Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe
Analysis ID: 1669675
MD5: db2111a16754c3fc229d136f2a5e246d
SHA1: 58d2ddc44981a7b833a3059b263038484c7f7800
SHA256: 6037d6e0d87c675c64f4cda11e2ebf91ae62835a8306005fba28ac3773e81275
Tags: exeuser-SecuriteInfoCom
Infos:

Detection

Score: 84
Range: 0 - 100
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
Found direct / indirect Syscall (likely to bypass EDR)
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade debugger and weak emulator (self modifying code)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Detected potential crypto function
Entry point lies outside standard sections
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains sections with non-standard names
Potential time zone aware malware
Program does not show much activity (idle)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Virustotal: Detection: 56% Perma Link
Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe, 00000000.00000002.1318414502.00007FF78F44C000.00000040.00000001.01000000.00000003.sdmp
Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe, SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe, 00000000.00000002.1318414502.00007FF78F44C000.00000040.00000001.01000000.00000003.sdmp

System Summary
barindex
PE file contains section with special chars
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Static PE information: section name:
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Static PE information: section name: .idata
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3D6868 0_2_00007FF78F3D6868
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3E081C 0_2_00007FF78F3E081C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3CD818 0_2_00007FF78F3CD818
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F39A834 0_2_00007FF78F39A834
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3BBF20 0_2_00007FF78F3BBF20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F39D7A0 0_2_00007FF78F39D7A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3997A8 0_2_00007FF78F3997A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3CBFA8 0_2_00007FF78F3CBFA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F390FC0 0_2_00007FF78F390FC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3CAFC8 0_2_00007FF78F3CAFC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3D2E7C 0_2_00007FF78F3D2E7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F38B690 0_2_00007FF78F38B690
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F38DEA8 0_2_00007FF78F38DEA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F39B6AC 0_2_00007FF78F39B6AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3BA6D4 0_2_00007FF78F3BA6D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3D5D54 0_2_00007FF78F3D5D54
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3C5DE8 0_2_00007FF78F3C5DE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3CADC4 0_2_00007FF78F3CADC4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3BAC64 0_2_00007FF78F3BAC64
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F392448 0_2_00007FF78F392448
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3CDCDC 0_2_00007FF78F3CDCDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3CB3D8 0_2_00007FF78F3CB3D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3CD414 0_2_00007FF78F3CD414
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3CABB8 0_2_00007FF78F3CABB8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3C8220 0_2_00007FF78F3C8220
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3A1218 0_2_00007FF78F3A1218
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3BAA38 0_2_00007FF78F3BAA38
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3C62F4 0_2_00007FF78F3C62F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3D61E8 0_2_00007FF78F3D61E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F399204 0_2_00007FF78F399204
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3CA9B4 0_2_00007FF78F3CA9B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3CB1D4 0_2_00007FF78F3CB1D4
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: String function: 00007FF78F3CFE70 appears 166 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: String function: 00007FF78F3BF1F8 appears 281 times
Source: classification engine Classification label: mal84.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Virustotal: Detection: 56%
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Static file information: File size 2521088 > 1048576
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Static PE information: Raw size of icqhjgww is bigger than: 0x100000 < 0x211a00
Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe, 00000000.00000002.1318414502.00007FF78F44C000.00000040.00000001.01000000.00000003.sdmp
Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe, SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe, 00000000.00000002.1318414502.00007FF78F44C000.00000040.00000001.01000000.00000003.sdmp

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Unpacked PE file: 0.2.SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe.7ff78f380000.0.unpack :EW;.rsrc:W;.idata :W; :EW;icqhjgww:EW;wlbesyyd:EW;.pdata:R;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;icqhjgww:EW;wlbesyyd:EW;.pdata:R;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Static PE information: real checksum: 0x26bc18 should be: 0x27585f
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Static PE information: section name:
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Static PE information: section name: .idata
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Static PE information: section name:
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Static PE information: section name: icqhjgww
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Static PE information: section name: wlbesyyd
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Static PE information: section name: .pdataI
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Static PE information: section name: .taggant
Source: SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Static PE information: section name: entropy: 7.912590525282428

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior

Malware Analysis System Evasion
barindex
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Special instruction interceptor: First address: 7FF78F77973B instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe API coverage: 0.0 %
Potential time zone aware malware
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe System information queried: CurrentTimeZoneInformation Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe System information queried: ModuleInformation Jump to behavior

Anti Debugging
barindex
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Process queried: DebugObjectHandle Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Process queried: DebugPort Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe Code function: 0_2_00007FF78F3D1160 RtlEnterCriticalSection,RtlEnterCriticalSection,SetUnhandledExceptionFilter, 0_2_00007FF78F3D1160

HIPS / PFW / Operating System Protection Evasion
barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe NtQuerySystemInformation: Indirect: 0x7FF78F7130D1 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe NtQueryInformationProcess: Indirect: 0x7FF78F746DDB Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe NtQuerySystemInformation: Indirect: 0x7FF78F73E4C6 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe NtQueryInformationProcess: Indirect: 0x7FF78F746F33 Jump to behavior
windows-stand
Behavior
Click here to start
Slideshow Behavior Animation
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1669675 Sample: SecuriteInfo.com.Win64.Malw... Startdate: 20/04/2025 Architecture: WINDOWS Score: 84 8 Antivirus / Scanner detection for submitted sample 2->8 10 Multi AV Scanner detection for submitted file 2->10 12 PE file contains section with special chars 2->12 5 SecuriteInfo.com.Win64.MalwareX-gen.1919.22629.exe 2->5         started        process3 signatures4 14 Detected unpacking (changes PE section rights) 5->14 16 Tries to detect sandboxes and other dynamic analysis tools (window names) 5->16 18 Tries to evade debugger and weak emulator (self modifying code) 5->18 20 2 other signatures 5->20
No contacted IP infos