Trojan[.]Shylock[.]Skype[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Trojan.Shylock.Skype.zip
Size

177KB
MD5

1dbee013e7788a749f9e55a2b1bd20d5
SHA1

132a2db10eeecd91e91d4438409783b83879e341
SHA256

ef131ac51a972ce3cc14c33d858ad3e7346f3b705c54500a5081f110b24d9681
SHA512

5beea36aba85132e6ab170f337327105925e3a2ada933f62880554d8590934e60f3817cb9f8c735b90b0e688d13cd71ec5292a953b750035f75848d5f2fbfea7
SSDEEP

3072:xq8jl/+LJ7RlIOYjaVtgNQ1E9x7opG0jFrPpY6xVRuDmnZFZQ8kFzrrPIeY:pR/OdiOYjmgNZDopTJFYE8mnvZQrP5Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Shylock-skype_8FBEB78B06985C3188562E2F1B82D57D

Files

Trojan.Shylock.Skype.zip
.zip

Password: infected
Shylock-skype_8FBEB78B06985C3188562E2F1B82D57D
.dll windows:5 windows x86 arch:x86

d42994f3567105f497515f6e78b08aed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
GetProcessHeap
WriteFile
TerminateThread
Sleep
CreateEventA
CreateFileW
lstrcmpW
lstrlenW
GetTempPathW
GetLastError
SetLastError
FindClose
WaitForMultipleObjects
lstrcmpiW
lstrcatW
CreateMutexA
FindNextFileW
CloseHandle
DeleteFileW
lstrcpyW
SetFileAttributesW
CreateThread
lstrcpyA
GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
SetEvent
InterlockedIncrement
InterlockedDecrement
QueryPerformanceCounter
UnlockFile
LockFile
GetSystemTimeAsFileTime
FormatMessageA
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
ReadFile
MultiByteToWideChar
FlushFileBuffers
GetProcAddress
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
GetDiskFreeSpaceA
DeleteCriticalSection
GetCurrentThreadId
GetVersionExA
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
WaitForSingleObject
HeapFree
HeapAlloc
lstrlenA
FreeLibrary
FindFirstFileW

user32

FindWindowW
FindWindowExA
wsprintfA
KillTimer
GetWindowDC
PostQuitMessage
GetWindowRect
SetTimer
SendMessageA
keybd_event
DestroyWindow
FindWindowExW
PostMessageA
DispatchMessageA
IsWindowVisible
FindWindowA
RegisterClassA
RegisterWindowMessageA
wsprintfW
TranslateMessage
MapVirtualKeyA
UnregisterClassA
ReleaseDC
CreateWindowExA
DefWindowProcA
SendMessageTimeoutA
GetMessageA
GetLastInputInfo

gdi32

GetPixel

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHParseDisplayName
SHBindToParent
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
SysAllocString

msvcrt

realloc
atoi
strncmp
_ftol2_sse
memmove
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z
strstr
malloc
free
_wtoi
memset
_ftol2
memcpy

wininet

InternetCrackUrlA
InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestW
HttpOpenRequestA
InternetSetOptionA
InternetConnectW
InternetReadFile
InternetConnectA
HttpQueryInfoA
InternetOpenW

shlwapi

StrStrW
StrRChrW

Exports

Exports

Destroy
Init
Start

Sections

.text
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d42994f3567105f497515f6e78b08aed

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcrt

wininet

shlwapi

Exports

Exports

Sections

.text Size: 234KB - Virtual size: 233KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 2KB - Virtual size: 3KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 234KB - Virtual size: 233KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 3KB

.reloc
Size: 7KB - Virtual size: 6KB