Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe
Analysis ID:	1501347
MD5:	b4058ae5bcba18dfc8928ef170a6e718
SHA1:	4be4709fdec8ac308b84dcf7c551a2210f65a964
SHA256:	fcfa5ee7cd4c0addaf13587e94377fb9bf2501636a3be72027c52c98105293e6
Tags:	exe

Errors Corrupt sample or wrongly selected analyzer. Details: The %1 application cannot be run in Win32 mode.

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Contains functionality to call native functions

Contains functionality to query CPU information (cpuid)

PE / OLE file has an invalid certificate

Program does not show much activity (idle)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

ReversingLabs: Detection: 50%

Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF

Source:	Binary string: E:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\Cheat Fortnite\Driver Fortnite Private Store\payson-ioctl-cheat-driver-main\build\driver\driver.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe
Source:	Binary string: E:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\Cheat Fortnite\Driver Fortnite Private Store\payson-ioctl-cheat-driver-main\build\driver\driver.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe	String found in binary or memory: http://certs.apple.com/wwdrg3.der01
Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe	String found in binary or memory: http://crl.apple.com/root.crl0
Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe	String found in binary or memory: http://ocsp.apple.com/ocsp03-applerootca0.
Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe	String found in binary or memory: http://ocsp.apple.com/ocsp03-wwdrg3010
Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe	String found in binary or memory: https://www.apple.com/certificateauthority/0

Contains functionality to call native functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

Code function: 0_2_00007FF603631094 ExFreePoolWithTag,ExAllocatePool,ZwQuerySystemInformation,ExFreePoolWithTag,

0_2_00007FF603631094

PE / OLE file has an invalid certificate

Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

Static PE information: invalid certificate

Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

Binary string: \Device\microsoftedge

Source: classification engine

Classification label: mal48.winEXE@1/0@0/0

Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

ReversingLabs: Detection: 50%

Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF

Source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: E:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\Cheat Fortnite\Driver Fortnite Private Store\payson-ioctl-cheat-driver-main\build\driver\driver.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe
Source:	Binary string: E:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\Cheat Fortnite\Driver Fortnite Private Store\payson-ioctl-cheat-driver-main\build\driver\driver.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

Code function: 0_2_00007FF603631700 cpuid

0_2_00007FF603631700

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

Code function: 0_2_00007FF60363128C RtlGetVersion,

0_2_00007FF60363128C

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1501347
Product:	CloudBasic
Start time:	19:23:27
Start date:	29.08.2024
Sample:	SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	b4058ae5bcba18dfc8928ef170a6e718
SHA1:	4be4709fdec8ac308b84dcf7c551a2210f65a964
SHA256:	fcfa5ee7cd4c0addaf13587e94377fb9bf2501636a3be72027c52c98105293e6
Filetype:	Win64 Device Driver (generic) (12004/3) 74.95%

Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.20172.29195.exe