SecuriteInfo[.]com[.]Trojan[.]GenericKD[.]73751539[.]18726[.]10921[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.GenericKD.73751539.18726.10921.exe
Size

454KB
MD5

9c4a2a98a09549e8175607a271e202bf
SHA1

70b4b8fa0697f4d97f990f657ffd1d31d9f49d0e
SHA256

5739d0b3de0569d6c5a694dec0a289ff429c302f889bc8cea1f84b6765dbb571
SHA512

7ae08316d27ba4838a0048d9e3f2b715fae002745625226f263be3789f6e6bfcb66acbca33ecf2fe47593023684c6a23eea09242bd377a81eb7e81c4fdda4b55
SSDEEP

12288:CY5yuDQEzucHR8LBdKjtYQQvxNqlNl11z1eWH3M/aVYooS1G:/DqvxNsl11z1enaVRZ1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Trojan.GenericKD.73751539.18726.10921.exe

Files

SecuriteInfo.com.Trojan.GenericKD.73751539.18726.10921.exe
.exe windows:6 windows x86 arch:x86

26652bb3a532c6e6677f07e962e2716c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\удача\Desktop\NetMaster-1.0\Release\NetMaster_Client.pdb

Imports

kernel32

GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW
CreateProcessW
GetCurrentProcessId
Process32FirstW
DeleteFileA
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
ExpandEnvironmentStringsA
TerminateProcess
GetTickCount64
CreateEventW
WaitForSingleObject
GlobalUnlock
GlobalLock
GlobalSize
GetCommandLineW
WTSGetActiveConsoleSessionId
LocalFree
GetLocalTime
DeleteFileW
GetFileAttributesW
LocalAlloc
CreateDirectoryW
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetLastError
SetEvent
Sleep
GetComputerNameW
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
HeapReAlloc
CreatePipe
GetFileAttributesExW
GetExitCodeProcess
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
GetModuleFileNameW
CreateThread
CloseHandle
SetFilePointerEx
GetFileSizeEx
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
DuplicateHandle
ReadFile
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetEndOfFile
InitializeCriticalSectionAndSpinCount
SetLastError
RaiseException
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetCPInfo
CompareStringEx
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
GetStringTypeW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetLocaleInfoEx
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

LockWorkStation
GetLastInputInfo
SetProcessDPIAware
GetWindowTextLengthW
GetForegroundWindow
GetWindowTextW
SendInput
GetSystemMetrics
GetMessageExtraInfo
GetDC

gdi32

BitBlt
DeleteDC
CreateCompatibleDC
SelectObject
DeleteObject
CreateCompatibleBitmap

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExA
RegGetValueA
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
CreateProcessAsUserW
DuplicateTokenEx
GetUserNameW
SetServiceStatus
RegisterServiceCtrlHandlerW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
OpenSCManagerA
RegSetValueExW
StartServiceW
RegOpenKeyExW
ConvertStringSidToSidA
OpenServiceW
LookupAccountSidW
OpenServiceA
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
InitializeSecurityDescriptor

shell32

CommandLineToArgvW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
GetHGlobalFromStream
CoInitialize

oleaut32

SysAllocString
SysFreeString

ws2_32

htons
inet_pton
inet_ntop
connect
WSAStartup
__WSAFDIsSet
select
send
recv
closesocket
getaddrinfo
socket

iphlpapi

GetIfEntry2
GetBestInterfaceEx

wininet

InternetOpenUrlA
InternetOpenW
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile
HttpOpenRequestA

urlmon

URLDownloadToFileA

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationW
WTSFreeMemory

pdh

PdhOpenQueryW
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhAddEnglishCounterW

netapi32

NetLocalGroupAddMembers
NetUserGetInfo
NetUserAdd
NetApiBufferFree

gdiplus

GdipCloneImage
GdiplusStartup
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipFree
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipGetImageEncoders
GdiplusShutdown

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26652bb3a532c6e6677f07e962e2716c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

iphlpapi

wininet

urlmon

wtsapi32

pdh

netapi32

gdiplus

userenv

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 15KB - Virtual size: 15KB