| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
ReversingLabs: Detection: 44% |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF |
| Source: |
Binary string: C:\Users\gg\Downloads\payson-ioctl-cheat-driver-main\build\driver\driver.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
String found in binary or memory: http://certs.apple.com/wwdrg3.der01 |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
String found in binary or memory: http://crl.apple.com/root.crl0 |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
String found in binary or memory: http://ocsp.apple.com/ocsp03-applerootca0. |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
String found in binary or memory: http://ocsp.apple.com/ocsp03-wwdrg3010 |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
String found in binary or memory: http://ocsp.digicert.com0A |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
String found in binary or memory: http://ocsp.digicert.com0X |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
String found in binary or memory: https://www.apple.com/certificateauthority/0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
Code function: 1_2_00007FF71C821388 ExFreePoolWithTag,ExAllocatePool,ZwQuerySystemInformation,ExFreePoolWithTag, |
1_2_00007FF71C821388 |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
Static PE information: invalid certificate |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
Binary string: \Device\onkzaoobrabo |
| Source: classification engine |
Classification label: mal48.winEXE@1/0@0/0 |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
ReversingLabs: Detection: 44% |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF |
| Source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
| Source: |
Binary string: C:\Users\gg\Downloads\payson-ioctl-cheat-driver-main\build\driver\driver.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.7830.14981.exe |
| Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
| Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet