Edit tour
Windows
Analysis Report
SecuriteInfo.com.W32.PossibleThreat.13283.7399.exe
Overview
General Information
| Sample name: | SecuriteInfo.com.W32.PossibleThreat.13283.7399.exe |
| Analysis ID: | 1382043 |
| MD5: | d0985220a2cc3b185000f0ac9f36f60b |
| SHA1: | 4751c6239f2d28d78e5181addcd1a8faefdefe56 |
| SHA256: | baa5a2b99fcb2dab6877d2ffe34e15b9de0a4aa8e7722af223f3c092185418c4 |
| Tags: | exe |
| Infos: | |
 | |
Detection
| Score: | 36 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 0% |
Signatures
.NET source code contains potential unpacker
PE file contains section with special chars
Binary contains a suspicious time stamp
DLL planting / hijacking vulnerabilities found
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Found dropped PE file which has not been started or loaded
Installs a raw input device (often for capturing keystrokes)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Classification
Analysis Advice
| Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
| Sample searches for specific file, try point organization specific fake files to the analysis machine |
| Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
| Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
| Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook |
- System is w10x64
SecuriteInfo.com.W32.PossibleThreat.13283.7399.exe (PID: 7768 cmdline: C:\Users\u ser\Deskto p\Securite Info.com.W 32.Possibl eThreat.13 283.7399.e xe MD5: D0985220A2CC3B185000F0AC9F36F60B)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
- • Privilege Escalation
- • Compliance
- • Spreading
- • Networking
- • Key, Mouse, Clipboard, Microphone and Screen Capturing
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • HIPS / PFW / Operating System Protection Evasion
Click to jump to signature section
Show All Signature Results
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||