SecuriteInfo[.]com[.]Trojan[.]MulDrop6[.]20495[.]25795[.]10208[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.MulDrop6.20495.25795.10208.exe
Size

918KB
MD5

6471ca1fff20cba037debfb9a30c0cb4
SHA1

e6416093f18940d1851be733a86a8425a1e9219c
SHA256

109ca116c41d294401cc8e42762345e8142d507ddbd811f9964d4689654968e9
SHA512

d984c648de27045e3e25ee3a45bf8a66f49684f6313ccab82958899cfa1d76001942ecefe5dfff2dd2279e84df6f9de53372fb171394a54bbd42236bc1397b51
SSDEEP

24576:tcSxLTUxroZyli6OHnVi235/wZRtTjqUibLSgT2Hd:2eErvTAnwE/wf5qUiXSgT2Hd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.MulDrop6.20495.25795.10208.exe

Files

SecuriteInfo.com.Trojan.MulDrop6.20495.25795.10208.exe
.exe windows:4 windows x86 arch:x86

22977549f5973f29d9952f5032e325b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\adsoft_setup\sfx\sfx_Release\sfx.pdb

Imports

kernel32

FindFirstFileA
lstrlenA
GetFileAttributesA
lstrcpynA
GetLastError
MultiByteToWideChar
AreFileApisANSI
SetLastError
GetFullPathNameA
GetProcAddress
GetModuleHandleA
FreeLibrary
LoadLibraryA
Sleep
GetSystemTimeAsFileTime
GetTempPathA
lstrcmpA
SetFilePointer
GetShortPathNameA
GetModuleFileNameA
GetCommandLineA
SetFileAttributesA
FindClose
SetEvent
lstrcmpiA
ResetEvent
CreateEventA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetTickCount
FindNextFileA
lstrcatA
HeapSize
FlushFileBuffers
SetStdHandle
lstrcpyA
WriteFile
CreateFileA
ReadFile
SetFileTime
CloseHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetConsoleMode
ExitProcess
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
LCMapStringA
WideCharToMultiByte
LCMapStringW
DeleteCriticalSection
GetConsoleCP
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW

user32

PostMessageA
CharLowerA
wsprintfA
RegisterWindowMessageA
FindWindowA
MessageBoxA
IsWindow

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetDesktopFolder
SHGetMalloc

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22977549f5973f29d9952f5032e325b2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 6KB - Virtual size: 19KB

.rsrc Size: 46KB - Virtual size: 46KB

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 6KB - Virtual size: 19KB

.rsrc
Size: 46KB - Virtual size: 46KB