Edit tour
Windows
Analysis Report
SecuriteInfo.com.Trojan.Siggen29.2530.21543.30910.exe
Overview
General Information
Detection
Score: | 38 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 20% |
Signatures
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Detected potential unwanted application
Machine Learning detection for dropped file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
AV process strings found (often used to terminate AV products)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
- SecuriteInfo.com.Trojan.Siggen29.2530.21543.30910.exe (PID: 3624 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Sig gen29.2530 .21543.309 10.exe" MD5: 12397B82DFE524F38DDCA22CA5636DDB)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
Timestamp: | 2024-08-28T11:39:31.571925+0200 |
SID: | 2008438 |
Severity: | 1 |
Source Port: | 80 |
Destination Port: | 49807 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-08-28T11:39:31.571925+0200 |
SID: | 2001046 |
Severity: | 3 |
Source Port: | 80 |
Destination Port: | 49807 |
Protocol: | TCP |
Classtype: | Misc activity |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Binary or memory string: | memstr_7037dbd4-b |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Suricata IDS: |
Source: | HTTP traffic detected: |