SecuriteInfo[.]com[.]Win64[.]TrojanX-gen[.]8688[.]8256[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win64.TrojanX-gen.8688.8256.exe
Size

5.1MB
MD5

cba6a7025b455455a163ac9f50ef7290
SHA1

40135a7977be13e7688dbfc32b472cd2880c9969
SHA256

31fba5f29c7a98a4205cc201a8f966c8bbb7531959a2475fc42420a90f975057
SHA512

64b0128d4594e9e3d0f46542c6a3bcf55057ef3c55cbeac1feb27e9d395715e35d3b3c2a3bdc551904a94a8faf068222a6df7b4e0e4838288f65b9a35743281c
SSDEEP

49152:cAR415ZgKKHoxb4YXzXpKre/ZfD9qRMbPTPX3HDqFqc1G4OJwK5jNioXfIcnxufg:2H//B1DduMJwKddXBufN+2S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Win64.TrojanX-gen.8688.8256.exe

Files

SecuriteInfo.com.Win64.TrojanX-gen.8688.8256.exe
.dll windows:6 windows x64 arch:x64

548bf6c9d89310e831041b45d037748f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\UEVR\UEVR\build\bin\uevr\UEVRBackend.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

ntdll

RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader
NtGetNextThread
VerSetConditionMask
RtlCaptureStackBackTrace
RtlUnwind

advapi32

OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegGetValueW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority

kernel32

CreateFileA
CloseHandle
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetProcAddress
LoadLibraryA
MapViewOfFile
UnmapViewOfFile
GetModuleHandleA
CreateFileMappingA
CreateThread
IsBadReadPtr
Sleep
FreeLibrary
GetModuleFileNameW
GlobalAlloc
GlobalUnlock
GlobalLock
SetEvent
ResetEvent
CreateEventA
GetModuleHandleW
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
WaitForSingleObject
VirtualProtect
CreateToolhelp32Snapshot
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
VerifyVersionInfoW
SuspendThread
ResumeThread
GetThreadId
GetThreadContext
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableW
GetFileAttributesW
GetLastError
LoadLibraryExW
LoadLibraryW
FormatMessageW
OutputDebugStringA
HeapAlloc
HeapFree
GetCommandLineA
CreateEventExW
GetModuleHandleExA
FlushInstructionCache
IsBadCodePtr
DebugBreak
EnterCriticalSection
WriteConsoleW
GetFileAttributesA
GetDynamicTimeZoneInformation
GetStdHandle
WriteFile
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
ExitProcess
GetFileType
SetStdHandle
ReadFile
ExitThread
InitializeCriticalSectionAndSpinCount
GetProcessAffinityMask
ReleaseSemaphore
DuplicateHandle
SetThreadGroupAffinity
GetThreadGroupAffinity
GetNumaHighestNodeNumber
GetLogicalProcessorInformationEx
GetCurrentProcessorNumberEx
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
SetLastError
QueryDepthSList
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
InterlockedFlushSList
InterlockedPushEntrySList
GetUserDefaultLCID
EnumSystemLocalesW
GetOEMCP
GetFileSizeEx
IsValidCodePage
FlushFileBuffers
GetConsoleOutputCP
SetEndOfFile
GetProcessHeap
GetACP
InterlockedPopEntrySList
FreeLibraryAndExitThread
GetTimeZoneInformation
HeapSize
HeapReAlloc
ReadConsoleW
SetFilePointerEx
RaiseException
LoadLibraryExA
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFinalPathNameByHandleW
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
GetTickCount64
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
InitOnceBeginInitialize
InitOnceComplete
WakeConditionVariable
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetStringTypeW
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CreateSemaphoreExW
FlushProcessWriteBuffers
GetSystemTimeAsFileTime
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
TerminateProcess
GetCurrentThread
GetThreadTimes

user32

MessageBoxW
GetClipboardData
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
GetClientRect
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
IsChild
GetAsyncKeyState
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetWindowLongPtrA
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
GetDesktopWindow
GetWindowTextA
GetWindowLongPtrA
SetCursorPos
GetWindowRect
AllowSetForegroundWindow
SetForegroundWindow
CallWindowProcA
PostMessageA
PeekMessageA

shell32

SHGetSpecialFolderPathW

d3dcompiler_47

D3DCompile

imm32

ImmSetCandidateWindow
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

shlwapi

PathRemoveFileSpecW

d3d12

D3D12SerializeRootSignature

Exports

Exports

g_plugin_initialize_param

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

548bf6c9d89310e831041b45d037748f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

version

ntdll

advapi32

kernel32

user32

shell32

d3dcompiler_47

imm32

shlwapi

d3d12

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 97KB - Virtual size: 132KB

.pdata Size: 111KB - Virtual size: 110KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 38KB - Virtual size: 38KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 97KB - Virtual size: 132KB

.pdata
Size: 111KB - Virtual size: 110KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 38KB - Virtual size: 38KB