Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe
Analysis ID:	1501343
MD5:	90b5da7657536a226fde8da73a417746
SHA1:	80fdc6cabb8e170241df17a5852e52a098782aa4
SHA256:	8b4daf990bbf15c272273df92ed829b3283199f593ffc239133fb1e3605e8ab7
Tags:	exe

Errors Corrupt sample or wrongly selected analyzer. Details: The %1 application cannot be run in Win32 mode.

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Contains functionality to call native functions

Contains functionality to query CPU information (cpuid)

PE / OLE file has an invalid certificate

Program does not show much activity (idle)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

ReversingLabs: Detection: 50%

Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF

Source:	Binary string: E:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\Driver Valorant\payson-ioctl-cheat-driver-main\build\driver\driver.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe
Source:	Binary string: !E:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\Driver Valorant\payson-ioctl-cheat-driver-main\build\driver\driver.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	String found in binary or memory: http://certs.apple.com/wwdrg3.der01
Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	String found in binary or memory: http://crl.apple.com/root.crl0
Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	String found in binary or memory: http://ocsp.apple.com/ocsp03-applerootca0.
Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	String found in binary or memory: http://ocsp.apple.com/ocsp03-wwdrg3010
Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	String found in binary or memory: https://www.apple.com/certificateauthority/0

Contains functionality to call native functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

Code function: 0_2_00007FF7F2631094 ExFreePoolWithTag,ExAllocatePool,ZwQuerySystemInformation,ExFreePoolWithTag,

0_2_00007FF7F2631094

PE / OLE file has an invalid certificate

Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

Static PE information: invalid certificate

Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

Binary string: \Device\OHGFsL490

Source: classification engine

Classification label: mal48.winEXE@1/0@0/0

Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

ReversingLabs: Detection: 50%

Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF

Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: E:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\Driver Valorant\payson-ioctl-cheat-driver-main\build\driver\driver.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe
Source:	Binary string: !E:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\Driver Valorant\payson-ioctl-cheat-driver-main\build\driver\driver.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	Binary or memory string: \Device\OHGFsL490
Source: SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe	Binary or memory string: \DosDevices\OHGFsL490

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

Code function: 0_2_00007FF7F2631700 cpuid

0_2_00007FF7F2631700

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

Code function: 0_2_00007FF7F263128C RtlGetVersion,

0_2_00007FF7F263128C

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Contacted Domains

Name	IP	Active
fp2e7a.wpc.phicdn.net	192.229.221.95	true

ID:	1501343
Product:	CloudBasic
Start time:	19:23:21
Start date:	29.08.2024
Sample:	SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	90b5da7657536a226fde8da73a417746
SHA1:	80fdc6cabb8e170241df17a5852e52a098782aa4
SHA256:	8b4daf990bbf15c272273df92ed829b3283199f593ffc239133fb1e3605e8ab7
Filetype:	Win64 Device Driver (generic) (12004/3) 74.95%

Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.10229.1578.exe