Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe
Analysis ID: 1669392
MD5: 0721899a23cc25d9aa4b557d7b838723
SHA1: 98cbe39796b4a803aff0a93d88c2a1972862b677
SHA256: 25be97eba936aa9b59b75bacdf0dd64e1d90012c351194506678c11f887a66ca
Tags: exeuser-SecuriteInfoCom
Infos:

Detection

Score: 64
Range: 0 - 100
Confidence: 100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Found API chain indicative of debugger detection
Found evasive API chain (may stop execution after checking mutex)
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection
barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Virustotal: Detection: 48% Perma Link
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Virustotal: Detection: 48% Perma Link
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe ReversingLabs: Detection: 75%
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B51B02 OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, 0_2_00B51B02
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B51B64 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z,__EH_prolog3,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, 0_2_00B51B64
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B51B02 OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, 0_2_00B51B02
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Process Stats: CPU usage > 49%
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B5B8FC 0_2_00B5B8FC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B6B069 0_2_00B6B069
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B69175 0_2_00B69175
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B5E150 0_2_00B5E150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B67225 0_2_00B67225
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B5C208 0_2_00B5C208
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B5CA72 0_2_00B5CA72
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B56C32 0_2_00B56C32
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B68C05 0_2_00B68C05
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B635B9 0_2_00B635B9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B5BDF0 0_2_00B5BDF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B696E5 0_2_00B696E5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B5C63D 0_2_00B5C63D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B69E61 0_2_00B69E61
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008DB8FC 1_2_008DB8FC
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008EB069 1_2_008EB069
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008DE150 1_2_008DE150
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008E9175 1_2_008E9175
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008DC208 1_2_008DC208
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008E7225 1_2_008E7225
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008DCA72 1_2_008DCA72
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008E8C05 1_2_008E8C05
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008D6C32 1_2_008D6C32
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008E35B9 1_2_008E35B9
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008DBDF0 1_2_008DBDF0
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008E96E5 1_2_008E96E5
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008DC63D 1_2_008DC63D
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008E9E61 1_2_008E9E61
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe, 00000000.00000002.3279432606.0000000000B79000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameSystem.exe. vs SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe, 00000000.00000003.836510924.0000000000D17000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSystem.exe. vs SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Binary or memory string: OriginalFilenameSystem.exe. vs SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: mal64.evad.winEXE@3/2@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe File created: C:\Users\user\AppData\Roaming\winapp Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Mutant created: \Sessions\1\BaseNamedObjects\drvoptimcxsq
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Command line argument: drvoptimcxsq 0_2_00B52147
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Command line argument: drvoptimcxsq 1_2_008D2147
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Virustotal: Detection: 48%
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe ReversingLabs: Detection: 75%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\winapp\winapp.exe "C:\Users\user\AppData\Roaming\winapp\winapp.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\winapp\winapp.exe "C:\Users\user\AppData\Roaming\winapp\winapp.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Section loaded: apphelp.dll Jump to behavior
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B51AE2 LoadLibraryA,GetProcAddress, 0_2_00B51AE2
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B5B106 push ecx; ret 0_2_00B5B119
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B5F675 push ecx; ret 0_2_00B5F688
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008DB106 push ecx; ret 1_2_008DB119
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008DF675 push ecx; ret 1_2_008DF688
Drops PE files
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe File created: C:\Users\user\AppData\Roaming\winapp\winapp.exe Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SystemServices Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SystemServices Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SystemServices Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SystemServices Jump to behavior

Malware Analysis System Evasion
barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Window / User API: threadDelayed 583 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Window / User API: threadDelayed 8844 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe API coverage: 7.8 %
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe API coverage: 1.9 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe TID: 6224 Thread sleep count: 583 > 30 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe TID: 6224 Thread sleep time: -29150000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe TID: 6252 Thread sleep count: 131 > 30 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe TID: 6252 Thread sleep time: -117900s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe TID: 6252 Thread sleep count: 8844 > 30 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe TID: 6252 Thread sleep time: -7959600s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Thread delayed: delay time: 50000 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe API call chain: ExitProcess graph end node

Anti Debugging
barindex
Found API chain indicative of debugger detection
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Debugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleep
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B52147 CreateMutexA,GetLastError,CloseHandle,ExitProcess,IsDebuggerPresent,CreateThread,Sleep, 0_2_00B52147
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B64D88 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 0_2_00B64D88
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B51AE2 LoadLibraryA,GetProcAddress, 0_2_00B51AE2
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B5ED47 GetProcessHeap, 0_2_00B5ED47
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B5F5A9 SetUnhandledExceptionFilter, 0_2_00B5F5A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B5F5CC SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00B5F5CC
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008DF5A9 SetUnhandledExceptionFilter, 1_2_008DF5A9
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: 1_2_008DF5CC SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_008DF5CC
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B5FA35 cpuid 0_2_00B5FA35
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, 0_2_00B6603F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeW,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement, 0_2_00B5D1C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: GetLocaleInfoEx,__wcsnicmp,_TestDefaultCountry,_TestDefaultCountry,__invoke_watson, 0_2_00B66A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, 0_2_00B65A3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, 0_2_00B653B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson, 0_2_00B5FB9F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: GetLocaleInfoEx, 0_2_00B62EF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: EnumSystemLocalesEx, 0_2_00B62EDE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, 0_2_00B65632
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, 1_2_008E603F
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeW,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement, 1_2_008DD1C3
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: GetLocaleInfoEx,__wcsnicmp,_TestDefaultCountry,_TestDefaultCountry,__invoke_watson,__invoke_watson, 1_2_008E6A9C
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, 1_2_008E5A3B
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson, 1_2_008DFB9F
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, 1_2_008E53B6
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: EnumSystemLocalesEx, 1_2_008E2EDE
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: GetLocaleInfoEx, 1_2_008E2EF4
Source: C:\Users\user\AppData\Roaming\winapp\winapp.exe Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, 1_2_008E5632
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe Code function: 0_2_00B5F3CC GetSystemTimeAsFileTime,GetCurrentThreadId,GetTickCount64,QueryPerformanceCounter, 0_2_00B5F3CC
windows-stand
Behavior
Click here to start
Slideshow Behavior Animation
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1669392 Sample: SecuriteInfo.com.Win32.Malw... Startdate: 19/04/2025 Architecture: WINDOWS Score: 64 17 Multi AV Scanner detection for submitted file 2->17 5 SecuriteInfo.com.Win32.MalwareX-gen.29444.24059.exe 1 3 2->5         started        9 winapp.exe 2->9         started        11 winapp.exe 2->11         started        process3 file4 13 C:\Users\user\AppData\Roaming\...\winapp.exe, PE32 5->13 dropped 15 C:\Users\user\...\winapp.exe:Zone.Identifier, ASCII 5->15 dropped 19 Found evasive API chain (may stop execution after checking mutex) 5->19 21 Found API chain indicative of debugger detection 5->21 23 Multi AV Scanner detection for dropped file 9->23 signatures5
No contacted IP infos