Windows Analysis Report
SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe
Analysis ID: 1657175
MD5: 78fb9a24cb16724c688ae296d9f26b29
SHA1: 516a768b727718fe8447edd8e8350a72e6d2f9b0
SHA256: 15275e41caf50033c4a45cd20722042d192f981b35101e14c6ef34194726cdc4
Tags: exeuser-SecuriteInfoCom
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 48
Range: 0 - 100
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Virustotal: Detection: 56% Perma Link
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe ReversingLabs: Detection: 62%
Source: Binary string: /_/Source/ExcelDna.ManagedHost/obj/Release/net452/ExcelDna.ManagedHost.pdbSHA256LN source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe
Source: Binary string: C:\Work\Excel-DNA\ExcelDna\Source\ExcelDna\x64\Release\ExcelDna64.pdb source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe
Source: Binary string: /_/Source/ExcelDna.ManagedHost/obj/Release/net452/ExcelDna.ManagedHost.pdb source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe String found in binary or memory: https://github.com/Excel-DNA/ExcelDna
PE file contains executable resources (Code or Archives)
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: Resource name: ASSEMBLY type: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Binary or memory string: OriginalFilenameExcelDna.ManagedHost.dll~/ vs SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Binary or memory string: OriginalFilenameExcelDna.xll~/ vs SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe
Source: classification engine Classification label: mal48.winEXE@0/0@0/0
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Virustotal: Detection: 56%
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe ReversingLabs: Detection: 62%
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe String found in binary or memory: <DnaLibrary xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="First Add-In" RuntimeVersion="v4.0" ShadowCopyFiles="false" DefaultReferences="true" DefaultImports="true" DisableAssemblyContextUnload="false" xmlns="http://schemas.excel-dna.net/addin/2020/07/dnalibrary">
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: More than 8191 > 100 exports found
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: Image base 0x180000000 > 0x60000000
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: /_/Source/ExcelDna.ManagedHost/obj/Release/net452/ExcelDna.ManagedHost.pdbSHA256LN source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe
Source: Binary string: C:\Work\Excel-DNA\ExcelDna\Source\ExcelDna\x64\Release\ExcelDna64.pdb source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe
Source: Binary string: /_/Source/ExcelDna.ManagedHost/obj/Release/net452/ExcelDna.ManagedHost.pdb source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Win64.Malware-gen.10443.22218.exe Static PE information: section name: _RDATA
windows-stand
Behavior
Click here to start
Slideshow Behavior Animation
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1657175 Sample: SecuriteInfo.com.Win64.Malw... Startdate: 05/04/2025 Architecture: WINDOWS Score: 48 5 Multi AV Scanner detection for submitted file 2->5
No contacted IP infos