SecuriteInfo[.]com[.]Win32[.]TrojanX-gen[.]1892[.]3697[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.TrojanX-gen.1892.3697.exe
Size

422KB
MD5

b9fcbae32e294854e2507179d4acef1c
SHA1

88c7ae319270c49e2c6610e22bb54beaab533a10
SHA256

5ee6cfb7dd10f7fecf03d515c60c8e319920ec1b99e9835f4fbcba8caa4b924c
SHA512

ffd16a836c93485d71689884f1b9b114126d1f4bf3e070eeb1e6613b5337bfb19028bfe62b0339c0a38c3091cf8f1eaf286989f49b503ee06752000d85b49b99
SSDEEP

6144:EQEPWO/7+Ugo33uIH7/hjOlqkDVmaxR3psGoyj0mBZ0gTzzh6lOUepHiPVn5lXwM:EHv3LVOAkDVmaxR5sGb0KZ0e4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Win32.TrojanX-gen.1892.3697.exe

Files

SecuriteInfo.com.Win32.TrojanX-gen.1892.3697.exe
.exe windows:5 windows x86 arch:x86

1738fefa50d0611937aaf1eda2e025f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\我的项目\GGENET\Release\ggeserver.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
DeleteCriticalSection
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
CreateThread
CloseHandle
SetConsoleCtrlHandler
Sleep
TerminateThread
InitializeCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter
LeaveCriticalSection
IsProcessorFeaturePresent

msvcp100

?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPBD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ

msvcr100

_fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_commode
_except_handler4_common
_invoke_watson
_controlfp_s
memcpy
__CxxFrameHandler3
__setusermatherr
_configthreadlocale
_initterm_e
_onexit
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_amsg_exit
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
printf
_purecall
_CxxThrowException
??3@YAXPAX@Z
??2@YAPAXI@Z
_unlock
__dllonexit
_lock

lua51

lua_newuserdata
luaL_ref
lua_topointer
lua_pushlightuserdata
lua_touserdata
luaL_newstate
luaL_openlibs
lua_close
luaL_loadbuffer
lua_pushboolean
luaL_unref
lua_error
lua_toboolean
lua_pushlstring
lua_tointeger
lua_gettop
lua_setmetatable
lua_pushvalue
luaL_checkudata
lua_getfield
lua_pushstring
lua_pushinteger
lua_remove
lua_rawgeti
lua_call
lua_tonumber
lua_pushnil
luaL_newmetatable
lua_pushcclosure
lua_setfield
lua_settable
lua_type
lua_rawset
lua_createtable
lua_pushnumber
lua_tolstring
lua_settop
lua_isuserdata

hpsocket

HP_Destroy_TcpPackClient
HP_Create_TcpPackClient
HP_Destroy_TcpPullClient
HP_Create_TcpPackServer
HP_Destroy_TcpPackServer
HP_Destroy_TcpPullServer
HP_Create_TcpPullServer
HP_Create_TcpPullClient

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1738fefa50d0611937aaf1eda2e025f7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp100

msvcr100

lua51

hpsocket

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 367KB - Virtual size: 366KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 367KB - Virtual size: 366KB

.reloc
Size: 5KB - Virtual size: 5KB