SecuriteInfo[.]com[.]Trojan[.]Win32[.]Sasfis[.]10754[.]30850 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.Win32.Sasfis.10754.30850
Size

1.1MB
MD5

67744c17a1bac3a3aee40728c0200594
SHA1

b866296734ed09619814860511653196fb1a2645
SHA256

62a2df68241dec61d65d48e3e762baf66c2c1a998e374f65e1951736b8256dcf
SHA512

dc30a5e1d7fe4a7c589f2cab07c347ad1c8678d73537e741f4a6a1760b97a4483ce5726a53c7e2189158ff01006a3a2fd76200c2747ff7db0c5afd0be8e3af3b
SSDEEP

3072:4bDSs7c2QPmum//eMbnzIBMYdrfLdxKXzg2rZCP1q+5BXRoI8KalXS22SqU6R517:D7RPmum/2Mbb6Ra9Mx6yaNV8xeI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.Win32.Sasfis.10754.30850

Files

SecuriteInfo.com.Trojan.Win32.Sasfis.10754.30850
.dll regsvr32 windows:4 windows x86 arch:x86

dac98ec455296f2dab736edd4e277d1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

common

?ConvertToPureFile@FS@@YA?AVCTXStringW@@PB_W@Z

gf

?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0H@Z

user32

SetWindowTextW

gdi32

LPtoDP

advapi32

RegCreateKeyExW

shell32

DragAcceptFiles

ole32

CoCreateInstance

oleaut32

OleCreatePropertyFrame

msvcp80

?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ

livelog

?IsValidEmail@@YAHPB_W@Z

msvcr80

??3@YAXPAX@Z

httpdownload

??1CHttpDowndExports@@QAE@XZ

wintrust

WinVerifyTrust

crypt32

CryptMsgClose

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 132KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE