MessageBoxA
IsWindow

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetDesktopFolder
SHGetMalloc

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22977549f5973f29d9952f5032e325b2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 6KB - Virtual size: 19KB

.rsrc Size: 46KB - Virtual size: 46KB

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 6KB - Virtual size: 19KB

.rsrc
Size: 46KB - Virtual size: 46KB