Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Avira: detected |
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
ReversingLabs: Detection: 42% |
Source: Submited Sample |
Integrated Neural Analysis Model: Matched 96.3% probability |
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Joe Sandbox ML: detected |
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
File opened: C:\Windows\SysWOW64\MSVCR100.dll |
Jump to behavior |
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_0046714A |
0_2_0046714A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_0046712C |
0_2_0046712C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_0046713B |
0_2_0046713B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00467D66 |
0_2_00467D66 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00467D74 |
0_2_00467D74 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00467D94 |
0_2_00467D94 |
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe, 00000000.00000002.2781843631.000000000053A000.00000008.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameText_CTreeBT_Demo.EXEN vs SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe, 00000000.00000000.1512319311.0000000000539000.00000008.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameText_CTreeBT_Demo.EXEN vs SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Binary or memory string: OriginalFilenameText_CTreeBT_Demo.EXEN vs SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Source: classification engine |
Classification label: mal72.evad.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
ReversingLabs: Detection: 42% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Section loaded: msvcr100.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Section loaded: mfc100.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Section loaded: msvcp100.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Section loaded: msvcr100.dll |
Jump to behavior |
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Static file information: File size 1076736 > 1048576 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
File opened: C:\Windows\SysWOW64\MSVCR100.dll |
Jump to behavior |
Source: initial sample |
Static PE information: section where entry point is pointing to: .sedata |
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Static PE information: section name: .sedata |
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Static PE information: section name: .sedata |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00474844 push dword ptr [esp+04h]; retn 0008h |
0_2_004748C6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00476875 push dword ptr [esp+08h]; retn 000Ch |
0_2_004768C9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00476870 push dword ptr [esp+08h]; retn 000Ch |
0_2_004768C9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_0045D000 push ecx; mov dword ptr [esp], ebx |
0_2_0045D01B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_0047489C push dword ptr [esp+04h]; retn 0008h |
0_2_004748C6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_0047214F push 0000006Ah; retf |
0_2_00472228 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00475158 push dword ptr [esp+08h]; retn 000Ch |
0_2_0047520C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_0047B96E push dword ptr [esp+2Ch]; retn 0030h |
0_2_0047B945 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_0047B91B push dword ptr [esp+2Ch]; retn 0030h |
0_2_0047B945 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_0049C92B pushfd ; mov dword ptr [esp], eax |
0_2_0049C48B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_0047B93D push dword ptr [esp+2Ch]; retn 0030h |
0_2_0047B945 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_004749C5 push dword ptr [esp+20h]; retn 0024h |
0_2_00474A57 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_0046B1C8 push ecx; iretd |
0_2_00486190 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_004679DC push dword ptr [esp+40h]; retn 0044h |
0_2_00467A69 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_004841F2 push word ptr [esp+02h]; mov dword ptr [esp], ebp |
0_2_004841FE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_004721B7 push 0000006Ah; retf |
0_2_00472228 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_004721B9 push 0000006Ah; retf |
0_2_00472228 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00468A5A push ebp; mov dword ptr [esp], ecx |
0_2_004B2A7E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00468A5A push ebp; mov dword ptr [esp], ecx |
0_2_004B2A7E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00474A65 push dword ptr [esp+20h]; retn 0024h |
0_2_00474A57 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00484270 push dword ptr [esp+02h]; mov dword ptr [esp], ebp |
0_2_0048429F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_0046B20E push ecx; iretd |
0_2_00486190 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00467A30 push dword ptr [esp+40h]; retn 0044h |
0_2_00467A69 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00476A38 push dword ptr [esp+10h]; retn 0014h |
0_2_00476A6D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_0048429A push word ptr [esp+02h]; mov dword ptr [esp], ebp |
0_2_0048429F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00474B0F push dword ptr [esp+18h]; retn 001Ch |
0_2_00474B69 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_004763EF push dword ptr [esp]; retn 0004h |
0_2_0047647B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00467BFD push edi; mov dword ptr [esp], esi |
0_2_00467C1C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00467BFD push edi; mov dword ptr [esp], esi |
0_2_00467C1C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_0046FC3C pushad ; mov dword ptr [esp], esi |
0_2_0046FE6D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_0046A4C2 push cs; ret |
0_2_0046A4C4 |
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Static PE information: section name: .text entropy: 7.998737130003935 |
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Static PE information: section name: .sedata entropy: 7.6820869028084315 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_00536C11 |
0_2_00536C11 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_004CA860 rdtsc |
0_2_004CA860 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe |
Code function: 0_2_004CA860 rdtsc |
0_2_004CA860 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |