Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe
Analysis ID:	1669390
MD5:	562839ff96784f8ef8b7768534933a2c
SHA1:	5f223cf60e5dcfabb80742e1a1c33e8bc590c73b
SHA256:	0ba78b87fd8907401f8332f113dcef8f85d6ef4bb560faf03ec3988e91523631
Tags:	exeuser-SecuriteInfoCom
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Found large amount of non-executed APIs

Program does not show much activity (idle)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Virustotal: Detection: 63%			Perma Link
Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	ReversingLabs: Detection: 61%

Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Code function: 0_2_00007FF7C6BC2294 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,

0_2_00007FF7C6BC2294

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BA3518	0_2_00007FF7C6BA3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BA1000	0_2_00007FF7C6BA1000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BBFF7C	0_2_00007FF7C6BBFF7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BC6F1C	0_2_00007FF7C6BC6F1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BB75DC	0_2_00007FF7C6BB75DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BC15A0	0_2_00007FF7C6BC15A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BC75B8	0_2_00007FF7C6BC75B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BC3D68	0_2_00007FF7C6BC3D68
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BB7D6C	0_2_00007FF7C6BB7D6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BABD28	0_2_00007FF7C6BABD28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BADEF0	0_2_00007FF7C6BADEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BBA350	0_2_00007FF7C6BBA350
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BAAD00	0_2_00007FF7C6BAAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BB949C	0_2_00007FF7C6BB949C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BA9460	0_2_00007FF7C6BA9460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BC5278	0_2_00007FF7C6BC5278
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BADA78	0_2_00007FF7C6BADA78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BC2294	0_2_00007FF7C6BC2294

Source: classification engine

Classification label: mal48.winEXE@1/0@0/0

Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Virustotal: Detection: 63%
Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	ReversingLabs: Detection: 61%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

API coverage: 5.2 %

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Code function: 0_2_00007FF7C6BC2294 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,

0_2_00007FF7C6BC2294

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Code function: 0_2_00007FF7C6BB07B4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF7C6BB07B4

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Code function: 0_2_00007FF7C6BC34A4 GetProcessHeap,

0_2_00007FF7C6BC34A4

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BB07B4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7C6BB07B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BB0500 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF7C6BB0500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BB71E4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7C6BB71E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BB0994 SetUnhandledExceptionFilter,	0_2_00007FF7C6BB0994

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Code function: 0_2_00007FF7C6BC9040 cpuid

0_2_00007FF7C6BC9040

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_00007FF7C6BC5808
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: EnumSystemLocalesW,	0_2_00007FF7C6BBDFC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00007FF7C6BC606C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: GetLocaleInfoW,	0_2_00007FF7C6BC5F14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: EnumSystemLocalesW,	0_2_00007FF7C6BC5B64
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: GetLocaleInfoW,	0_2_00007FF7C6BBE354
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF7C6BC5CCC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: EnumSystemLocalesW,	0_2_00007FF7C6BC5C34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: GetLocaleInfoW,	0_2_00007FF7C6BC611C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF7C6BC6250

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Code function: 0_2_00007FF7C6BB0A00 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF7C6BB0A00

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Code function: 0_2_00007FF7C6BA3518 GetUserNameA,GetFileAttributesA,_invalid_parameter_noinfo_noreturn,

0_2_00007FF7C6BA3518

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1669390
Product:	CloudBasic
Start time:	23:06:15
Start date:	19.04.2025
Sample:	SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	562839ff96784f8ef8b7768534933a2c
SHA1:	5f223cf60e5dcfabb80742e1a1c33e8bc590c73b
SHA256:	0ba78b87fd8907401f8332f113dcef8f85d6ef4bb560faf03ec3988e91523631
Filetype:	Win64 Executable GUI (202006/5) 92.65%

Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

System Summary

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

System Summary

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe