Windows Analysis Report
SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe

Overview

General Information

Sample Name: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe
Analysis ID: 692698
MD5: db42ce7f8d1017e0188ae0e74a79bff3
SHA1: f016729adc016363afe15b09cd612d55ecd1e985
SHA256: ce834187e1948c46b9a3d6e9c6fbdb1893143e8b11717f180ee66a140e4baae4
Tags: exe
Infos:

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Contains functionality to inject code into remote processes
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Creates a DirectInput object (often for capturing keystrokes)
Uses 32bit PE files
Found inlined nop instructions (likely shell or obfuscated code)
Tries to load missing DLLs
Contains functionality to read the PEB
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
PE file contains more sections than normal
Contains functionality to dynamically determine API calls
Found large amount of non-executed APIs
Program does not show much activity (idle)
Creates a process in suspended mode (likely to inject code)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Virustotal: Detection: 20% Perma Link
Uses 32bit PE files
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, 32BIT_MACHINE
Source: Binary string: C:\Users\misha\source\repos\ClipperOffline\x64\Release\Clipper.pdb&& source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe, 00000000.00000002.252701478.00000000004B1000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe, 00000000.00000003.251872203.00000000001E0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\misha\source\repos\ClipperOffline\x64\Release\Clipper.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe, SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe, 00000000.00000002.252701478.00000000004B1000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe, 00000000.00000003.251872203.00000000001E0000.00000040.00001000.00020000.00000000.sdmp
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 4x nop then sub esp, 1Ch 0_2_0042D140
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 4x nop then sub esp, 1Ch 0_2_0041405C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 4x nop then sub esp, 1Ch 0_2_00414025
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 4x nop then sub esp, 1Ch 0_2_00414093
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 4x nop then sub esp, 1Ch 0_2_00414129
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 4x nop then mov eax, ecx 0_2_004951C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 4x nop then sub esp, 1Ch 0_2_004141F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 4x nop then sub esp, 1Ch 0_2_004141BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 4x nop then sub esp, 1Ch 0_2_0041422C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 4x nop then sub esp, 1Ch 0_2_00413AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 4x nop then sub esp, 1Ch 0_2_0042CD50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 4x nop then sub edx, 01h 0_2_0042CD30
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe String found in binary or memory: https://gcc.gnu.org/bugs/):
Creates a DirectInput object (often for capturing keystrokes)
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe, 00000000.00000002.252858338.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Uses 32bit PE files
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, 32BIT_MACHINE
Tries to load missing DLLs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe Section loaded: vcruntime140_1.dll Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0043E020 0_2_0043E020
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00420150 0_2_00420150
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_004441D0 0_2_004441D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_004511E0 0_2_004511E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00423270 0_2_00423270
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00443270 0_2_00443270
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00453200 0_2_00453200
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0041D3F0 0_2_0041D3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0044C420 0_2_0044C420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0041D430 0_2_0041D430
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_004274B0 0_2_004274B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00441540 0_2_00441540
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00442560 0_2_00442560
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00457520 0_2_00457520
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0041B5D0 0_2_0041B5D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0044E660 0_2_0044E660
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00452750 0_2_00452750
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0044B920 0_2_0044B920
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_004219C0 0_2_004219C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00425A80 0_2_00425A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0045EC00 0_2_0045EC00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00461C00 0_2_00461C00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00429C20 0_2_00429C20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0041DC90 0_2_0041DC90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00451C90 0_2_00451C90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00453D50 0_2_00453D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0044EE10 0_2_0044EE10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0044DED0 0_2_0044DED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0044CED0 0_2_0044CED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0044AEF0 0_2_0044AEF0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: String function: 004A2EF0 appears 43 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: String function: 00494F00 appears 516 times
PE file contains more sections than normal
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Static PE information: Number of sections : 16 > 10
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Virustotal: Detection: 20%
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:151576:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5084:120:WilError_01
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe String found in binary or memory: -stop
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe String found in binary or memory: -stop
Source: classification engine Classification label: mal64.evad.winEXE@5/1@0/0
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Static file information: File size 2488287 > 1048576
Source: Binary string: C:\Users\misha\source\repos\ClipperOffline\x64\Release\Clipper.pdb&& source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe, 00000000.00000002.252701478.00000000004B1000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe, 00000000.00000003.251872203.00000000001E0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\misha\source\repos\ClipperOffline\x64\Release\Clipper.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe, SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe, 00000000.00000002.252701478.00000000004B1000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe, 00000000.00000003.251872203.00000000001E0000.00000040.00001000.00020000.00000000.sdmp
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0047A0C0 push edx; mov dword ptr [esp], ebx 0_2_0047A407
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0047A0C0 push eax; mov dword ptr [esp], ebx 0_2_0047A433
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00467140 push eax; mov dword ptr [esp], ebx 0_2_00467726
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_004661E0 push eax; mov dword ptr [esp], ebx 0_2_004667E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_004792C0 push edx; mov dword ptr [esp], ebx 0_2_0047951F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_004792C0 push eax; mov dword ptr [esp], ebx 0_2_00479539
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00471280 push eax; mov dword ptr [esp], ebx 0_2_0047144B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_004694F0 push eax; mov dword ptr [esp], ebx 0_2_004696D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00476600 push eax; mov dword ptr [esp], ebx 0_2_00476734
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00493680 push eax; mov dword ptr [esp], esi 0_2_004A8EDD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0047A6A0 push edx; mov dword ptr [esp], ebx 0_2_0047A9E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0047A6A0 push eax; mov dword ptr [esp], ebx 0_2_0047AA13
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00467760 push eax; mov dword ptr [esp], ebx 0_2_00467D46
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00476860 push eax; mov dword ptr [esp], ebx 0_2_00476993
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00466820 push eax; mov dword ptr [esp], ebx 0_2_00466E20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00493820 push eax; mov dword ptr [esp], esi 0_2_004A8EDD
PE file contains sections with non-standard names
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Static PE information: section name: /4
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Static PE information: section name: /14
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Static PE information: section name: /29
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Static PE information: section name: /41
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Static PE information: section name: /55
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Static PE information: section name: /67
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Static PE information: section name: /80
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Static PE information: section name: /91
Source: SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Static PE information: section name: /102
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_004014E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_004014E0
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe API coverage: 7.0 %
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_004C2D6C mov eax, dword ptr fs:[00000030h] 0_2_004C2D6C
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_004014E0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_004014E0
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0040115C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit,_amsg_exit,_initterm,GetStartupInfoA,_initterm,exit, 0_2_0040115C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_00401150 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit, 0_2_00401150
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_004013C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit,_amsg_exit,_initterm, 0_2_004013C9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0041BE6C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort, 0_2_0041BE6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0041BE70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort, 0_2_0041BE70

HIPS / PFW / Operating System Protection Evasion
barindex
Writes to foreign memory regions
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 820000 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 7A3008 Jump to behavior
Contains functionality to inject code into remote processes
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_004C2DA1 CreateProcessW,GetThreadContext,ReadProcessMemory,VirtualAlloc,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualProtectEx,VirtualFree,WriteProcessMemory,SetThreadContext, 0_2_004C2DA1
Allocates memory in foreign processes
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 820000 protect: page execute and read and write Jump to behavior
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 820000 value starts with: 4D5A Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe Code function: 0_2_0041BDC0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, 0_2_0041BDC0
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 692698 Sample: SecuriteInfo.com.W32.AIDete... Startdate: 30/08/2022 Architecture: WINDOWS Score: 64 16 Multi AV Scanner detection for submitted file 2->16 7 SecuriteInfo.com.W32.AIDetect.malware2.13557.16812.exe 1 2->7         started        process3 signatures4 18 Contains functionality to inject code into remote processes 7->18 20 Writes to foreign memory regions 7->20 22 Allocates memory in foreign processes 7->22 24 Injects a PE file into a foreign processes 7->24 10 AppLaunch.exe 1 7->10         started        12 conhost.exe 7->12         started        process5 process6 14 conhost.exe 10->14         started       
No contacted IP infos