SecuriteInfo[.]com[.]Trojan-Spy[.]Win32[.]Mekotio[.]14021[.]5418[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Trojan-Spy.Win32.Mekotio.14021.5418.dll
Size

17.4MB
MD5

078996597686e5b1777869045dc340dc
SHA1

f308bb3531571d624cd98799c6cf6774f18a5f38
SHA256

1d4dcaf2b07cab6f785c4607040b90d2e87a2d94c3368dd57f89c97a6d77bbe3
SHA512

7c033965c70731d7bbebf9966e4cfc0804a2b41933fac8f440f6b2c992781f13574b5ad1227da9484d88f2c7d74898a432f99fb5f3c0759564feea10b1a49371
SSDEEP

393216:P1qGMMtyaJYWrILsMA8xdp+1hmQ8OHwtBbEE9jb4:P1nttH38LsMA8xd1Dl4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan-Spy.Win32.Mekotio.14021.5418.dll

Files

SecuriteInfo.com.Trojan-Spy.Win32.Mekotio.14021.5418.dll
.dll windows:5 windows x86 arch:x86

6f8e15e476c783b4975094c644e04e09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

mpr

WNetEnumResourceW

winspool.drv

DocumentPropertiesW

comctl32

ImageList_GetImageInfo

ws2_32

WSAIoctl

shell32

Shell_NotifyIconW

user32

CopyImage

version

GetFileVersionInfoSizeW

oleaut32

SafeArrayPutElement

advapi32

RegSetValueExW

netapi32

NetWkstaGetInfo

kernel32

GetVersion
GetVersionExW

wsock32

gethostbyaddr

ole32

CreateBindCtx

gdi32

Pie

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
rwhwxwuopoyf

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 36KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oclnzfe
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.oclnzfe
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oclnzfe
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 519KB - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f8e15e476c783b4975094c644e04e09

Headers

File Characteristics

Imports

mpr

winspool.drv

comctl32

ws2_32

shell32

user32

version

oleaut32

advapi32

netapi32

kernel32

wsock32

ole32

gdi32

Exports

Exports

Sections

.text Size: 6.2MB - Virtual size: 6.2MB

.itext Size: 23KB - Virtual size: 22KB

.data Size: 101KB - Virtual size: 100KB

.bss Size: - Virtual size: 36KB

.idata Size: 15KB - Virtual size: 14KB

.didata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 177B

.rdata Size: 512B - Virtual size: 69B

.oclnzfe Size: 5.6MB - Virtual size: 5.6MB

.oclnzfe Size: 512B - Virtual size: 140B

.oclnzfe Size: 5.0MB - Virtual size: 5.0MB

.reloc Size: 519KB - Virtual size: 518KB

.text
Size: 6.2MB - Virtual size: 6.2MB

.itext
Size: 23KB - Virtual size: 22KB

.data
Size: 101KB - Virtual size: 100KB

.bss
Size: - Virtual size: 36KB

.idata
Size: 15KB - Virtual size: 14KB

.didata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 177B

.rdata
Size: 512B - Virtual size: 69B

.oclnzfe
Size: 5.6MB - Virtual size: 5.6MB

.oclnzfe
Size: 512B - Virtual size: 140B

.oclnzfe
Size: 5.0MB - Virtual size: 5.0MB

.reloc
Size: 519KB - Virtual size: 518KB