Windows Analysis Report
SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe
Analysis ID: 1520348
MD5: 6d362753dce141d1177ce73b14fa572d
SHA1: 574fc684ce0c09b50ca5e6e603d2dae72d3fa0af
SHA256: dc4bcfa9aaf97ad72e0360b8e7a4b17392482f8b1f9ae597c3670c9cb3215660
Tags: exe

Detection

Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Machine Learning detection for sample
PE file has a writeable .text section
Contains functionality for execution timing, often used to detect debuggers
Detected potential crypto function
Entry point lies outside standard sections
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe ReversingLabs: Detection: 42%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 96.3% probability
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe File opened: C:\Windows\SysWOW64\MSVCR100.dll Jump to behavior

System Summary
barindex
PE file has a writeable .text section
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_0046714A 0_2_0046714A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_0046712C 0_2_0046712C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_0046713B 0_2_0046713B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00467D66 0_2_00467D66
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00467D74 0_2_00467D74
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00467D94 0_2_00467D94
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe, 00000000.00000002.2781843631.000000000053A000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameText_CTreeBT_Demo.EXEN vs SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe, 00000000.00000000.1512319311.0000000000539000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameText_CTreeBT_Demo.EXEN vs SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Binary or memory string: OriginalFilenameText_CTreeBT_Demo.EXEN vs SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: classification engine Classification label: mal72.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe ReversingLabs: Detection: 42%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Section loaded: msvcr100.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Section loaded: mfc100.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Section loaded: msvcp100.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Section loaded: msvcr100.dll Jump to behavior
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Static file information: File size 1076736 > 1048576
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe File opened: C:\Windows\SysWOW64\MSVCR100.dll Jump to behavior
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .sedata
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Static PE information: section name: .sedata
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Static PE information: section name: .sedata
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00474844 push dword ptr [esp+04h]; retn 0008h 0_2_004748C6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00476875 push dword ptr [esp+08h]; retn 000Ch 0_2_004768C9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00476870 push dword ptr [esp+08h]; retn 000Ch 0_2_004768C9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_0045D000 push ecx; mov dword ptr [esp], ebx 0_2_0045D01B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_0047489C push dword ptr [esp+04h]; retn 0008h 0_2_004748C6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_0047214F push 0000006Ah; retf 0_2_00472228
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00475158 push dword ptr [esp+08h]; retn 000Ch 0_2_0047520C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_0047B96E push dword ptr [esp+2Ch]; retn 0030h 0_2_0047B945
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_0047B91B push dword ptr [esp+2Ch]; retn 0030h 0_2_0047B945
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_0049C92B pushfd ; mov dword ptr [esp], eax 0_2_0049C48B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_0047B93D push dword ptr [esp+2Ch]; retn 0030h 0_2_0047B945
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_004749C5 push dword ptr [esp+20h]; retn 0024h 0_2_00474A57
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_0046B1C8 push ecx; iretd 0_2_00486190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_004679DC push dword ptr [esp+40h]; retn 0044h 0_2_00467A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_004841F2 push word ptr [esp+02h]; mov dword ptr [esp], ebp 0_2_004841FE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_004721B7 push 0000006Ah; retf 0_2_00472228
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_004721B9 push 0000006Ah; retf 0_2_00472228
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00468A5A push ebp; mov dword ptr [esp], ecx 0_2_004B2A7E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00468A5A push ebp; mov dword ptr [esp], ecx 0_2_004B2A7E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00474A65 push dword ptr [esp+20h]; retn 0024h 0_2_00474A57
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00484270 push dword ptr [esp+02h]; mov dword ptr [esp], ebp 0_2_0048429F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_0046B20E push ecx; iretd 0_2_00486190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00467A30 push dword ptr [esp+40h]; retn 0044h 0_2_00467A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00476A38 push dword ptr [esp+10h]; retn 0014h 0_2_00476A6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_0048429A push word ptr [esp+02h]; mov dword ptr [esp], ebp 0_2_0048429F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00474B0F push dword ptr [esp+18h]; retn 001Ch 0_2_00474B69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_004763EF push dword ptr [esp]; retn 0004h 0_2_0047647B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00467BFD push edi; mov dword ptr [esp], esi 0_2_00467C1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00467BFD push edi; mov dword ptr [esp], esi 0_2_00467C1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_0046FC3C pushad ; mov dword ptr [esp], esi 0_2_0046FE6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_0046A4C2 push cs; ret 0_2_0046A4C4
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Static PE information: section name: .text entropy: 7.998737130003935
Source: SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Static PE information: section name: .sedata entropy: 7.6820869028084315

Malware Analysis System Evasion
barindex
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_00536C11 0_2_00536C11
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_004CA860 rdtsc 0_2_004CA860
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe Code function: 0_2_004CA860 rdtsc 0_2_004CA860
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1520348 Sample: SecuriteInfo.com.Win32.Evo-... Startdate: 27/09/2024 Architecture: WINDOWS Score: 72 8 Antivirus / Scanner detection for submitted sample 2->8 10 Multi AV Scanner detection for submitted file 2->10 12 Machine Learning detection for sample 2->12 14 2 other signatures 2->14 5 SecuriteInfo.com.Win32.Evo-gen.15464.19850.exe 2->5         started        process3 signatures4 16 Contains functionality to detect hardware virtualization (CPUID execution measurement) 5->16
No contacted IP infos