Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe
Analysis ID:	1501352
MD5:	7e8300ae1d46833d23f201aaa338f241
SHA1:	9bb11fa67eeafc0216a7ee73cea126f90899ce7b
SHA256:	3af91463cd8e8354480757fec8213cabcb77deddbf36a707f3a1f69d83dc1883
Tags:	exe
Errors Corrupt sample or wrongly selected analyzer. Details: The %1 application cannot be run in Win32 mode.

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Contains functionality to call native functions

Contains functionality to query CPU information (cpuid)

PE / OLE file has an invalid certificate

Program does not show much activity (idle)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

ReversingLabs: Detection: 39%

Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF

Source:	Binary string: E:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\Driver Valorant\payson-ioctl-cheat-driver-main\build\driver\driver.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe
Source:	Binary string: %E:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\Driver Valorant\payson-ioctl-cheat-driver-main\build\driver\driver.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe	String found in binary or memory: http://certs.apple.com/wwdrg3.der01
Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe	String found in binary or memory: http://crl.apple.com/root.crl0
Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe	String found in binary or memory: http://ocsp.apple.com/ocsp03-applerootca0.
Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe	String found in binary or memory: http://ocsp.apple.com/ocsp03-wwdrg3010
Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe	String found in binary or memory: https://www.apple.com/certificateauthority/0

Contains functionality to call native functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

Code function: 0_2_00007FF675D61094 ExFreePoolWithTag,ExAllocatePool,ZwQuerySystemInformation,ExFreePoolWithTag,

0_2_00007FF675D61094

PE / OLE file has an invalid certificate

Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

Static PE information: invalid certificate

Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

Binary string: \Device\driverrundeveloperbronkzdriverhoocked

Source: classification engine

Classification label: mal48.winEXE@1/0@0/0

Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

ReversingLabs: Detection: 39%

Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF

Source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: E:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\Driver Valorant\payson-ioctl-cheat-driver-main\build\driver\driver.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe
Source:	Binary string: %E:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\Driver Valorant\payson-ioctl-cheat-driver-main\build\driver\driver.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

Code function: 0_2_00007FF675D61700 cpuid

0_2_00007FF675D61700

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

Code function: 0_2_00007FF675D6128C RtlGetVersion,

0_2_00007FF675D6128C

Screenshots

No Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1501352
Product:	CloudBasic
Start time:	19:26:01
Start date:	29.08.2024
Sample:	SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	7e8300ae1d46833d23f201aaa338f241
SHA1:	9bb11fa67eeafc0216a7ee73cea126f90899ce7b
SHA256:	3af91463cd8e8354480757fec8213cabcb77deddbf36a707f3a1f69d83dc1883
Filetype:	Win64 Device Driver (generic) (12004/3) 74.95%

Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.10574.25118.exe