SecuriteInfo[.]com[.]Variant[.]Jaik[.]52393[.]17592[.]31202

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Variant.Jaik.52393.17592.31202
Size

701KB
MD5

4d95a998f67ff4c580aa190fa5893396
SHA1

68d4cc533b5a2ae62829bf7c3b876fa497a14367
SHA256

32203a8beb112105aeb97a8ac87a25bc11b2299230ff4eb20c9badce9666380b
SHA512

fd3abccec63f1eecab112368b8e5de171f344a073d48dd59f9e9449ec1f5435c1fe0c336c89f4b84a37faa0d959f6e0dcca3ff16af71828be83e2318e662eab0
SSDEEP

12288:zIaMKi4VInQacKZqkTDrsgWwzedC3ax9OjtjAHqmc6IAwveNw9UWy02XoWRcgGHG:zMSKZ5DwafjtOqmc6Ey02XoWRqGCjJWc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Variant.Jaik.52393.17592.31202

Files

SecuriteInfo.com.Variant.Jaik.52393.17592.31202
.exe windows:6 windows x86 arch:x86

8d42dc75ca400c110899cd420e2415df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\GitHub\OpenFRE\Release\OpenFRE.pdb

Imports

urlmon

URLDownloadToFileA

comctl32

InitCommonControlsEx

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetEnvironmentVariableA
SetLastError
FormatMessageW
MoveFileExA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
WaitForSingleObjectEx
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetProcAddress
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
SetEndOfFile
GetFileAttributesExW
FlushFileBuffers
HeapReAlloc
DeleteFileW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetSystemDirectoryA
CompareStringW
GetTimeFormatW
GetDateFormatW
GetOEMCP
FreeLibrary
QueryPerformanceFrequency
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
QueryPerformanceCounter
TransactNamedPipe
LoadLibraryW
VirtualAlloc
GetFullPathNameW
HeapAlloc
HeapFree
GetCurrentDirectoryW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
WriteFile
FreeLibraryAndExitThread
ExitThread
SetFilePointerEx
GetModuleHandleExW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
RtlUnwind
VirtualFree
CreateNamedPipeA
GetModuleHandleA
CreateThread
Sleep
GetExitCodeThread
VirtualFreeEx
GetStartupInfoW
IsDebuggerPresent
SetEnvironmentVariableW
InitializeSListHead
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
CreateRemoteThread
VirtualAllocEx
CloseHandle
LoadLibraryA
OpenProcess
GetFullPathNameA
WriteProcessMemory
HeapSize
LCMapStringW
GetCurrentProcess
GetProcessHeap
WriteConsoleW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

GetWindowTextW
EnableWindow
EndPaint
BeginPaint
UpdateWindow
EnableMenuItem
PostQuitMessage
TranslateMessage
DefWindowProcA
RegisterClassA
MessageBoxIndirectA
GetSubMenu
SendMessageW
CreateWindowExW
FillRect
DestroyWindow
LoadCursorA
DispatchMessageA
LoadMenuW
GetMessageA
GetWindowTextLengthW
MessageBoxW
GetWindowThreadProcessId
ShowWindow
FindWindowA

gdi32

GetStockObject

advapi32

CryptAcquireContextA
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptReleaseContext

shell32

ShellExecuteExA
ShellExecuteA

ws2_32

WSACloseEvent
socket
WSAEnumNetworkEvents
recv
closesocket
accept
WSAEventSelect
WSAResetEvent
WSACreateEvent
WSAWaitForMultipleEvents
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
inet_pton
WSAStartup
WSACleanup
ntohl
listen
recvfrom
getaddrinfo
freeaddrinfo
htonl
ioctlsocket
send
gethostname
sendto

crypt32

CertFreeCertificateContext
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
PFXImportCertStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CryptStringToBinaryA
CryptDecodeObjectEx
CertGetCertificateChain
CertFindCertificateInStore
CertFreeCertificateChain

Sections

.text
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d42dc75ca400c110899cd420e2415df

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

comctl32

kernel32

user32

gdi32

advapi32

shell32

ws2_32

crypt32

Sections

.text Size: 541KB - Virtual size: 540KB

.rdata Size: 130KB - Virtual size: 129KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 541KB - Virtual size: 540KB

.rdata
Size: 130KB - Virtual size: 129KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 22KB