Windows Analysis Report
SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe

Overview

General Information

Sample name: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe
Analysis ID: 1668996
MD5: c2a2873b168f44f9fb8cd7c3c046352e
SHA1: 7ea353322e6b3c17af620016a924a25ae902b5b7
SHA256: d022885f7d44bcbabb47a402cfa22005588b01efcd1a77b98bc6be19bcb296cd
Tags: exeuser-SecuriteInfoCom
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 21
Range: 0 - 100
Confidence: 60%

Signatures

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
PE file overlay found
Uses 32bit PE files

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
PE file overlay found
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: Data appended to the last section found
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: Section: .data ZLIB complexity 1.0012048192771084
Source: classification engine Classification label: sus21.evad.winEXE@0/0@0/0
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x12ce00
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Malware Analysis System Evasion
barindex
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Binary or memory string: PROCMON.EXE
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Binary or memory string: XENSERVICE.EXE
Source: SecuriteInfo.com.Trojan.Win32.Crypt.22572.26909.exe Binary or memory string: MpVmp32EntryCoInitializeSecurityWriteProcessMemoryFreeLibraryLsaOpenPolicyAuditQuerySystemPolicyFlashWindowExAdjustWindowRectExGlobalMemoryStatusExCoInitializeExVirtualAllocExDestroyWindowShowWindowAnimateWindowUpdateWindowWSARecvCryptEncryptCryptDecryptUiaRaiseAutomationEventContinueDebugEventIsDebuggerPresentCheckRemoteDebuggerPresentCoImpersonateClientCoSetProxyBlanketWaitForSingleObjectAssignProcessToJobObjectGetWindowRectGetSystemPowerStatusQueryServiceStatusSetServiceStatusSetFocusGetProcAddressExitProcessOpenProcessDebugActiveProcessSetWindowPosGetCursorPosAdjustTokenPrivilegesGetSystemMetricsGetLastErrorQueryPerformanceCounterSetUnhandledExceptionFilterDrawMenuBarWSAStartupWSACleanupBeepGetNativeSystemInfoRaiseExceptionWow64DisableWow64FsRedirectionInitializeCriticalSectionOpenProcessTokenWSAIoctlDeviceIoControlSetSecurityDescriptorDaclWindowsCreateStringUiaClientsAreListeningRoInitializevmtoolsd.exeGetKeyStateGetAsyncKeyStateSetThreadExecutionStateSetSuspendStateSetCaptureGetSystemTimegethostbynameWriteFileReadFileTranslateMessageVirtualFreeLocalFreeGetErrorModeRoActivateInstanceCoCreateInstanceControlServiceEmptyClipboardOpenClipboardUiaHostProviderFromHwndbindCreateRemoteThreadCreateThreadGetCurrentProcessIdHeapAllocCoTaskMemAllocVirtualAllocGlobalAllocIsProcessInJobCryptProtectDataSetClipboardDatalstrcpyWRegDeleteKeyWMessageBoxWCreateMutexWLoadLibraryExWRegOpenKeyExWCreateWindowExWFindWindowExWGetVersionExWRegQueryValueExWRegSetValueExWCryptAcquireContextWDrawTextWCreateEventWCreateJobObjectWlstrcatWCreateProcessWLoadCursorWLogonUserWRegisterServiceCtrlHandlerWStartServiceCtrlDispatcherWOpenSCManagerWDialogBoxParamWSHGetFolderPathWOutputDebugStringWCreateFileMappingWwsprintfWLookupPrivilegeValueWShellExecuteWGetComputerNameWFindFirstFileWEncryptFileWDecryptFileWDeleteFileWCreateFileWPostMessageWGetMessageWFormatMessageWPeekMessageWDispatchMessageWSendMessageWStartServiceWQueryDosDeviceWCredReadWSystemFunction036GetTickCount64
windows-stand
Behavior
Click here to start
Slideshow Behavior Animation
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1668996 Sample: SecuriteInfo.com.Trojan.Win... Startdate: 19/04/2025 Architecture: WINDOWS Score: 21 5 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->5
No contacted IP infos