SecuriteInfo[.]com[.]Adware[.]Downware[.]54[.]22424[.]26324[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Adware.Downware.54.22424.26324.dll
Size

263KB
MD5

a3ec92b807f93a437006e014c2ba9ab0
SHA1

c2e0a9c411044ac1829da97511fdc658ace8b409
SHA256

2f4dafb7a1c034864d1a686d0bf346728e963317ede5b6bd2a2b6dc21cef6c12
SHA512

4a0d41867319e717aeb7cc721fdda95319b04a7dfc80048a5b9914861e1c6d8baee3073985bb480be802f9ab1e9a04b622eab7ca622e561b249e8dcf55e802a5
SSDEEP

3072:fYAbepWjRJKfn3K3+O64bxMfDmwwmSVSj7HAQQTstCU68gkWAT9yAj254gSWHlP:TbHPKvzOjWkSj7H1tCUOARNXgH5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Adware.Downware.54.22424.26324.dll

Files

SecuriteInfo.com.Adware.Downware.54.22424.26324.dll
.dll regsvr32 windows:5 windows x86 arch:x86

e3d227482a98a6cc9c8c1c697848a2f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetOpenW
InternetSetOptionW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

sqlite3

sqlite3_exec
sqlite3_bind_int
sqlite3_bind_text
sqlite3_changes
sqlite3_step
sqlite3_column_type
sqlite3_prepare
sqlite3_open
sqlite3_reset
sqlite3_finalize
sqlite3_errmsg
sqlite3_busy_timeout
sqlite3_close
sqlite3_column_count
sqlite3_vmprintf
sqlite3_free
sqlite3_mprintf
sqlite3_column_int
sqlite3_column_text

kernel32

LoadLibraryA
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleHandleA
GetTimeZoneInformation
LCMapStringW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
SetThreadLocale
GetThreadLocale
MultiByteToWideChar
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrlenW
lstrlenA
WideCharToMultiByte
EnterCriticalSection
LCMapStringA
GetModuleFileNameW
CloseHandle
CreateThread
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetSystemTimeAsFileTime
InterlockedCompareExchange
LocalFree
LocalAlloc
FreeLibrary
LoadLibraryW
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
VirtualProtect
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
ReadFile
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
LeaveCriticalSection
SetEnvironmentVariableA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
VirtualFree
HeapCreate
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
RtlUnwind

user32

CharNextW

advapi32

RegCloseKey
RegQueryValueExW
RegSetValueExW
ConvertSidToStringSidA
LookupAccountNameA
GetUserNameA
RegCreateKeyExW
RegOpenKeyExW

shell32

ord165

ole32

CoCreateInstance
CoTaskMemFree

oleaut32

LoadTypeLi
LoadRegTypeLi
DispCallFunc
VariantInit
SysAllocString
SysAllocStringLen
VariantClear
RegisterTypeLi
UnRegisterTypeLi
SysFreeString
SysStringLen

atl90

ord61
ord68
ord15
ord64
ord56
ord49
ord10
ord11
ord30
ord32
ord58
ord23
ord31

shlwapi

PathAppendW
PathAddBackslashW
PathRemoveFileSpecW
SHSetValueW
SHDeleteKeyW
PathFileExistsW

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW
UuidFromStringA

urlmon

URLDownloadToFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ObfuscateCLSID
ObfuscateCLSID2
ObfuscateCLSID3

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3d227482a98a6cc9c8c1c697848a2f2

Headers

File Characteristics

Imports

wininet

sqlite3

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl90

shlwapi

rpcrt4

urlmon

Exports

Exports

Sections

.text Size: 199KB - Virtual size: 198KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 199KB - Virtual size: 198KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 15KB - Virtual size: 15KB