SecuriteInfo[.]com[.]Win32[.]Evo-gen[.]18602[.]10500 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.Evo-gen.18602.10500
Size

56KB
MD5

3bfb35c4054f9b59a8b64817aa292780
SHA1

9d126f746caf39749551574a049adf9d1e8af649
SHA256

d2ca8563455b3e2cc8b2942a4026dddb324cb37262c27432ba1fcd975303e44a
SHA512

e01aeb6f537380889612aa9c3732d3a1f6abd4e6c02aa0f830044d133ccb647f1cea5d251f7b7957caa9e595f110ef20e12081b3466dd08d5a47a127ddc384f4
SSDEEP

1536:T3d/Gu30sVhOZZG6kLpXTaHCec+ceDhkMENAZ:T3xGA0yhQjCpmiec+cuOME

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Win32.Evo-gen.18602.10500

Files

SecuriteInfo.com.Win32.Evo-gen.18602.10500
.dll windows:6 windows x86 arch:x86

f1e99cf29907465f275f949fe91b6257

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\_VSK\PML\驱动调用\Release\驱动调用.pdb

Imports

kernel32

GetTempPathA
CloseHandle
LoadLibraryA
VirtualProtect
GetProcAddress
WriteFile
GetCurrentProcess
CreateFileA
ExitProcess
DeleteFileA

user32

MapVirtualKeyW
GetSystemMetrics
MessageBoxA
wsprintfA

advapi32

RegSetValueExA
OpenProcessToken
RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegDeleteKeyA

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle
InternetOpenUrlA

Exports

Exports

InsterDriver

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Pml0
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ