SecuriteInfo[.]com[.]W32[.]Backdoor[.]OGTY-3206[.]20752[.]7802[.]exe | Triage

Sharing

General

Target

SecuriteInfo.com.W32.Backdoor.OGTY-3206.20752.7802.exe
Size

26.2MB
MD5

e15642b40008a827258873bfeea59407
SHA1

45d136f50d4fbd3d8a840d1a5f85c64718ac96c8
SHA256

e002d5bbf4a98ac6d80a3a6277fe76b13b7ebdfdfb374495161180694886e6f2
SHA512

23b506992687af0aa7aa65f98fc16c155f54dfe614b10b0855bc00be8c3c6f11e122f94b5dba2eed96195bde53d14c57b4b3d3d63e5b41af33770483c09bece3
SSDEEP

786432:Of6xp+5NBvQBHox396Fr6x/DiqLCZwXi6tIp:ONpRxtq65DTWRLp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.W32.Backdoor.OGTY-3206.20752.7802.exe

Files

SecuriteInfo.com.W32.Backdoor.OGTY-3206.20752.7802.exe
.exe windows:4 windows x86 arch:x86

cbf47572e8cb446c01bd5522c7d7f827

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\Acro_root_ns\BuildResults\bin\Release\AcroRd32Exe.pdb

Imports

kernel32

ExitProcess
FormatMessageA
GetLastError
SetLastError
VirtualAlloc
CloseHandle
MapViewOfFile
CreateFileMappingA
VirtualFree
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
GetModuleFileNameW
UnmapViewOfFile
lstrcpynW
GetFullPathNameW
SetEnvironmentVariableW
HeapAlloc
GetProcessHeap
GetFileSize
ReadFile
SetFilePointer
CreateFileW
WideCharToMultiByte
GetEnvironmentVariableW
GetVersion

user32

MessageBoxA

Sections

.text
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.res
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 112B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE