Windows Analysis Report
SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe

Overview

General Information

Sample name: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe
Analysis ID: 1668996
MD5: c2a2873b168f44f9fb8cd7c3c046352e
SHA1: 7ea353322e6b3c17af620016a924a25ae902b5b7
SHA256: d022885f7d44bcbabb47a402cfa22005588b01efcd1a77b98bc6be19bcb296cd
Tags: exeuser-SecuriteInfoCom
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 21
Range: 0 - 100
Confidence: 60%

Signatures

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
PE file overlay found
Uses 32bit PE files

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: Data appended to the last section found
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: Section: .data ZLIB complexity 1.0012048192771084
Source: classification engine Classification label: sus21.evad.winEXE@0/0@0/0
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x12ce00
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Malware Analysis System Evasion

barindex
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Binary or memory string: PROCMON.EXE
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Binary or memory string: XENSERVICE.EXE
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Binary or memory string: MpVmp32EntryCoInitializeSecurityWriteProcessMemoryFreeLibraryLsaOpenPolicyAuditQuerySystemPolicyFlashWindowExAdjustWindowRectExGlobalMemoryStatusExCoInitializeExVirtualAllocExDestroyWindowShowWindowAnimateWindowUpdateWindowWSARecvCryptEncryptCryptDecryptUiaRaiseAutomationEventContinueDebugEventIsDebuggerPresentCheckRemoteDebuggerPresentCoImpersonateClientCoSetProxyBlanketWaitForSingleObjectAssignProcessToJobObjectGetWindowRectGetSystemPowerStatusQueryServiceStatusSetServiceStatusSetFocusGetProcAddressExitProcessOpenProcessDebugActiveProcessSetWindowPosGetCursorPosAdjustTokenPrivilegesGetSystemMetricsGetLastErrorQueryPerformanceCounterSetUnhandledExceptionFilterDrawMenuBarWSAStartupWSACleanupBeepGetNativeSystemInfoRaiseExceptionWow64DisableWow64FsRedirectionInitializeCriticalSectionOpenProcessTokenWSAIoctlDeviceIoControlSetSecurityDescriptorDaclWindowsCreateStringUiaClientsAreListeningRoInitializevmtoolsd.exeGetKeyStateGetAsyncKeyStateSetThreadExecutionStateSetSuspendStateSetCaptureGetSystemTimegethostbynameWriteFileReadFileTranslateMessageVirtualFreeLocalFreeGetErrorModeRoActivateInstanceCoCreateInstanceControlServiceEmptyClipboardOpenClipboardUiaHostProviderFromHwndbindCreateRemoteThreadCreateThreadGetCurrentProcessIdHeapAllocCoTaskMemAllocVirtualAllocGlobalAllocIsProcessInJobCryptProtectDataSetClipboardDatalstrcpyWRegDeleteKeyWMessageBoxWCreateMutexWLoadLibraryExWRegOpenKeyExWCreateWindowExWFindWindowExWGetVersionExWRegQueryValueExWRegSetValueExWCryptAcquireContextWDrawTextWCreateEventWCreateJobObjectWlstrcatWCreateProcessWLoadCursorWLogonUserWRegisterServiceCtrlHandlerWStartServiceCtrlDispatcherWOpenSCManagerWDialogBoxParamWSHGetFolderPathWOutputDebugStringWCreateFileMappingWwsprintfWLookupPrivilegeValueWShellExecuteWGetComputerNameWFindFirstFileWEncryptFileWDecryptFileWDeleteFileWCreateFileWPostMessageWGetMessageWFormatMessageWPeekMessageWDispatchMessageWSendMessageWStartServiceWQueryDosDeviceWCredReadWSystemFunction036GetTickCount64
No contacted IP infos