SecuriteInfo[.]com[.]Malware-Cryptor[.]Limpopo[.]6307[.]3974

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Malware-Cryptor.Limpopo.6307.3974
Size

544KB
MD5

c5c6a7d929628cd8823f394b3436076c
SHA1

da729cbceced39e181cbbd2e4f48003c642b57a7
SHA256

3161def2d64785117cd08433f9dc158093d1e0c433b2d7999d32cf2774ad8403
SHA512

27bbcaacf289dbd27a39abb661e7e554a484031b805081c37cc7315bd66a737a8aa786fe7da7e762b14ba606842886b90b6825174d35ff3c632726f32a0bf35e
SSDEEP

12288:xocqHpYZKMp93P7m157jbbbbbbbbbbbbbbhT5AFxp:QJYZb93ybjbbbbbbbbbbbbbbhOfp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Malware-Cryptor.Limpopo.6307.3974

Files

SecuriteInfo.com.Malware-Cryptor.Limpopo.6307.3974
.dll windows:4 windows x86 arch:x86

e6a75a582488f601b7db026c5db0729f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

mfc42

ord5460
ord3692
ord2452
ord3571
ord5785
ord5791
ord2860
ord2859
ord640
ord2405
ord1640
ord323
ord1264
ord1567
ord268
ord5651
ord3127
ord3616
ord958
ord350
ord940
ord4129
ord2764
ord5710
ord6648
ord1199
ord4277
ord801
ord541
ord4376
ord4853
ord2514
ord4837
ord3597
ord324
ord4234
ord3089
ord4476
ord1232
ord1153
ord1233
ord4224
ord2575
ord5290
ord3402
ord6055
ord1776
ord4396
ord4424
ord3574
ord809
ord609
ord556
ord567
ord4275
ord4284
ord2379
ord5053
ord5981
ord3874
ord4133
ord4297
ord5788
ord472
ord283
ord6880
ord2122
ord6358
ord1088
ord6197
ord2567
ord1907
ord5161
ord5162
ord5160
ord4905
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord768
ord489
ord2370
ord2301
ord2302
ord4258
ord4976
ord6334
ord4742
ord2244
ord6779
ord6662
ord6663
ord4202
ord4278
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord3749
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord3953
ord6117
ord2725
ord1200
ord6215
ord6438
ord5873
ord2763
ord3742
ord818
ord1768
ord6571
ord755
ord470
ord6605
ord2450
ord6378
ord6380
ord1087
ord2431
ord6178
ord2411
ord4398
ord3582
ord616
ord3708
ord781
ord3753
ord3876
ord4132
ord4220
ord2584
ord3654
ord2438
ord3521
ord1644
ord3693
ord5789
ord3499
ord6199
ord4299
ord2078
ord2080
ord2099
ord2116
ord2513
ord293
ord6134
ord5718
ord2528
ord6402
ord1908
ord4715
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord496
ord4259
ord816
ord562
ord2753
ord3610
ord656
ord2152
ord1771
ord6366
ord2413
ord2024
ord4401
ord3639
ord692
ord4124
ord6377
ord3797
ord3138
ord2023
ord4218
ord2578
ord5608
ord2841
ord6877
ord2107
ord4219
ord2581
ord5148
ord2089
ord6376
ord795
ord4480
ord6172
ord6270
ord2055
ord2648
ord4441
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord4710
ord4998
ord4852
ord4375
ord5265
ord5016
ord4750
ord1834
ord6403
ord3870
ord3522
ord6195
ord6282
ord6283
ord4160
ord858
ord924
ord6883
ord2915
ord5572
ord1168
ord6143
ord939
ord5861
ord860
ord941
ord537
ord6876
ord5683
ord5856
ord540
ord2818
ord535
ord800
ord1871
ord879
ord882
ord2864
ord2255
ord1969
ord1993
ord5206
ord2740
ord922
ord2408
ord6387
ord5186
ord5443
ord2096
ord384
ord686
ord273
ord603
ord2459
ord1649
ord354
ord458
ord665
ord750
ord3337
ord926
ord5875
ord3619
ord6394
ord5450
ord6383
ord5440
ord6467
ord1146
ord2754
ord5782
ord289
ord613
ord2614
ord5067
ord4635
ord4607
ord4716
ord4608
ord4834
ord5268
ord1568
ord1176
ord1180
ord5232
ord4229
ord641
ord355
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord6453
ord5065
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord823
ord825
ord5781
ord2414
ord3663
ord3626
ord1641
ord3706
ord1577
ord1575
ord1116
ord4698
ord3721

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
time
localtime
strftime
_ismbclegal
_mbschr
tolower
toupper
_snprintf
_except_handler3
_mbsnbcat
isxdigit
_mbsnbcmp
_ismbcdigit
_ismbcalnum
_ismbcspace
_ismbcupper
free
strncpy
_CxxThrowException
_vsnprintf
sscanf
_ftol
_beginthreadex
_mbscmp
vsprintf
wcslen
sprintf
_mbstok
atoi
isalpha
_mbspbrk
_mbsnbcpy
_mbsrchr
_mbsnbicmp
malloc
_mbsicmp
_mbsstr
_access
_purecall
__CxxFrameHandler
_itoa
_strdup

kernel32

IsDBCSLeadByte
GlobalSize
GlobalReAlloc
GlobalHandle
FindResourceA
LoadResource
LockResource
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesA
GetLocaleInfoA
ReleaseMutex
CreateMutexA
OpenMutexA
OutputDebugStringA
lstrlenA
FreeLibrary
SuspendThread
ResumeThread
SetThreadPriority
GetExitCodeThread
TerminateThread
GetSystemInfo
GetTickCount
GetLogicalDriveStringsA
GetDriveTypeA
DeleteFileA
FormatMessageA
LocalFree
CompareStringA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
GetTempPathA
GetTempFileNameA
LoadLibraryA
GetModuleFileNameA
CreateDirectoryA
WideCharToMultiByte
MultiByteToWideChar
Sleep
lstrcpyA
GetVersionExA
GetModuleHandleA
GetProcAddress
FindFirstFileA
FindNextFileA
GetLastError
FindClose
GetExitCodeProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
GetFileTime
SetEndOfFile
GetFileAttributesA
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateFileA
WaitForSingleObject
PulseEvent
ResetEvent
SetEvent
CloseHandle
CreateEventA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc

user32

CopyImage
PostQuitMessage
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
EnableMenuItem
SetTimer
CreatePopupMenu
AppendMenuA
ReleaseCapture
SetCapture
LoadStringA
GetDlgItem
SetWindowLongA
LoadBitmapA
LoadMenuA
LoadImageA
GetIconInfo
CreateIconIndirect
FillRect
DrawStateA
GetClientRect
FrameRect
GetSysColor
DrawFocusRect
GetSubMenu
TrackPopupMenuEx
ClientToScreen
GetCapture
GetActiveWindow
GetParent
GetNextDlgTabItem
GetWindowLongA
DestroyIcon
DestroyCursor
DestroyMenu
LoadIconA
GetSysColorBrush
MsgWaitForMultipleObjects
PeekMessageA
wsprintfA
SendMessageA
DrawIconEx
GetKeyState
GetSystemMetrics
GetWindowRect
GetDesktopWindow
SetRect
SubtractRect
EqualRect
SetCursor
LoadCursorA
InflateRect
InvalidateRect
UpdateWindow
PostMessageA
RegisterWindowMessageA
SetWindowRgn
DrawTextA
AdjustWindowRectEx
GetMessagePos
KillTimer
WindowFromPoint
PtInRect
GetFocus
IsWindowEnabled
EnableWindow
IsWindow
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
ReleaseDC
GetDC
MessageBoxA
CharNextA
CopyRect

gdi32

StretchBlt
CreateFontIndirectA
EnumFontFamiliesExA
GetTextExtentPoint32A
GetDIBColorTable
DPtoLP
SetMapMode
CreatePen
Rectangle
CreateRectRgnIndirect
GetPixel
SetPixel
SetBkColor
SetTextColor
DeleteDC
BitBlt
SelectObject
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
GetDIBits
CreateHalftonePalette
GetPaletteEntries
SetStretchBltMode
GetMapMode
SetDIBitsToDevice
StretchDIBits
CreateBitmap
GetObjectA
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
SelectPalette
RealizePalette
DeleteObject
GetDeviceCaps
GetStockObject
OffsetRgn
PtInRegion
CombineRgn
RectVisible
GetClipBox
GetDCOrgEx
CreateRectRgn
GetClipRgn

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegEnumKeyExA
RegEnumValueA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA

shell32

SHGetMalloc
SHAppBarMessage
ShellExecuteA
SHGetDesktopFolder
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA

comctl32

ImageList_GetImageCount
ImageList_AddMasked
ImageList_SetBkColor
ImageList_Draw
_TrackMouseEvent

ole32

OleSetContainedObject
StgIsStorageFile
StgOpenStorage
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
StgCreateDocfile
CoTaskMemFree
ReleaseStgMedium
OleCreateStaticFromData
OleDuplicateData

ws2_32

WSACreateEvent
bind
htons
htonl
WSASocketA
WSAEnumNetworkEvents
gethostbyname
gethostname
getsockname
WSAGetOverlappedResult
WSAWaitForMultipleEvents
listen
WSARecv
WSASend
WSAConnect
inet_addr
recv
connect
socket
send
getpeername
WSAStartup
WSACloseEvent
WSAEventSelect
setsockopt
accept
WSAResetEvent
closesocket
WSAGetLastError
WSACleanup

winmm

timeGetTime
PlaySoundA

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

Exports

Exports

jetChatCreate

Sections

.text
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6a75a582488f601b7db026c5db0729f

Headers

File Characteristics

Imports

version

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

ws2_32

winmm

msvcp60

Exports

Exports

Sections

.text Size: 328KB - Virtual size: 325KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 116KB - Virtual size: 115KB

.reloc Size: 28KB - Virtual size: 26KB

.text
Size: 328KB - Virtual size: 325KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 116KB - Virtual size: 115KB

.reloc
Size: 28KB - Virtual size: 26KB