Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe

PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows

initial sample

Details

Filetype:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Entropy:	5.584191090725657
Filename:	SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe
Filesize:	3909440
MD5:	0313d8be33d8d352e3b7b6a24dd71943
SHA1:	59f4008aee2f98560b2155f03cc1da34fd7fa789
SHA256:	978aae287c78d11d1e0d76a35d78554b97039a26bf96b21f59de7112f4176a19
SHA512:	11e4928df8aee585dea7b14717b8e55c30a290354a192c13646b82945253221ca723d8d81b5087eeb215c852457c240198671e9005867992c4a3fe7302c7a5c6
SSDEEP:	98304:5fg6btywSSvRky24I/sQQQQQQQQQQQQQ0:K/r4n
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....$e......................;...............@...............................A.......;...`... ............................

Signature Hits	Behavior Group	Mitre Attack
Contains functionality for execution timing, often used to detect debuggers	Malware Analysis System Evasion, Anti Debugging	Security Software Discovery
Contains functionality to call native functions	System Summary
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Enables debug privileges	Anti Debugging	Security Software Discovery
Found inlined nop instructions (likely shell or obfuscated code)	Software Vulnerabilities
Found large amount of non-executed APIs	Malware Analysis System Evasion
Found potential string decryption / allocating functions	System Summary	Deobfuscate/Decode Files or Information Obfuscated Files or Information
PE file contains an invalid checksum	Data Obfuscation
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery System Information Discovery
Contains functionality to register its own exception handler	Anti Debugging
Creates files inside the user directory	System Summary	Masquerading
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Executable is probably coded in Go lang	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
PE file has an executable .text section and no other executable section	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Security Software Discovery Process Discovery
Reads software policies	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\log\securelink_securebox.log.0

ASCII text

dropped

Details

File:	C:\Users\log\securelink_securebox.log.0
Category:	dropped
Dump:	securelink_securebox.log.0.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe
Type:	ASCII text
Entropy:	5.201870619894299
Encrypted:	false
Ssdeep:	12:oz5j8ODlbKKp5Ldc52y1ST5DnHk5/Vc5X7GXp5H0X/hXyk5TITC7btDFBkG43D:oz1G8FKAy4T1EDcp7G5tC5S2FbkGyD
Size:	694
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe"

Details

Is windows:	false
Is dropped:	false
PID:	1272
Target ID:	0
Parent PID:	4056
Name:	SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe"
Size:	3909440
MD5:	0313D8BE33D8D352E3B7B6A24DD71943
Time:	19:31:36
Date:	22/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x410000
Modulesize:	4321280
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
PE file contains an invalid checksum	Data Obfuscation
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
PE file has an executable .text section and no other executable section	System Summary
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://www.wangsu.com/product/1810

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

C00004E000

direct allocation

page read and write

C000082000

direct allocation

page read and write

C0000CA000

direct allocation

page read and write

C0000A4000

direct allocation

page read and write

C00007A000

direct allocation

page read and write

C0000A0000

direct allocation

page read and write

25D7DEEC000

direct allocation

page read and write

C000016000

direct allocation

page read and write

660000

unkown

page readonly

C000036000

direct allocation

page read and write

C0000B0000

direct allocation

page read and write

7BD000

unkown

page read and write

626000

unkown

page write copy

CD293FF000

stack

page read and write

C0000DC000

direct allocation

page read and write

610000

unkown

page write copy

C00014C000

direct allocation

page read and write

659000

unkown

page read and write

5D6000

unkown

page write copy

C000000000

direct allocation

page read and write

C00013B000

direct allocation

page read and write

C00021C000

direct allocation

page read and write

25D7DF60000

trusted library allocation

page read and write

C000026000

direct allocation

page read and write

C00009E000

direct allocation

page read and write

C0000D8000

direct allocation

page read and write

568000

unkown

page write copy

5D6000

unkown

page write copy

C0000A8000

direct allocation

page read and write

60A000

unkown

page write copy

C00000C000

direct allocation

page read and write

C000028000

direct allocation

page read and write

C000032000

direct allocation

page read and write

CD28BFF000

stack

page read and write

25D78AE0000

heap

page read and write

C0000A6000

direct allocation

page read and write

25D7DDD0000

direct allocation

page read and write

C00014A000

direct allocation

page read and write

C00002F000

direct allocation

page read and write

C0000C2000

direct allocation

page read and write

C00000E000

direct allocation

page read and write

25D78B00000

direct allocation

page read and write

C00007E000

direct allocation

page read and write

CD291FF000

stack

page read and write

660000

unkown

page readonly

C000080000

direct allocation

page read and write

C000012000

direct allocation

page read and write

7EE000

unkown

page read and write

C00018A000

direct allocation

page read and write

C00006E000

direct allocation

page read and write

C00020A000

direct allocation

page read and write

C00008E000

direct allocation

page read and write

410000

unkown

page readonly

C000010000

direct allocation

page read and write

411000

unkown

page execute read

410000

unkown

page readonly

818000

unkown

page read and write

C00009A000

direct allocation

page read and write

C0000AC000

direct allocation

page read and write

25D78B5D000

heap

page read and write

CD28DFE000

stack

page read and write

C000002000

direct allocation

page read and write

629000

unkown

page write copy

25D7DF60000

trusted library allocation

page read and write

C0000AE000

direct allocation

page read and write

631000

unkown

page write copy

C00018C000

direct allocation

page read and write

CD283FD000

stack

page read and write

C000184000

direct allocation

page read and write

C000122000

direct allocation

page read and write

C00003B000

direct allocation

page read and write

C000023000

direct allocation

page read and write

C00000A000

direct allocation

page read and write

65C000

unkown

page read and write

C000042000

direct allocation

page read and write

C00013E000

direct allocation

page read and write

C000052000

direct allocation

page read and write

25D78C54000

direct allocation

page read and write

CD28FFE000

stack

page read and write

C000096000

direct allocation

page read and write

C000202000

direct allocation

page read and write

622000

unkown

page write copy

411000

unkown

page execute read

646000

unkown

page read and write

C000046000

direct allocation

page read and write

59A000

unkown

page write copy

C000124000

direct allocation

page read and write

5B6000

unkown

page write copy

626000

unkown

page read and write

60A000

unkown

page write copy

C0000AA000

direct allocation

page read and write

C0000B6000

direct allocation

page read and write

25D7DDB0000

direct allocation

page read and write

81D000

unkown

page read and write

25D78B10000

heap

page read and write

C000119000

direct allocation

page read and write

25D78C59000

direct allocation

page read and write

C000034000

direct allocation

page read and write

820000

unkown

page readonly

820000

unkown

page readonly

C00003D000

direct allocation

page read and write

CD287FF000

stack

page read and write

C0000EC000

direct allocation

page read and write

81D000

unkown

page write copy

C00012C000

direct allocation

page read and write

C000246000

direct allocation

page read and write

59A000

unkown

page write copy

C0000FE000

direct allocation

page read and write

C000092000

direct allocation

page read and write

5F6000

unkown

page write copy

C000117000

direct allocation

page read and write

7E7000

unkown

page read and write

602000

unkown

page write copy

25D78C50000

direct allocation

page read and write

C000098000

direct allocation

page read and write

64F000

unkown

page read and write

5F6000

unkown

page write copy

25D7DEE0000

direct allocation

page read and write

C000008000

direct allocation

page read and write

C000004000

direct allocation

page read and write

C000058000

direct allocation

page read and write

5B6000

unkown

page write copy

C000076000

direct allocation

page read and write

815000

unkown

page read and write

C000072000

direct allocation

page read and write

C000139000

direct allocation

page read and write

25D78B20000

heap

page read and write

C00011C000

direct allocation

page read and write

55F000

unkown

page write copy

C000014000

direct allocation

page read and write

25D78B56000

heap

page read and write

25D78B50000

heap

page read and write

25D7DDC0000

direct allocation

page read and write

C00008C000

direct allocation

page read and write

25D7DEE2000

direct allocation

page read and write

C000120000

direct allocation

page read and write

25D78A00000

heap

page read and write

63F000

unkown

page read and write

C000128000

direct allocation

page read and write

C000110000

direct allocation

page read and write

C000200000

direct allocation

page read and write

610000

unkown

page write copy

C0000B8000

direct allocation

page read and write

C000084000

direct allocation

page read and write

C000113000

direct allocation

page read and write

C000208000

direct allocation

page read and write

C000090000

direct allocation

page read and write

C00001E000

direct allocation

page read and write

C000218000

direct allocation

page read and write

656000

unkown

page read and write

C000214000

direct allocation

page read and write

C000094000

direct allocation

page read and write

C000210000

direct allocation

page read and write

C00003F000

direct allocation

page read and write

C000088000

direct allocation

page read and write

64C000

unkown

page read and write

63D000

unkown

page read and write

C00023C000

direct allocation

page read and write

C000056000

direct allocation

page read and write

652000

unkown

page read and write

CD285FE000

stack

page read and write

C000060000

direct allocation

page read and write

C000039000

direct allocation

page read and write

649000

unkown

page read and write

25D78B15000

heap

page read and write

C000146000

direct allocation

page read and write

CD289FE000

stack

page read and write

622000

unkown

page write copy

C000244000

direct allocation

page read and write

C0000F0000

direct allocation

page read and write

C000206000

direct allocation

page read and write

55F000

unkown

page read and write

C000018000

direct allocation

page read and write

C00005C000

direct allocation

page read and write

62F000

unkown

page read and write

C000137000

direct allocation

page read and write

602000

unkown

page write copy

C000135000

direct allocation

page read and write

There are 168 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe

Files

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe

Files

Processes

URLs

Memdumps

IOC Report
SecuriteInfo.com.Trojan.WinGo.Agent.10211.5558.exe