Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Avira: detected |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
ReversingLabs: Detection: 47% |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Virustotal: Detection: 47% |
Perma Link |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Joe Sandbox ML: detected |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe, 00000000.00000002.3272105198.00007FF7B34AF000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: -----BEGIN PUBLIC KEY----- |
memstr_0a66293d-0 |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: |
Binary string: c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Source: |
Binary string: C:\Users\Datahost\Desktop\Fantastic\x64\Release\Usermode.pdb source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B34008C0: DeviceIoControl, |
0_2_00007FF7B34008C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33F8840 |
0_2_00007FF7B33F8840 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B34070A0 |
0_2_00007FF7B34070A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33D00B0 |
0_2_00007FF7B33D00B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33F2390 |
0_2_00007FF7B33F2390 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33F77F0 |
0_2_00007FF7B33F77F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33DD800 |
0_2_00007FF7B33DD800 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33DABB0 |
0_2_00007FF7B33DABB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33DFBD0 |
0_2_00007FF7B33DFBD0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33D1A90 |
0_2_00007FF7B33D1A90 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33CA230 |
0_2_00007FF7B33CA230 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33D1650 |
0_2_00007FF7B33D1650 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33EBEF0 |
0_2_00007FF7B33EBEF0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33D6160 |
0_2_00007FF7B33D6160 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33E0D80 |
0_2_00007FF7B33E0D80 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33C5530 |
0_2_00007FF7B33C5530 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33C8940 |
0_2_00007FF7B33C8940 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33F6DA0 |
0_2_00007FF7B33F6DA0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33ECDD0 |
0_2_00007FF7B33ECDD0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: String function: 00007FF7B3403610 appears 32 times |
|
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe, 00000000.00000002.3272105198.00007FF7B34AF000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameiQVW64.SYSH vs SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe, 00000000.00000000.1998743552.00007FF7B34AE000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameiQVW64.SYSH vs SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Binary or memory string: OriginalFilenameiQVW64.SYSH vs SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Binary string: \Device\Nal |
Source: classification engine |
Classification label: mal60.winEXE@2/0@0/0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5552:120:WilError_03 |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
ReversingLabs: Detection: 47% |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Virustotal: Detection: 47% |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
String found in binary or memory: iphlpapi.dllif_nametoindexkernel32LoadLibraryExA\/AddDllDirectory |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe" |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: d3dx9_43.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: d3d9.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static file information: File size 1368576 > 1048576 |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Source: |
Binary string: C:\Users\Datahost\Desktop\Fantastic\x64\Release\Usermode.pdb source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B34A9CDC memset,GetLastError,IsDebuggerPresent,OutputDebugStringW, |
0_2_00007FF7B34A9CDC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B34A9CDC memset,GetLastError,IsDebuggerPresent,OutputDebugStringW, |
0_2_00007FF7B34A9CDC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B33C5010 GetProcessHeap,_Init_thread_footer,_Init_thread_footer, |
0_2_00007FF7B33C5010 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B34A8F58 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF7B34A8F58 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.TrojanX-gen.8144.20316.exe |
Code function: 0_2_00007FF7B34A9AD8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00007FF7B34A9AD8 |