Windows Analysis Report
SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe
Analysis ID: 1501348
MD5: 6d97f33394b481c648d746db3c08d688
SHA1: 2967efab90b991dbacafbad83587cb3f3e9f5863
SHA256: 7ed8eee365a1d22bf1d878e2e99b1e0ab4d3e803480214367cb0c77cb1540fcd
Tags: exe
Infos:

Detection

Score: 4
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Detected potential crypto function
Found evasive API chain (date check)
Found potential string decryption / allocating functions
Program does not show much activity (idle)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 0_2_00409920 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 0_2_00409920
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 2_2_00409920 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 2_2_00409920
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 3_2_00409920 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 3_2_00409920
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 0_2_004088C0 0_2_004088C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 2_2_004088C0 2_2_004088C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 3_2_004088C0 3_2_004088C0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: String function: 004032FC appears 42 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: String function: 00403198 appears 66 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: String function: 004045CC appears 39 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: String function: 004031B8 appears 33 times
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engine Classification label: clean4.winEXE@3/0@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 0_2_00409920 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 0_2_00409920
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 2_2_00409920 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 2_2_00409920
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 3_2_00409920 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 3_2_00409920
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 0_2_0040A10C FindResourceA,SizeofResource,LoadResource,LockResource, 0_2_0040A10C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe String found in binary or memory: need to be updated. /RESTARTAPPLICATIONS Instructs Setup to restart applications. /NORESTARTAPPLICATIONS Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked t
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe String found in binary or memory: need to be updated. /RESTARTAPPLICATIONS Instructs Setup to restart applications. /NORESTARTAPPLICATIONS Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked t
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe String found in binary or memory: need to be updated. /RESTARTAPPLICATIONS Instructs Setup to restart applications. /NORESTARTAPPLICATIONS Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked t
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe String found in binary or memory: /LOADINF="filename"
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe" -install
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe" /install
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe" /load
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Automated click: OK
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 0_2_00406A50 push 00406A8Dh; ret 0_2_00406A85
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 0_2_004040B5 push eax; ret 0_2_004040F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 0_2_00404185 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 0_2_00404206 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 0_2_004042E8 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 0_2_00404283 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 0_2_004093EC push 0040941Fh; ret 0_2_00409417
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 0_2_004085B8 push ecx; mov dword ptr [esp], eax 0_2_004085BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 2_2_00406A50 push 00406A8Dh; ret 2_2_00406A85
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 2_2_004040B5 push eax; ret 2_2_004040F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 2_2_00404185 push 00404391h; ret 2_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 2_2_00404206 push 00404391h; ret 2_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 2_2_004042E8 push 00404391h; ret 2_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 2_2_00404283 push 00404391h; ret 2_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 2_2_004093EC push 0040941Fh; ret 2_2_00409417
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 2_2_004085B8 push ecx; mov dword ptr [esp], eax 2_2_004085BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 3_2_00406A50 push 00406A8Dh; ret 3_2_00406A85
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 3_2_004040B5 push eax; ret 3_2_004040F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 3_2_00404185 push 00404391h; ret 3_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 3_2_00404206 push 00404391h; ret 3_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 3_2_004042E8 push 00404391h; ret 3_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 3_2_00404283 push 00404391h; ret 3_2_00404389
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 3_2_004093EC push 0040941Fh; ret 3_2_00409417
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 3_2_004085B8 push ecx; mov dword ptr [esp], eax 3_2_004085BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Found evasive API chain (date check)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Evasive API call chain: GetSystemTime,DecisionNodes
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 0_2_0040A050 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery, 0_2_0040A050
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: GetLocaleInfoA, 0_2_00405694
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: GetLocaleInfoA, 0_2_004056E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: GetLocaleInfoA, 2_2_00405694
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: GetLocaleInfoA, 2_2_004056E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: GetLocaleInfoA, 3_2_00405694
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: GetLocaleInfoA, 3_2_004056E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 0_2_004026C4 GetSystemTime, 0_2_004026C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe Code function: 0_2_00404654 GetModuleHandleA,GetVersion,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetProcessDEPPolicy, 0_2_00404654
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1501348 Sample: SecuriteInfo.com.Win32.Malw... Startdate: 29/08/2024 Architecture: WINDOWS Score: 4 4 SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe 2->4         started        6 SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe 2->6         started        8 SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe 2->8         started       
No contacted IP infos