SecuriteInfo[.]com[.]Trojan[.]Siggen16[.]36378[.]19518[.]31440[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.Siggen16.36378.19518.31440.exe
Size

270KB
MD5

9a4dc8ff3346cb0920f31372ac84f45b
SHA1

b95c218bda11c0fc8fc63b32fb4805ae4156e5f5
SHA256

c6598a0027367fd9fa82f69d1abd358734126b8f9793706260b3fe62effc1ea4
SHA512

678f176edc6b84d16fe8ea77453736f2206520efce25457ef18019b9e3b63916ed2de74e6863295db97eeb5381d3d40760641a71812977e6ce8cbeeabef61227
SSDEEP

6144:Yab3pYHWop40Gqa+vFrYhZe7Zzqlm/kJW4vmlPr3zuJHd:YaNY2opDFrWIZ2lm/kJWOmlTzuJHd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.Siggen16.36378.19518.31440.exe

Files

SecuriteInfo.com.Trojan.Siggen16.36378.19518.31440.exe
.exe windows:4 windows x86 arch:x86

7f7a540fc87871ac3d69b4fcc6cdb0e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getsockname
gethostname
sendto
recvfrom
htonl
connect
ntohs
getpeername
send
recv
select
__WSAFDIsSet
accept
socket
htons
closesocket
listen
WSAStartup
inet_ntoa
WSACleanup
gethostbyname
bind
inet_addr

kernel32

IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetCurrentProcessId
CreateWaitableTimerA
SetWaitableTimer
CloseHandle
GlobalAlloc
RtlMoveMemory
GlobalFree
CreateProcessA
ResumeThread
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
OpenProcess
IsWow64Process
CreateThread
GetModuleHandleA
GetProcAddress
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
WaitForSingleObject
GetExitCodeThread
CreateRemoteThread
MultiByteToWideChar
ReadProcessMemory
lstrcpynA
LoadLibraryA
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
SetStdHandle
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetLocalTime
DeleteFileA
GetFileSize
CreateFileA
GetStartupInfoA
GetTickCount
ReadFile
CreateDirectoryA
WriteFile
GetModuleFileNameA
SetFileAttributesA
GetCommandLineA
FreeLibrary
LCMapStringA
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetLastError
TlsGetValue
SetLastError
FlushFileBuffers
TlsAlloc
TlsSetValue
GetProcessHeap
GetStringTypeA
GetCurrentThreadId
GetOEMCP
GetACP
GetCPInfo
HeapSize
IsBadWritePtr
VirtualAlloc
RaiseException
LCMapStringW
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
SystemTimeToFileTime
GetFileAttributesA
GetCurrentDirectoryA
LocalFileTimeToFileTime
SetFileTime
GetVersion
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapCreate

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
MsgWaitForMultipleObjects

iphlpapi

SendARP
GetAdaptersInfo

urlmon

URLDownloadToFileA

shlwapi

PathFindFileNameA

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 904KB - Virtual size: 959KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7f7a540fc87871ac3d69b4fcc6cdb0e5

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

iphlpapi

urlmon

shlwapi

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 904KB - Virtual size: 959KB

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 904KB - Virtual size: 959KB