SecuriteInfo[.]com[.]Trojan[.]Siggen4[.]62441[.]5418[.]27432

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.Siggen4.62441.5418.27432
Size

20KB
MD5

871e91829d93e1f5e71464c349e69e53
SHA1

2080eaaa779c0860c3fd4d30b8729fc25b02a87d
SHA256

e691e80cc044107eb5957ad597dda958611b628ac25cf6b57558187f1542ab84
SHA512

5669b5ee8a58d7f41d222416ddbee72ea1a76b08e046106d3cca95e535aee24739ff375f527bdfd6c608d212c0cbfeb262f0628a0a3df9c57594b501262c5c76
SSDEEP

192:vsoQXD19XFxg/DngtkJF8xfF+jJWysVF/CMgYaUjX5tKomiQ0uV1oyCua:reTFtkJexfE7itK+m1xa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.Siggen4.62441.5418.27432

Files

SecuriteInfo.com.Trojan.Siggen4.62441.5418.27432
.exe windows:4 windows x86 arch:x86

a9d5c40b896003c4995539bf70b9333a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
InitializeCriticalSection
LeaveCriticalSection
CreateThread
ResetEvent
CreateEventA
WaitForSingleObject
SetEvent
Process32Next
GetModuleHandleA
GetModuleFileNameA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetCurrentProcess
GetLastError
LoadLibraryA
GetProcAddress
CreateToolhelp32Snapshot
Process32First
OutputDebugStringA
CloseHandle
EnterCriticalSection
GetStartupInfoA

user32

GetWindowLongA
PostQuitMessage
SetTimer
KillTimer
GetMessageA
MessageBoxA
PostMessageA
DispatchMessageA
TranslateMessage
SetWindowLongA
CreateWindowExA
RegisterClassExA
FindWindowA
DefWindowProcA

advapi32

OpenSCManagerA
CreateProcessAsUserA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
ControlService
DeleteService
StartServiceA
CreateServiceA
StartServiceCtrlDispatcherA
QueryServiceStatus
OpenServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
DuplicateTokenEx

shell32

SHGetSpecialFolderPathA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wininet

InternetGetConnectedState

mfc42

ord537
ord823
ord825
ord540
ord800

msvcrt

__setusermatherr
_initterm
__getmainargs
_acmdln
__p__commode
__p__fmode
_controlfp
_adjust_fdiv
__set_app_type
__CxxFrameHandler
_except_handler3
_local_unwind2
_itoa
_mbsnbcpy
sprintf
_mbscmp
__dllonexit
_onexit
?terminate@@YAXXZ
_exit
_XcptFilter
exit

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a9d5c40b896003c4995539bf70b9333a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

userenv

wininet

mfc42

msvcrt

msvcp60

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB