Windows Analysis Report
SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe

Overview

General Information

Sample name: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe
Analysis ID: 1468056
MD5: 02b1bc1d92b390560c7d7ff9aa8e4e79
SHA1: ab51a613b594c17a481eea7d43cac97cec124411
SHA256: a35e13209e866dbdc6ef31c72e55630438e04e1e175b441ec9f680076a846e93
Tags: exe
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to detect sleep reduction / modifications
Machine Learning detection for sample
Uses Windows timers to delay execution
Contains functionality to call native functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May check if the current machine is a sandbox (GetTickCount - Sleep)
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Virustotal: Detection: 9% Perma Link
Machine Learning detection for sample
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00405070 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn, 0_2_00405070
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00420314 GetClipboardData,CopyEnhMetaFileA,GetEnhMetaFileHeader, 0_2_00420314
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00430A64 GetKeyboardState,KiUserCallbackDispatcher, 0_2_00430A64
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00433974 NtdllDefWindowProc_A,GetCapture, 0_2_00433974
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0044DF14 NtdllDefWindowProc_A, 0_2_0044DF14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0044E6BC IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A, 0_2_0044E6BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0044E76C IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus, 0_2_0044E76C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00443268 GetSubMenu,SaveDC,RestoreDC,SaveDC,RestoreDC,NtdllDefWindowProc_A, 0_2_00443268
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00427524 NtdllDefWindowProc_A, 0_2_00427524
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0044840C 0_2_0044840C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0041ACFF 0_2_0041ACFF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00443268 0_2_00443268
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: String function: 004035D4 appears 32 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: String function: 00406020 appears 61 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: String function: 00403F98 appears 73 times
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe, 00000000.00000003.2012528482.0000000002124000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCOMCTL32.DLL.MUIj% vs SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Static PE information: Section: UPX1 ZLIB complexity 0.9915806361607142
Source: classification engine Classification label: mal60.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0041D7B4 GetLastError,FormatMessageA, 0_2_0041D7B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00408346 GetDiskFreeSpaceA, 0_2_00408346
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00413440 FindResourceA, 0_2_00413440
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Virustotal: Detection: 9%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Section loaded: wintypes.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0043A7A0 SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode, 0_2_0043A7A0
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0043ADD0 push 0043AE5Dh; ret 0_2_0043AE55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0042405C push 00424088h; ret 0_2_00424080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00426070 push 0042609Ch; ret 0_2_00426094
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00426000 push 0042602Ch; ret 0_2_00426024
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00426038 push 00426064h; ret 0_2_0042605C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_004260E0 push 0042610Ch; ret 0_2_00426104
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0043C098 push 0043C0C4h; ret 0_2_0043C0BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0042409C push 004240C8h; ret 0_2_004240C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_004260A8 push 004260D4h; ret 0_2_004260CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00426150 push 0042617Ch; ret 0_2_00426174
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00450164 push 004501BEh; ret 0_2_004501B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00426118 push 00426144h; ret 0_2_0042613C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00426188 push 004261B4h; ret 0_2_004261AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_004103AA push 00410422h; ret 0_2_0041041A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_004103AC push 00410422h; ret 0_2_0041041A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0041A456 push 0041A503h; ret 0_2_0041A4FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0041A458 push 0041A503h; ret 0_2_0041A4FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00410424 push 004104CCh; ret 0_2_004104C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0041A508 push 0041A598h; ret 0_2_0041A590
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_004505FC push 00450628h; ret 0_2_00450620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0042A5B4 push 0042A629h; ret 0_2_0042A621
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_004105B8 push 004105E4h; ret 0_2_004105DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0042A62C push 0042A685h; ret 0_2_0042A67D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00450634 push 0045065Ah; ret 0_2_00450652
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00412708 push ecx; mov dword ptr [esp], edx 0_2_0041270D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00426794 push 004267EDh; ret 0_2_004267E5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00430804 push ecx; mov dword ptr [esp], ecx 0_2_00430808
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0041A81C push 0041A848h; ret 0_2_0041A840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0040C8E8 push ecx; mov dword ptr [esp], edx 0_2_0040C8ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_004068AC push ecx; mov dword ptr [esp], eax 0_2_004068AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0042891C push 0042895Eh; ret 0_2_00428956
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0044AFC4 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow, 0_2_0044AFC4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0044DF9C PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, 0_2_0044DF9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_004361CC IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient, 0_2_004361CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0044E6BC IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A, 0_2_0044E6BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0044E76C IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus, 0_2_0044E76C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00435098 IsIconic,GetCapture, 0_2_00435098
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0043594C IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement, 0_2_0043594C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00423B14 MonitorFromWindow,MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect, 0_2_00423B14
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0043A7A0 SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode, 0_2_0043A7A0

Malware Analysis System Evasion
barindex
Contains functionality to detect sleep reduction / modifications
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0042A4B4 0_2_0042A4B4
Uses Windows timers to delay execution
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe User Timer Set: Timeout: 20ms Jump to behavior
Contains functionality to detect sandboxes (mouse cursor move detection)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: GetCurrentThreadId,GetCursorPos,WaitForSingleObject, 0_2_0044D50C
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe API coverage: 9.4 %
May check if the current machine is a sandbox (GetTickCount - Sleep)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0042A4B4 0_2_0042A4B4
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00405070 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn, 0_2_00405070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0041DD44 GetSystemInfo, 0_2_0041DD44
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0043A7A0 SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode, 0_2_0043A7A0
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA, 0_2_00405228
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: GetLocaleInfoA,GetACP, 0_2_0040C134
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: GetLocaleInfoA, 0_2_0040AB48
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: GetLocaleInfoA, 0_2_0040AB94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: GetLocaleInfoA, 0_2_00405B1E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: GetLocaleInfoA, 0_2_00405B20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_00409648 GetLocalTime, 0_2_00409648
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe Code function: 0_2_0043ADD0 GetVersion, 0_2_0043ADD0
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1468056 Sample: SecuriteInfo.com.Trojan-Dow... Startdate: 05/07/2024 Architecture: WINDOWS Score: 60 8 Multi AV Scanner detection for submitted file 2->8 10 Machine Learning detection for sample 2->10 5 SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe 2->5         started        process3 signatures4 12 Uses Windows timers to delay execution 5->12 14 Contains functionality to detect sleep reduction / modifications 5->14
No contacted IP infos