SecuriteInfo[.]com[.]Trojan[.]KillProc2[.]23303[.]5664[.]10362[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.KillProc2.23303.5664.10362.exe
Size

739KB
MD5

8cc86d108d51302ca6963f79170d6f2c
SHA1

b26e6e07ab972be78a94b97d4c78f926ab1c11e7
SHA256

9cc4e6b47cde47d5c04e2c2d2ffabfc7e9002acf4460f83953c8db40dcb6b82e
SHA512

18141bda2ec23212797f196a97c2030d30cb1b5f2830b0231b5f9f66a94b448410ecbce3e36579fae3c476bcf11da2dabc5e6e61824c346fb329902aae520a68
SSDEEP

12288:max2AZk2eYl+DUc2pCeb5WKsuUkrSpR9MVOW0CpbLX7l5sIjOUkHu5FvarRulqba:xx2Oxe138CesiUHkOW0CpbLX/NytHsFD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.KillProc2.23303.5664.10362.exe

Files

SecuriteInfo.com.Trojan.KillProc2.23303.5664.10362.exe
.exe windows:6 windows x86 arch:x86

b6e2907142b8469b7f4e885227dec2e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

CreateProcessAsUserA

ws2_32

socket

iphlpapi

GetAdaptersInfo

winhttp

WinHttpConnect

Sections

.text
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c0
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c1
Size: 738KB - Virtual size: 737KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ