SecuriteInfo[.]com[.]Win32[.]MalwareX-gen[.]20517[.]23176[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Win32.MalwareX-gen.20517.23176.dll
Size

761KB
MD5

0efcb5d466673814b14909cf9dd6f864
SHA1

5aef6d8302ebed25cbbae9ae266791b7307f1dc3
SHA256

90907764a7be697a2675a06d58e828585eee75f18dbe9333e0b34c7bf2576f49
SHA512

32630332659f76dd9d365aac46625bbaa9bb3fafea4b5cfa55a9e18d72ea9da1372917f6f5de90ca520b09dbb8d4272d61618248beab034cec193045d035cbc9
SSDEEP

12288:5NHPcObyW2/ageerVeZfk65L+JKggJm45Hnj476HSbYQsH6n+gGObB5OBC:5V6CbQeZ865y3gJm+U7SSBp+NO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Win32.MalwareX-gen.20517.23176.dll

Files

SecuriteInfo.com.Win32.MalwareX-gen.20517.23176.dll
.dll windows:6 windows x86 arch:x86

e80e1bc0040e3e58438b5b8b1a77e208

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\work\stcode\DataCollection\Release\DataCollection.pdb

Imports

kernel32

Process32FirstW
CloseHandle
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
ReadFile
WriteFile
SetEndOfFile
CreateFileW
Sleep
CreateThread
OutputDebugStringW
WriteConsoleW
Process32NextW
GetLastError
CreateToolhelp32Snapshot
OpenProcess
ReadConsoleW
HeapSize
FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetProcessHeap
SetStdHandle
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
SetFilePointerEx
GetFileSizeEx
ExitProcess
HeapReAlloc
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
RtlUnwind
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleHandleA
GetModuleFileNameW
GetEnvironmentStringsW
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
InitializeCriticalSection
Process32First
Process32Next
GetComputerNameA
GlobalAlloc
GlobalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpiA
GetProcessTimes
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread

advapi32

RegQueryValueExA
RegEnumKeyExA
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExA
RegOpenKeyExW

ws2_32

__WSAFDIsSet
WSACleanup
select
shutdown
WSASocketW
getaddrinfo
WSAStartup
getpeername
send
socket
ntohs
connect
recv
getsockopt
freeaddrinfo
ioctlsocket
getnameinfo
setsockopt
WSAGetLastError
inet_ntoa
gethostbyname
inet_addr
closesocket

winhttp

WinHttpOpenRequest
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpSetTimeouts
WinHttpReadData
WinHttpConnect
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpOpen

rpcrt4

UuidCreateSequential

iphlpapi

GetAdaptersInfo
SendARP

Sections

.text
Size: 582KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e80e1bc0040e3e58438b5b8b1a77e208

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ws2_32

winhttp

rpcrt4

iphlpapi

Sections

.text Size: 582KB - Virtual size: 581KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 12KB - Virtual size: 39KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 582KB - Virtual size: 581KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 12KB - Virtual size: 39KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 25KB - Virtual size: 24KB