Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
Analysis ID:	1519366
MD5:	8825b50e377782c6c889c43998b31555
SHA1:	3d23cbc80c53b1fbf382e08d39ecf5f77d0d3419
SHA256:	aaad2261843429b4a8574c5c3fd1a80e2462fab4abdd1581eb4dacca34084882
Tags:	exe
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected FormBook

.NET source code contains potential unpacker

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Machine Learning detection for sample

Tries to detect virtualization through RDTSC time measurements

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Signatures

AV Detection

Found malware configuration

Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp

Malware Configuration Extractor: FormBook {"C2 list": ["www.awlc7038.vip/b31a/"], "decoy": ["enjamin-paaac.buzz", "mail-marketing-40950.bond", "pusems28-post.cyou", "hindo.top", "ruck-company-be.today", "asinos-deutschland.net", "ewancash.boats", "etdopovo.casino", "rcher-saaac.buzz", "871166.vip", "manuel.app", "g3yqo.shop", "-9way.xyz", "qawgytfexe.bond", "iefi6834.vip", "ental-health-35901.bond", "idat-merkez18.top", "rojectleadzone.website", "lirudolph.top", "migloballlc.online", "utebolshirts.shop", "i-tools-57602.bond", "itchen-889.bond", "hewieandfriends.info", "tlchurch.net", "arolmodasgpuava.online", "indjuvedermdoctorsnearby.today", "auwin-daftar.xyz", "arden-sheds-23886.bond", "2239d3.christmas", "irablog.xyz", "remation-services-88863.bond", "ehxk3u7.forum", "resdai.xyz", "61pk48ln.autos", "-web-p102.buzz", "eb2125.info", "ole-xaaaa.buzz", "lc-driving-school.net", "igh-class-jewelry.info", "66gd660du.bond", "ixi.asia", "aemoruhagic.click", "entalcare-us2-borysfb.today", "olf-cart-82894.bond", "algrup.net", "usanscanneritaly63.sbs", "ames666.xyz", "ockycanada.net", "bykmr.shop", "gpmedia.app", "avada-ga-34.press", "igraine-treatment-33058.bond", "heodore-saaab.buzz", "ashforhouse19.online", "48827496.top", "mazonun.top", "lstrk.fun", "hegdg.net", "nssmodule.center", "sksiniaja7.buzz", "uneytozgur.online", "orri.shop", "ras-us-1.bond"]}

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

ReversingLabs: Detection: 36%

Yara detected FormBook

Source: Yara match	File source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: zaHu.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, 00000005.00000002.1374163255.00000000015A0000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: zaHu.pdbSHA256i source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

Code function: 4x nop then pop edi

5_2_00416C96

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: www.awlc7038.vip/b31a/

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe PID: 7832, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe PID: 8012, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Contains functionality to call native functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0041A320 NtCreateFile,	5_2_0041A320
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0041A3D0 NtReadFile,	5_2_0041A3D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0041A450 NtClose,	5_2_0041A450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0041A500 NtAllocateVirtualMemory,	5_2_0041A500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0041A44A NtReadFile,NtClose,	5_2_0041A44A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	5_2_01612BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612DF0 NtQuerySystemInformation,LdrInitializeThunk,	5_2_01612DF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01614340 NtSetContextThread,	5_2_01614340
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01614650 NtSuspendThread,	5_2_01614650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612B60 NtClose,	5_2_01612B60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612BE0 NtQueryValueKey,	5_2_01612BE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612BA0 NtEnumerateValueKey,	5_2_01612BA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612B80 NtQueryInformationFile,	5_2_01612B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612AF0 NtWriteFile,	5_2_01612AF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612AD0 NtReadFile,	5_2_01612AD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612AB0 NtWaitForSingleObject,	5_2_01612AB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612D30 NtUnmapViewOfSection,	5_2_01612D30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612D00 NtSetInformationFile,	5_2_01612D00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612D10 NtMapViewOfSection,	5_2_01612D10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612DD0 NtDelayExecution,	5_2_01612DD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612DB0 NtEnumerateKey,	5_2_01612DB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612C60 NtCreateKey,	5_2_01612C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612C70 NtFreeVirtualMemory,	5_2_01612C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612C00 NtQueryInformationProcess,	5_2_01612C00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612CF0 NtOpenProcess,	5_2_01612CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612CC0 NtQueryVirtualMemory,	5_2_01612CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612CA0 NtQueryInformationToken,	5_2_01612CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612F60 NtCreateProcessEx,	5_2_01612F60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612F30 NtCreateSection,	5_2_01612F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612FE0 NtCreateFile,	5_2_01612FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612FA0 NtQuerySection,	5_2_01612FA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612FB0 NtResumeThread,	5_2_01612FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612F90 NtProtectVirtualMemory,	5_2_01612F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612E30 NtWriteVirtualMemory,	5_2_01612E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612EE0 NtQueueApcThread,	5_2_01612EE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612EA0 NtAdjustPrivilegesToken,	5_2_01612EA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01612E80 NtReadVirtualMemory,	5_2_01612E80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01613010 NtOpenDirectoryObject,	5_2_01613010
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01613090 NtSetValueKey,	5_2_01613090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_016135C0 NtCreateMutant,	5_2_016135C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_016139B0 NtGetContextThread,	5_2_016139B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01613D70 NtOpenThread,	5_2_01613D70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01613D10 NtOpenProcessToken,	5_2_01613D10

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 0_2_029ADE4C	0_2_029ADE4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 0_2_04FF7368	0_2_04FF7368
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 0_2_04FF0040	0_2_04FF0040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 0_2_04FF003F	0_2_04FF003F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 0_2_04FF7358	0_2_04FF7358
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 0_2_06D03448	0_2_06D03448
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_00401030	5_2_00401030
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0041D94E	5_2_0041D94E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_00401174	5_2_00401174
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_00401208	5_2_00401208
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0041EB49	5_2_0041EB49
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0041D563	5_2_0041D563
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_00402D90	5_2_00402D90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_00409E4B	5_2_00409E4B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_00409E50	5_2_00409E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_00402FB0	5_2_00402FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01668158	5_2_01668158
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015D0100	5_2_015D0100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0167A118	5_2_0167A118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_016981CC	5_2_016981CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_016A01AA	5_2_016A01AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01672000	5_2_01672000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0169A352	5_2_0169A352
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_016A03E6	5_2_016A03E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015EE3F0	5_2_015EE3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01680274	5_2_01680274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_016602C0	5_2_016602C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015E0535	5_2_015E0535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_016A0591	5_2_016A0591
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01692446	5_2_01692446
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0168E4F6	5_2_0168E4F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015E0770	5_2_015E0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01604750	5_2_01604750
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015DC7C0	5_2_015DC7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015FC6E0	5_2_015FC6E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015F6962	5_2_015F6962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_016AA9A6	5_2_016AA9A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015E29A0	5_2_015E29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015E2840	5_2_015E2840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015EA840	5_2_015EA840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0160E8F0	5_2_0160E8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015C68B8	5_2_015C68B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0169AB40	5_2_0169AB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01696BD7	5_2_01696BD7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015DEA80	5_2_015DEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015EAD00	5_2_015EAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015DADE0	5_2_015DADE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015F8DBF	5_2_015F8DBF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015E0C00	5_2_015E0C00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015D0CF2	5_2_015D0CF2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01680CB5	5_2_01680CB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01654F40	5_2_01654F40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01622F28	5_2_01622F28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01600F30	5_2_01600F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015D2FC8	5_2_015D2FC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015ECFE0	5_2_015ECFE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0165EFA0	5_2_0165EFA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015E0E59	5_2_015E0E59
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0169EE26	5_2_0169EE26
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0169EEDB	5_2_0169EEDB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015F2E90	5_2_015F2E90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0169CE93	5_2_0169CE93
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_016AB16B	5_2_016AB16B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0161516C	5_2_0161516C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015CF172	5_2_015CF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015EB1B0	5_2_015EB1B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_016970E9	5_2_016970E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0169F0E0	5_2_0169F0E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015E70C0	5_2_015E70C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0168F0CC	5_2_0168F0CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015CD34C	5_2_015CD34C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0169132D	5_2_0169132D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0162739A	5_2_0162739A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_016812ED	5_2_016812ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015FB2C0	5_2_015FB2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015E52A0	5_2_015E52A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01697571	5_2_01697571
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0167D5B0	5_2_0167D5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015D1460	5_2_015D1460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0169F43F	5_2_0169F43F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0169F7B0	5_2_0169F7B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_016916CC	5_2_016916CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015E9950	5_2_015E9950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015FB950	5_2_015FB950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0164D800	5_2_0164D800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015E38E0	5_2_015E38E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0169FB76	5_2_0169FB76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01655BF0	5_2_01655BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0161DBF9	5_2_0161DBF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015FFB80	5_2_015FFB80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01653A6C	5_2_01653A6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0169FA49	5_2_0169FA49
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01697A46	5_2_01697A46
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0168DAC6	5_2_0168DAC6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01625AA0	5_2_01625AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0167DAAC	5_2_0167DAAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01697D73	5_2_01697D73
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015E3D40	5_2_015E3D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01691D5A	5_2_01691D5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015FFDC0	5_2_015FFDC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_01659C32	5_2_01659C32
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0169FCF2	5_2_0169FCF2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0169FF09	5_2_0169FF09
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015A3FD2	5_2_015A3FD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015A3FD5	5_2_015A3FD5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015E1F92	5_2_015E1F92
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0169FFB1	5_2_0169FFB1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015E9EB0	5_2_015E9EB0

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: String function: 0165F290 appears 105 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: String function: 01627E54 appears 99 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: String function: 01615130 appears 37 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: String function: 015CB970 appears 273 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: String function: 0164EA12 appears 86 times

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, 00000000.00000002.1392528610.0000000000D9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, 00000000.00000002.1396740552.0000000006FF0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, 00000000.00000002.1394003779.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, 00000005.00000002.1374163255.00000000016CD000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Binary or memory string: OriginalFilenamezaHu.exeD vs SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

Uses 32bit PE files

Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000005.00000002.1373900561.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000000.00000002.1394003779.0000000003BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe PID: 7832, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe PID: 8012, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, QIfGYTShurHc402uvU.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, QIfGYTShurHc402uvU.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, ET3JZPt4iycswEsdNK.cs	Security API names: _0020.SetAccessControl
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, ET3JZPt4iycswEsdNK.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, ET3JZPt4iycswEsdNK.cs	Security API names: _0020.AddAccessRule
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, ET3JZPt4iycswEsdNK.cs	Security API names: _0020.SetAccessControl
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, ET3JZPt4iycswEsdNK.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, ET3JZPt4iycswEsdNK.cs	Security API names: _0020.AddAccessRule

Source: classification engine

Classification label: mal100.troj.evad.winEXE@7/1@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.log

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Mutant created: \Sessions\1\BaseNamedObjects\uIvZnASNXhGuEdLR

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Section loaded: gpapi.dll	Jump to behavior

Source: SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe, Form1.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, ET3JZPt4iycswEsdNK.cs	.Net Code: zEjoDBcirC System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.2ba44b4.0.raw.unpack, JK.cs	.Net Code: ve System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.2badacc.1.raw.unpack, JK.cs	.Net Code: ve System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6bd0000.3.raw.unpack, JK.cs	.Net Code: ve System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, ET3JZPt4iycswEsdNK.cs	.Net Code: zEjoDBcirC System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 0_2_06D006B0 push ss; iretd	0_2_06D006BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 0_2_06D00E63 push ds; iretd	0_2_06D00E64
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 0_2_06D0060E push ds; iretd	0_2_06D0060F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 0_2_06D00CF8 push ds; iretd	0_2_06D00CF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 0_2_06D01460 push ds; iretd	0_2_06D0146E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 0_2_06D003E5 push ss; iretd	0_2_06D003E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0041E03F push F69B27B4h; ret	5_2_0041E044
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_004169E1 push cs; ret	5_2_00416A1B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_00416996 push cs; ret	5_2_00416A1B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_004179BE push esp; ret	5_2_004179C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0041645D push 22047084h; ret	5_2_00416462
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0041D475 push eax; ret	5_2_0041D4C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0041D4C2 push eax; ret	5_2_0041D4C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0041D4CB push eax; ret	5_2_0041D532
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0041D52C push eax; ret	5_2_0041D532
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_004035C8 push esi; iretd	5_2_004035CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_004175A0 pushfd ; iretd	5_2_004175B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_0041DE4A push ebp; iretd	5_2_0041DE52
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_004176EF push cs; ret	5_2_004176D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_004176A1 push cs; ret	5_2_004176D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015A225F pushad ; ret	5_2_015A27F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015A27FA pushad ; ret	5_2_015A27F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015D09AD push ecx; mov dword ptr [esp], ecx	5_2_015D09B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015A283D push eax; iretd	5_2_015A2858
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015A1328 push eax; iretd	5_2_015A1369
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Code function: 5_2_015A9939 push es; iretd	5_2_015A9940

Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, SCrAtcpBTYfUqOOEoP.cs	High entropy of concatenated method names: 'iXwP60bIkT', 'HjYPSiHHG6', 'wa0Po99et5', 'YqKPWX03xm', 'zuCPag05TR', 'qflPJ2IwPd', 'T6hPQuSrAZ', 'lE14rAduY5', 'eI14tVlHYA', 'lPp4LRfR7k'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, Lg6pkAaYxfI1d02Xwk.cs	High entropy of concatenated method names: 'ToString', 'ujtdh6it2g', 'lI4dUNCTqV', 'IXZdRxBckn', 'bVQdFQtfnU', 'T3odxBuVLl', 'sKidYLBxgd', 'JFbdmjnn0N', 'z8adic9hgA', 'rtBdcxyQ85'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, Eb7Ux4O91PFitWwr9H.cs	High entropy of concatenated method names: 'L7iIGr3dddYqh6D2ejr', 'bPh9g43c4BhCHy8Y4Fs', 'X8qQ4CJSt1', 'hsoQPvpyDP', 'jn8QuSTL3k', 'XtpGSS3Hl9PKxaXB60u', 'eAXQKR3mIYiHXFn6cfV'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, fgqNIIPrcpCHI5uDFN.cs	High entropy of concatenated method names: 'Dispose', 'Nhp6LtcrJG', 'hyyqU9M4ik', 'OHtnnVmG7F', 'zni6AjaEv5', 'gD66zjfSt5', 'ProcessDialogKey', 'Qs4q9EWooq', 'Hovq6QcK7b', 'E7Aqqg0lE0'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, gvclPxE3myGgBGFUiS.cs	High entropy of concatenated method names: 'Ibp8yZs547', 'GYC8VUNjlS', 'gle8HELW3t', 'e2f8UZhw0B', 'seR8FYeRZB', 'WLy8xit05G', 'UK98mW4feS', 'db88iKnUXf', 'btj8B7ZYjU', 'ieC8hCtmRK'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, EanENxzshKnHO9HR5p.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xWMP8OyHMG', 'SnXP0N4FFs', 'mRWPd1jooC', 'CRlPObPHQ1', 's2WP4kOuji', 'qs3PPPIcW9', 'RQIPuA6KJO'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, bnvJIPxAiuMmmY7jij.cs	High entropy of concatenated method names: 'bYPQKkgdtp', 'V1pQav9StO', 'lttQJIHBIm', 'hSuQ1Ks2iQ', 'axtQ5Zaq8E', 'MwXJ2oSvg6', 'w4bJTRVLL4', 'HgQJr3hNLi', 'XrFJthl0wt', 'zTcJLtgEfb'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, FDC1rbB2ATMI6UxAlE.cs	High entropy of concatenated method names: 'qNZ4HypC0P', 'egi4UkHnkt', 'KOG4RyVbys', 'FpJ4FlIg3L', 'EIU4IiweOL', 'co54xxVaN2', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, sHaqdTV6C6DV6gU8ZFJ.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BjkuIJrJKU', 'y9KuwX5A7S', 'woTub9ptlA', 'vHZujTisEY', 'pSnu2pjFrx', 'UTPuTCrXve', 'tm8ur4qpT1'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, BAa7GkUpciAVOlBB2k.cs	High entropy of concatenated method names: 'KodOt7S0TF', 'QvVOAXQaXj', 'Y2u49QlgNS', 'tDM46sd0eB', 'XnPOhDj0Ge', 'd64OpHL2QA', 'BIvO3wlPhS', 'VHPOIrJ3JF', 'SrQOwmLcnR', 'xoiObMET1M'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, HnaFvbC1tGdlQYAeKG.cs	High entropy of concatenated method names: 'mr7DEHFCy', 'O3isOErsi', 'lUffTBFE7', 'TJ6CJsCwu', 'gyOVtjrYd', 'al5ND299C', 'xFi7OeV8GJ8Ba233eC', 'N8qcSauDYR3sSbHNMO', 'bul4iyILi', 'uV7uUZCSI'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, cmFlvbqogWKfxVPrjs.cs	High entropy of concatenated method names: 'JDtOkYUeyQ', 'jIeO7BJbQv', 'ToString', 'ETjOW1ufXj', 'qQ2OaEoL2D', 'HVLOXokVX7', 'KWvOJFclF2', 'EkXOQeljdq', 'yPhO1Ig72r', 'CNnO5yQZy5'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, kHEbPhMoIXwlkrKXKS.cs	High entropy of concatenated method names: 'RORJlwkg9o', 'rlBJC0BgQs', 'YenXRIKPl5', 'jCNXF5vkmR', 'a52Xxascyj', 'okmXYk81MJ', 'UVwXmguOjd', 'PMUXiHMKHI', 'GHpXcxhnLe', 't8aXBKMYWH'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, FdRfsNw93cYwM4DXXY.cs	High entropy of concatenated method names: 'd5u0ByAqsd', 'jpd0pAXiQp', 'r9d0IqVZIW', 'ndy0wSEc39', 'OpA0UxrRMF', 'ITr0Rk1ZBD', 'mB00FLo9KB', 'iOD0x33fTJ', 'pZh0Y6pv0u', 'b910mscLOf'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, TSMW8beod2uXfNHvE9.cs	High entropy of concatenated method names: 'h2T1vwml0e', 'WFv1g8CqaX', 'Yi01DuMGqT', 'ADf1sXDC8g', 'eZn1lrk9AG', 'JZR1fvrSsa', 'zKq1CbtxVq', 'ibZ1y2S7H3', 'n9p1VVrdIs', 'HEU1NtabaB'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, TiSIAViFjZlMi8PA6B.cs	High entropy of concatenated method names: 'mtO61Lw433', 'ODe65YE8bt', 'koK6kkJFIT', 'zEe67TCKhL', 'MFX60LCB3m', 'dr36dEAVFf', 'G5wAMWQGLmG9YynVVq', 'EhQe1ypWMVQJ8KPOS7', 'GiW66eorik', 'RHs6SrIWKZ'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, uot3f4G0Em55SiCbht.cs	High entropy of concatenated method names: 'K1KXsnrx5X', 'LUjXfjZlH4', 'kJIXyyuZPV', 'ydbXVMcqrn', 'uvwX0b5HLa', 'hEpXdK381A', 'TweXO6I8vN', 'UEWX4UGgla', 'StSXPMJiQv', 'YDuXu9AwCV'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, FPGJNivp6BlsUtuZNw.cs	High entropy of concatenated method names: 'iAd4Wb9RPw', 'chb4aKM14u', 'v5q4X8W9bx', 'a0g4JQxdUX', 'qXK4QZSWsa', 'FTm411fOD8', 'hYu45xqSLk', 'vm14ZEQ9MZ', 'rI24kcFwdF', 'N0F47T0Rwy'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, ET3JZPt4iycswEsdNK.cs	High entropy of concatenated method names: 'Ta9SKj6ys5', 'mqbSW5Y2iS', 'EuySaYFVyB', 'sUCSXl0SRB', 'eqlSJRHUx1', 'GHUSQE5bw9', 'jKmS1BBaDj', 't4qS5n40O0', 'v5QSZIrh8a', 'MffSkAKtql'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, KVNCogVQdJeqSo7LfS6.cs	High entropy of concatenated method names: 'FbRPvYQF1t', 'HktPgVFLCN', 'uovPD6ZLSQ', 'VRcPs6KsUr', 'LeYPlRVZvO', 'eYcPf8Exvy', 'ATgPCC7ca6', 'QiyPy2c4t3', 'r4dPVyBRF5', 'n3UPNe8y0R'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6ff0000.4.raw.unpack, QIfGYTShurHc402uvU.cs	High entropy of concatenated method names: 'YJKaIoECCg', 'Pqdaw8Qytq', 'St1ab32OWI', 'zXXajANFhZ', 'c0Oa2LBq4S', 'DG8aTcvTH4', 'AVYaryAaFK', 'bC7atgO5yJ', 'cRZaLa9aLb', 'sSxaAqlKC5'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.2ba44b4.0.raw.unpack, JK.cs	High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.2badacc.1.raw.unpack, JK.cs	High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.6bd0000.3.raw.unpack, JK.cs	High entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, SCrAtcpBTYfUqOOEoP.cs	High entropy of concatenated method names: 'iXwP60bIkT', 'HjYPSiHHG6', 'wa0Po99et5', 'YqKPWX03xm', 'zuCPag05TR', 'qflPJ2IwPd', 'T6hPQuSrAZ', 'lE14rAduY5', 'eI14tVlHYA', 'lPp4LRfR7k'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, Lg6pkAaYxfI1d02Xwk.cs	High entropy of concatenated method names: 'ToString', 'ujtdh6it2g', 'lI4dUNCTqV', 'IXZdRxBckn', 'bVQdFQtfnU', 'T3odxBuVLl', 'sKidYLBxgd', 'JFbdmjnn0N', 'z8adic9hgA', 'rtBdcxyQ85'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, Eb7Ux4O91PFitWwr9H.cs	High entropy of concatenated method names: 'L7iIGr3dddYqh6D2ejr', 'bPh9g43c4BhCHy8Y4Fs', 'X8qQ4CJSt1', 'hsoQPvpyDP', 'jn8QuSTL3k', 'XtpGSS3Hl9PKxaXB60u', 'eAXQKR3mIYiHXFn6cfV'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, fgqNIIPrcpCHI5uDFN.cs	High entropy of concatenated method names: 'Dispose', 'Nhp6LtcrJG', 'hyyqU9M4ik', 'OHtnnVmG7F', 'zni6AjaEv5', 'gD66zjfSt5', 'ProcessDialogKey', 'Qs4q9EWooq', 'Hovq6QcK7b', 'E7Aqqg0lE0'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, gvclPxE3myGgBGFUiS.cs	High entropy of concatenated method names: 'Ibp8yZs547', 'GYC8VUNjlS', 'gle8HELW3t', 'e2f8UZhw0B', 'seR8FYeRZB', 'WLy8xit05G', 'UK98mW4feS', 'db88iKnUXf', 'btj8B7ZYjU', 'ieC8hCtmRK'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, EanENxzshKnHO9HR5p.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xWMP8OyHMG', 'SnXP0N4FFs', 'mRWPd1jooC', 'CRlPObPHQ1', 's2WP4kOuji', 'qs3PPPIcW9', 'RQIPuA6KJO'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, bnvJIPxAiuMmmY7jij.cs	High entropy of concatenated method names: 'bYPQKkgdtp', 'V1pQav9StO', 'lttQJIHBIm', 'hSuQ1Ks2iQ', 'axtQ5Zaq8E', 'MwXJ2oSvg6', 'w4bJTRVLL4', 'HgQJr3hNLi', 'XrFJthl0wt', 'zTcJLtgEfb'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, FDC1rbB2ATMI6UxAlE.cs	High entropy of concatenated method names: 'qNZ4HypC0P', 'egi4UkHnkt', 'KOG4RyVbys', 'FpJ4FlIg3L', 'EIU4IiweOL', 'co54xxVaN2', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, sHaqdTV6C6DV6gU8ZFJ.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BjkuIJrJKU', 'y9KuwX5A7S', 'woTub9ptlA', 'vHZujTisEY', 'pSnu2pjFrx', 'UTPuTCrXve', 'tm8ur4qpT1'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, BAa7GkUpciAVOlBB2k.cs	High entropy of concatenated method names: 'KodOt7S0TF', 'QvVOAXQaXj', 'Y2u49QlgNS', 'tDM46sd0eB', 'XnPOhDj0Ge', 'd64OpHL2QA', 'BIvO3wlPhS', 'VHPOIrJ3JF', 'SrQOwmLcnR', 'xoiObMET1M'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, HnaFvbC1tGdlQYAeKG.cs	High entropy of concatenated method names: 'mr7DEHFCy', 'O3isOErsi', 'lUffTBFE7', 'TJ6CJsCwu', 'gyOVtjrYd', 'al5ND299C', 'xFi7OeV8GJ8Ba233eC', 'N8qcSauDYR3sSbHNMO', 'bul4iyILi', 'uV7uUZCSI'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, cmFlvbqogWKfxVPrjs.cs	High entropy of concatenated method names: 'JDtOkYUeyQ', 'jIeO7BJbQv', 'ToString', 'ETjOW1ufXj', 'qQ2OaEoL2D', 'HVLOXokVX7', 'KWvOJFclF2', 'EkXOQeljdq', 'yPhO1Ig72r', 'CNnO5yQZy5'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, kHEbPhMoIXwlkrKXKS.cs	High entropy of concatenated method names: 'RORJlwkg9o', 'rlBJC0BgQs', 'YenXRIKPl5', 'jCNXF5vkmR', 'a52Xxascyj', 'okmXYk81MJ', 'UVwXmguOjd', 'PMUXiHMKHI', 'GHpXcxhnLe', 't8aXBKMYWH'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, FdRfsNw93cYwM4DXXY.cs	High entropy of concatenated method names: 'd5u0ByAqsd', 'jpd0pAXiQp', 'r9d0IqVZIW', 'ndy0wSEc39', 'OpA0UxrRMF', 'ITr0Rk1ZBD', 'mB00FLo9KB', 'iOD0x33fTJ', 'pZh0Y6pv0u', 'b910mscLOf'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, TSMW8beod2uXfNHvE9.cs	High entropy of concatenated method names: 'h2T1vwml0e', 'WFv1g8CqaX', 'Yi01DuMGqT', 'ADf1sXDC8g', 'eZn1lrk9AG', 'JZR1fvrSsa', 'zKq1CbtxVq', 'ibZ1y2S7H3', 'n9p1VVrdIs', 'HEU1NtabaB'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, TiSIAViFjZlMi8PA6B.cs	High entropy of concatenated method names: 'mtO61Lw433', 'ODe65YE8bt', 'koK6kkJFIT', 'zEe67TCKhL', 'MFX60LCB3m', 'dr36dEAVFf', 'G5wAMWQGLmG9YynVVq', 'EhQe1ypWMVQJ8KPOS7', 'GiW66eorik', 'RHs6SrIWKZ'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, uot3f4G0Em55SiCbht.cs	High entropy of concatenated method names: 'K1KXsnrx5X', 'LUjXfjZlH4', 'kJIXyyuZPV', 'ydbXVMcqrn', 'uvwX0b5HLa', 'hEpXdK381A', 'TweXO6I8vN', 'UEWX4UGgla', 'StSXPMJiQv', 'YDuXu9AwCV'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, FPGJNivp6BlsUtuZNw.cs	High entropy of concatenated method names: 'iAd4Wb9RPw', 'chb4aKM14u', 'v5q4X8W9bx', 'a0g4JQxdUX', 'qXK4QZSWsa', 'FTm411fOD8', 'hYu45xqSLk', 'vm14ZEQ9MZ', 'rI24kcFwdF', 'N0F47T0Rwy'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, ET3JZPt4iycswEsdNK.cs	High entropy of concatenated method names: 'Ta9SKj6ys5', 'mqbSW5Y2iS', 'EuySaYFVyB', 'sUCSXl0SRB', 'eqlSJRHUx1', 'GHUSQE5bw9', 'jKmS1BBaDj', 't4qS5n40O0', 'v5QSZIrh8a', 'MffSkAKtql'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, KVNCogVQdJeqSo7LfS6.cs	High entropy of concatenated method names: 'FbRPvYQF1t', 'HktPgVFLCN', 'uovPD6ZLSQ', 'VRcPs6KsUr', 'LeYPlRVZvO', 'eYcPf8Exvy', 'ATgPCC7ca6', 'QiyPy2c4t3', 'r4dPVyBRF5', 'n3UPNe8y0R'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe.3d6c040.2.raw.unpack, QIfGYTShurHc402uvU.cs	High entropy of concatenated method names: 'YJKaIoECCg', 'Pqdaw8Qytq', 'St1ab32OWI', 'zXXajANFhZ', 'c0Oa2LBq4S', 'DG8aTcvTH4', 'AVYaryAaFK', 'bC7atgO5yJ', 'cRZaLa9aLb', 'sSxaAqlKC5'

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	RDTSC instruction interceptor: First address: 409904 second address: 40990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	RDTSC instruction interceptor: First address: 409B6E second address: 409B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Memory allocated: 29A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Memory allocated: 2B20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Memory allocated: 29C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Memory allocated: 7AE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Memory allocated: 8AE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Memory allocated: 8C90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Memory allocated: 9C90000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

ID:	1519366
Product:	CloudBasic
Start time:	12:22:18
Start date:	26.09.2024
Sample:	SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	8825b50e377782c6c889c43998b31555
SHA1:	3d23cbc80c53b1fbf382e08d39ecf5f77d0d3419
SHA256:	aaad2261843429b4a8574c5c3fd1a80e2462fab4abdd1581eb4dacca34084882
Filetype:	Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Windows Analysis Report SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted URLs

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.16719.9062.exe

Malware Threat Intel
Provided by