SecuriteInfo[.]com[.]Win64[.]CrypterX-gen[.]16795[.]29737[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win64.CrypterX-gen.16795.29737.exe
Size

2.0MB
MD5

38651750a4d1afe068efba3447a50469
SHA1

e383fdea712bee0f9f9103bf2e8a16cbef82e65a
SHA256

9bf7a01254fed809e0f564f28a3cf54156ea98f85d3b633ae3a213a87f9db143
SHA512

3c7fbbbaf14d0b7f37116590987e2a814985f0c6ee7ff95cd63be173d611c25490ec8a71c922499bbdeb3a6539c59b4235486edc2f5957c16c4e7e07eb7278ce
SSDEEP

24576:hSgLkeAeOgs3/LqqMI0RCsmehnFJznYQgk2iiemMN2AAf1/Uc:YgLkDL+je4W19

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Win64.CrypterX-gen.16795.29737.exe

Files

SecuriteInfo.com.Win64.CrypterX-gen.16795.29737.exe
.exe windows:6 windows x64 arch:x64

ba1c6d9fb21c2c50cb76a1b347c2ecd9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetDiskFreeSpaceExW
GetFileSizeEx
GetLogicalDriveStringsW
GetTempFileNameW
ReadFile
ReadFileEx
SetEndOfFile
SetFilePointerEx
UnlockFile
GetCompressedFileSizeW
PostQueuedCompletionStatus
Sleep
GetCurrentProcess
ExitProcess
GetExitCodeProcess
SwitchToThread
GetCurrentThread
GetCurrentThreadId
GetThreadPriorityBoost
GetThreadPriority
SuspendThread
GetProcessVersion
GetProcessHandleCount
QueueUserWorkItem
IsProcessInJob
GetProcessAffinityMask
ConvertThreadToFiber
lstrcmpiW
lstrcatW
FlushFileBuffers
CheckNameLegalDOS8Dot3W
FindFirstVolumeMountPointW
SetVolumeMountPointW
GetDateFormatW
GetCPInfo
GetLocaleInfoW
IsValidLanguageGroup
GetGeoInfoW
ConvertDefaultLocale
EnumUILanguagesW
AttachConsole
ReadConsoleW
SetConsoleCtrlHandler
GenerateConsoleCtrlEvent
SetConsoleCP
SetConsoleOutputCP
SetConsoleCursorPosition
WriteConsoleOutputAttribute
GetNumberOfConsoleMouseButtons
GetConsoleWindow
WriteConsoleW
CloseHandle
CreateFileW
GetConsoleMode
GetConsoleOutputCP
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
FindFirstFileW
FindFirstChangeNotificationW
FindCloseChangeNotification
SetCurrentDirectoryW
SetEnvironmentVariableW
SetStdHandle
BackupRead
GetModuleHandleA
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
GetFileType
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleHandleExW
TerminateProcess
GetModuleFileNameW
WriteFile
GetStdHandle
RtlPcToFileHeader
RaiseException
EncodePointer
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwindEx
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter

winspool.drv

FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
ScheduleJob
ReadPrinter
WritePrinter
FindClosePrinterChangeNotification
AbortPrinter

comdlg32

CommDlgExtendedError
PrintDlgW
ChooseFontW
GetFileTitleW
GetSaveFileNameW
GetOpenFileNameW
PageSetupDlgW

shell32

ord716
SHBindToParent
SHGetSettings
ord176
ord6
CommandLineToArgvW
DragQueryFileW
DragQueryPoint
DragFinish
FindExecutableW
ShellAboutW
DuplicateIcon
ShellExecuteExW
SHQueryRecycleBinW
SHEmptyRecycleBinW
Shell_NotifyIconW
SHGetDiskFreeSpaceExW
SHSetLocalizedName
ord727
SHGetIconOverlayIndexW
ord18
ord19
ord25
ord155
ord153
ord152
ord24
ord190
ord75
ord47
SHGetDataFromIDListW
SHGetInstanceExplorer
ord4
ord21
ord23
ord2
ord192
SHChangeNotify
ord27
SHGetDesktopFolder

ole32

CoGetCurrentProcess
CoUninitialize
CoMarshalInterface
CoUnmarshalInterface
CoMarshalHresult
CoDisconnectObject
CoLockObjectExternal
CoGetStandardMarshal
CoIsHandlerConnected
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoGetCallContext
CoQueryProxyBlanket
CoSetProxyBlanket
CoQueryClientBlanket
CoImpersonateClient
CoSwitchCallContext
CoGetCallerTID
CoGetCurrentLogicalThreadId
CoGetContextToken
CoGetClassObject
OleSetAutoConvert
OleGetAutoConvert
OleDoAutoConvert
OleRegGetMiscStatus
OleRegGetUserType
OleGetIconOfFile
GetRunningObjectTable
CoGetObject
BindMoniker
CoInstall
CoTreatAsClass
CoIsOle1Class
CoGetInstanceFromIStorage
CoRevokeInitializeSpy
CLSIDFromProgIDEx
CoFileTimeNow
CoTaskMemFree
CoTaskMemAlloc
CoInvalidateRemoteMachineBindings
CoGetTreatAsClass
CoWaitForMultipleHandles
CLSIDFromProgID
CoResumeClassObjects
IIDFromString
StringFromIID
CLSIDFromString
CoDisableCallCancellation
CoTestCancel
CoGetMarshalSizeMax
CoGetCancelObject
CoUnmarshalHresult

version

VerFindFileW
VerQueryValueW
GetFileVersionInfoW
VerInstallFileW

gdiplus

GdiplusStartup

userenv

GetUserProfileDirectoryW
GetProfilesDirectoryW

dxgi

CreateDXGIFactory

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba1c6d9fb21c2c50cb76a1b347c2ecd9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winspool.drv

comdlg32

shell32

ole32

version

gdiplus

userenv

dxgi

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 5KB - Virtual size: 24KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 5KB - Virtual size: 24KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB