Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe

Overview

General Information

Sample name:	SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe
Analysis ID:	1446233
MD5:	c1367eaf2157e6a88432c899fc995104
SHA1:	7fac3e298b902d04213a5bf39a7db6848d34d099
SHA256:	50c87c9e9d89f20e6540b2f198244c1dc300026306c1b574d032c357f3f9e2af
Tags:	exe

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Uses Windows timers to delay execution

PE file contains executable resources (Code or Archives)

Program does not show much activity (idle)

Uses 32bit PE files

Classification

×

Process Tree

System is w10x64

SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe (PID: 908 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe" MD5: C1367EAF2157E6A88432C899FC995104)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe

Static PE information: Resource name: RT_VERSION type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79

Source: SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: sus21.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: msimg32.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: dwmapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	Section loaded: perfos.dll			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe

Window found: window name: TButton

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe

Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Uses Windows timers to delay execution

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe

User Timer Set: Timeout: 100ms

Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Virtualization/Sandbox Evasion	OS Credential Dumping	11 Virtualization/Sandbox Evasion	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 DLL Side-Loading	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe	3%	ReversingLabs

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1446233
Start date and time:	2024-05-23 01:30:16 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe
Detection:	SUS
Classification:	sus21.evad.winEXE@1/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.658242850154929
TrID:	Win32 Executable (generic) a (10002005/4) 99.38% InstallShield setup (43055/19) 0.43% Windows Screen Saver (13104/52) 0.13% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02%
File name:	SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe
File size:	960'512 bytes
MD5:	c1367eaf2157e6a88432c899fc995104
SHA1:	7fac3e298b902d04213a5bf39a7db6848d34d099
SHA256:	50c87c9e9d89f20e6540b2f198244c1dc300026306c1b574d032c357f3f9e2af
SHA512:	7c99fff15b0550302cc22076bf0d39842b63285c91ec26612fad34128f50d514abebc26300c4ebe378107dd7ca50f68f20f12dc3fb22fe46e6ede23e78d7bbe4
SSDEEP:	12288:ExxOzpB0WY2W3AgPHNQ4mD3+Ovqqt2lzbEOr21eL/LXPPnu5J6UnAG3n05RT2:QaAWY2W3AgPt23+Ov78zbEOieDLOf9n
TLSH:	40159E32F2815837D1672A7D4C1BA2E56929BF543A286D8B3FFC1D4C5F396813C25293
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	82cc72230ddd2285

Static PE Info

General

Entrypoint:	0x4c9be8
Entrypoint Section:	.itext
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:
Time Stamp:	0x46C7D1BA [Sun Aug 19 05:14:34 2007 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	a97bda7fc8829c5ad2627d7e2cfa446c

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFF0h
mov eax, 004C81ACh
call 00007F4360A62F31h
mov eax, dword ptr [004CD2C8h]
mov eax, dword ptr [eax]
call 00007F4360AC95F5h
mov eax, dword ptr [004CD2C8h]
mov eax, dword ptr [eax]
mov edx, 004C9C48h
call 00007F4360AC909Ch
mov ecx, dword ptr [004CD1D0h]
mov eax, dword ptr [004CD2C8h]
mov eax, dword ptr [eax]
mov edx, dword ptr [004C77D4h]
call 00007F4360AC95E4h
mov eax, dword ptr [004CD2C8h]
mov eax, dword ptr [eax]
call 00007F4360AC972Ch
call 00007F4360A60CEFh
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xd4000	0x2f06	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xe6000	0xf200	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xd9000	0xc61c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xd8000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xd489c	0x748	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xc73e4	0xc7400	7d8263a399e214f1211fb6a5d0c52b74	False	0.5125593044228356	data	6.546497020523588	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0xc9000	0xc60	0xe00	d20cb3ad8d4a660d3a709ee558bdc991	False	0.556640625	data	5.9342846493895935	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0xca000	0x34a0	0x3600	45ab7352a460aae2e8b825663a11aee2	False	0.42180266203703703	data	4.314718184995612	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0xce000	0x52a8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xd4000	0x2f06	0x3000	25ab783736c827f85d747af5c83d5deb	False	0.3085123697916667	data	5.008321998953415	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0xd7000	0x34	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0xd8000	0x18	0x200	4f0002177f85010cef45bf48736e0778	False	0.05078125	data	0.2108262677871819	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xd9000	0xc61c	0xc800	bb7716916f3eb2b78a752599543a96d8	False	0.57623046875	data	6.6562768419321	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0xe6000	0xf200	0xf200	253fa09c7edadca0bc8478630312ed93	False	0.471042097107438	data	6.172107733720928	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0xe6f58	0x134	data			0.38636363636363635
RT_CURSOR	0xe708c	0x134	data	English	United States	0.4642857142857143
RT_CURSOR	0xe71c0	0x134	data	English	United States	0.4805194805194805
RT_CURSOR	0xe72f4	0x134	data	English	United States	0.38311688311688313
RT_CURSOR	0xe7428	0x134	data	English	United States	0.36038961038961037
RT_CURSOR	0xe755c	0x134	data	English	United States	0.4090909090909091
RT_CURSOR	0xe7690	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	English	United States	0.4967532467532468
RT_CURSOR	0xe77c4	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"	English	United States	0.38636363636363635
RT_BITMAP	0xe78f8	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.43103448275862066
RT_BITMAP	0xe7ac8	0x1e4	Device independent bitmap graphic, 36 x 19 x 4, image size 380	English	United States	0.46487603305785125
RT_BITMAP	0xe7cac	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.43103448275862066
RT_BITMAP	0xe7e7c	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.39870689655172414
RT_BITMAP	0xe804c	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.4245689655172414
RT_BITMAP	0xe821c	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.5021551724137931
RT_BITMAP	0xe83ec	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.5064655172413793
RT_BITMAP	0xe85bc	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.39655172413793105
RT_BITMAP	0xe878c	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.5344827586206896
RT_BITMAP	0xe895c	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	English	United States	0.39655172413793105
RT_BITMAP	0xe8b2c	0x188	Device independent bitmap graphic, 24 x 24 x 4, image size 288			0.28061224489795916
RT_BITMAP	0xe8cb4	0x188	Device independent bitmap graphic, 24 x 24 x 4, image size 288	Catalan	Spain	0.30357142857142855
RT_BITMAP	0xe8e3c	0x188	Device independent bitmap graphic, 24 x 24 x 4, image size 288			0.29081632653061223
RT_BITMAP	0xe8fc4	0x188	Device independent bitmap graphic, 24 x 24 x 4, image size 288			0.3163265306122449
RT_BITMAP	0xe914c	0x110	Device independent bitmap graphic, 24 x 14 x 4, image size 168			0.40808823529411764
RT_BITMAP	0xe925c	0x110	Device independent bitmap graphic, 24 x 14 x 4, image size 168			0.4117647058823529
RT_BITMAP	0xe936c	0x188	Device independent bitmap graphic, 24 x 24 x 4, image size 288			0.2857142857142857
RT_BITMAP	0xe94f4	0x188	Device independent bitmap graphic, 24 x 24 x 4, image size 288			0.5255102040816326
RT_ICON	0xe967c	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.3588709677419355
RT_ICON	0xe9964	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	United States	0.581081081081081
RT_STRING	0xe9a8c	0xa8	data			0.5833333333333334
RT_STRING	0xe9b34	0xc0	data			0.3229166666666667
RT_STRING	0xe9bf4	0x164	data			0.46629213483146065
RT_STRING	0xe9d58	0x1dc	data			0.35714285714285715
RT_STRING	0xe9f34	0x274	data			0.37420382165605093
RT_STRING	0xea1a8	0x2a4	data			0.47633136094674555
RT_STRING	0xea44c	0x338	data			0.4211165048543689
RT_STRING	0xea784	0x248	data			0.4965753424657534
RT_STRING	0xea9cc	0x248	data			0.4777397260273973
RT_STRING	0xeac14	0x1ac	data			0.5654205607476636
RT_STRING	0xeadc0	0xcc	data			0.6764705882352942
RT_STRING	0xeae8c	0x114	data			0.6086956521739131
RT_STRING	0xeafa0	0x358	data			0.433411214953271
RT_STRING	0xeb2f8	0x3bc	data			0.3891213389121339
RT_STRING	0xeb6b4	0x374	data			0.3914027149321267
RT_STRING	0xeba28	0x360	data			0.36342592592592593
RT_STRING	0xebd88	0x354	data			0.41784037558685444
RT_STRING	0xec0dc	0xc0	data			0.625
RT_STRING	0xec19c	0x9c	data			0.6282051282051282
RT_STRING	0xec238	0x348	data			0.42142857142857143
RT_STRING	0xec580	0x3e4	data			0.3614457831325301
RT_STRING	0xec964	0x2ec	data			0.37566844919786097
RT_STRING	0xecc50	0x304	data			0.3432642487046632
RT_RCDATA	0xecf54	0x10	data			1.5
RT_RCDATA	0xecf64	0x300	data			0.7278645833333334
RT_RCDATA	0xed264	0x5ca	Delphi compiled form 'TfrmCpuUtilization'			0.4406207827260459
RT_RCDATA	0xed830	0x6faf	Delphi compiled form 'TfrmGraph'			0.6544367108530657
RT_RCDATA	0xf47e0	0x72b	Delphi compiled form 'TfrmLaunchExternalProgram'			0.5155313351498637
RT_GROUP_CURSOR	0xf4f0c	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.25
RT_GROUP_CURSOR	0xf4f20	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0xf4f34	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.25
RT_GROUP_CURSOR	0xf4f48	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0xf4f5c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0xf4f70	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0xf4f84	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0xf4f98	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_ICON	0xf4fac	0x22	data	English	United States	1.0
RT_VERSION	0xf4fd0	0x140	MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79	English	United States	0.565625

Imports

DLL	Import
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegCloseKey
user32.dll	GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
kernel32.dll	GetACP, Sleep, VirtualFree, VirtualAlloc, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringA, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
kernel32.dll	TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
user32.dll	CreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
gdi32.dll	WidenPath, UnrealizeObject, TextOutA, StrokePath, StrokeAndFillPath, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextCharacterExtra, SetTextColor, SetTextAlign, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetArcDirection, SelectPalette, SelectObject, SelectClipRgn, SelectClipPath, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32W, GetTextExtentPoint32A, GetTextCharacterExtra, GetTextAlign, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBkMode, GetBkColor, GetBitmapBits, GdiFlush, ExtTextOutA, ExtSelectClipRgn, ExtCreatePen, ExcludeClipRect, EndPath, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRoundRectRgn, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateEllipticRgnIndirect, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt, BeginPath, ArcTo, Arc
version.dll	VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
kernel32.dll	lstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, SystemTimeToFileTime, SizeofResource, SetThreadPriority, SetThreadLocale, SetProcessAffinityMask, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, QueryPerformanceFrequency, QueryPerformanceCounter, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStdHandle, GetProcessAffinityMask, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA, GetExitCodeThread, GetExitCodeProcess, GetEnvironmentVariableA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateProcessA, CreateFileA, CreateEventA, CompareStringA, CloseHandle
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey
ole32.dll	CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance
kernel32.dll	Sleep
ole32.dll	CLSIDFromString
oleaut32.dll	SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
comctl32.dll	_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
comdlg32.dll	GetSaveFileNameA, GetOpenFileNameA

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
Catalan	Spain

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exePID: 908, Parent PID: 4084

General

Target ID:	0
Start time:	19:31:37
Start date:	22/05/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe"
Imagebase:	0x400000
File size:	960'512 bytes
MD5 hash:	C1367EAF2157E6A88432C899FC995104
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly