Windows Analysis Report
SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe
Analysis ID: 1521521
MD5: 8a060e06880e61f9eb9d2d8ef96a48f6
SHA1: fb656d66d703409ac18807bc170c2a0369da9a71
SHA256: 9fc4251fdd8639dea3335ba27063cc60904bd54fac7e1f0ba5ffca79c14cd10a
Tags: exe
Infos:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Potential key logger detected (key state polling based)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe ReversingLabs: Detection: 50%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00408840 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA, 0_2_00408840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00470FD3 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA, 0_2_00470FD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00411700 FindNextFileA,FindClose,FindFirstFileA,FindClose, 0_2_00411700
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00419BC0 FindFirstFileA,FindClose, 0_2_00419BC0
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Source: unknown DNS traffic detected: query: 15.164.165.52.in-addr.arpa replaycode: Name error (3)
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00424C30 ioctlsocket,recvfrom, 0_2_00424C30
Source: global traffic DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe String found in binary or memory: http://www.eyuyan.com)DVarFileInfo$
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0042DCD0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard, 0_2_0042DCD0
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0042DCD0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard, 0_2_0042DCD0
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0042DE30 OpenClipboard,GetClipboardData,CloseClipboard,GlobalSize,GlobalLock,GlobalUnlock,CloseClipboard, 0_2_0042DE30
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00418050 IsWindowEnabled,TranslateAcceleratorA,IsChild,GetFocus,PostMessageA,PostMessageA,SendMessageA,IsChild,IsWindow,IsWindowVisible,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetParent,SendMessageA,WinHelpA,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,IsWindow, 0_2_00418050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0042C530 GetKeyState,GetKeyState,GetKeyState,CopyRect, 0_2_0042C530
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_004756AD GetKeyState,GetKeyState,GetKeyState,GetKeyState, 0_2_004756AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00473B86 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA, 0_2_00473B86
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00419D70 GetKeyState,GetKeyState,GetKeyState,GetKeyState, 0_2_00419D70
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0043C040 0_2_0043C040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0041C110 0_2_0041C110
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_004621C0 0_2_004621C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0044A2E0 0_2_0044A2E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0043E2F3 0_2_0043E2F3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_004542B0 0_2_004542B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00436450 0_2_00436450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0041A430 0_2_0041A430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_004404B0 0_2_004404B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0044C4B9 0_2_0044C4B9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_004385E0 0_2_004385E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0044E600 0_2_0044E600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0044C976 0_2_0044C976
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00428930 0_2_00428930
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00448AF0 0_2_00448AF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0045CC50 0_2_0045CC50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0044CC61 0_2_0044CC61
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00458D30 0_2_00458D30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0045EDA0 0_2_0045EDA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0044CE14 0_2_0044CE14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00472E27 0_2_00472E27
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0045AF60 0_2_0045AF60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0046CFEE 0_2_0046CFEE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00449030 0_2_00449030
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_004230E0 0_2_004230E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_004690F6 0_2_004690F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0044D08E 0_2_0044D08E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0043F0A0 0_2_0043F0A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_004530BE 0_2_004530BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00445120 0_2_00445120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0045D1D0 0_2_0045D1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00413200 0_2_00413200
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0045330E 0_2_0045330E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00445430 0_2_00445430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0044D4C0 0_2_0044D4C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0044B760 0_2_0044B760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_004597D0 0_2_004597D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00445860 0_2_00445860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0044D990 0_2_0044D990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0040F9A0 0_2_0040F9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00449AF0 0_2_00449AF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0044DBC0 0_2_0044DBC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0043BB80 0_2_0043BB80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00411D10 0_2_00411D10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00453E10 0_2_00453E10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0043BEB0 0_2_0043BEB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0044BFA0 0_2_0044BFA0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: String function: 00462F28 appears 94 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: String function: 00444B60 appears 77 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: String function: 004448E0 appears 39 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: String function: 00444750 appears 81 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: String function: 00471EE8 appears 44 times
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: mal56.winEXE@1/0@1/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00474040 FindResourceA,LoadResource,LockResource, 0_2_00474040
Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Section loaded: wintypes.dll Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0047435D GetModuleHandleA,LoadLibraryA,GetProcAddress,#17,#17,FreeLibrary, 0_2_0047435D
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00462F28 push eax; ret 0_2_00462F46
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00461690 push eax; ret 0_2_004616BE
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00414D40 DestroyCursor,IsWindowVisible,IsIconic,IsZoomed,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMenu,DeleteMenu,GetSystemMenu, 0_2_00414D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00419240 IsIconic,IsZoomed,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,SystemParametersInfoA,IsWindow,ShowWindow, 0_2_00419240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00415410 IsIconic, 0_2_00415410
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0040F9A0 IsWindow,IsIconic,SetActiveWindow,IsWindow,IsWindow,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,SetParent,SetWindowPos,IsWindow,SendMessageA,SendMessageA,DestroyAcceleratorTable,IsWindow,IsWindow,IsWindow,IsWindow,IsWindow,GetParent,GetFocus,IsWindow,SendMessageA,IsWindow,GetFocus,SetFocus, 0_2_0040F9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0045FCDF IsIconic,GetWindowPlacement,GetWindowRect, 0_2_0045FCDF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00401811 rdtsc 0_2_00401811
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe API coverage: 4.2 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00408840 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA, 0_2_00408840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00470FD3 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA, 0_2_00470FD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00411700 FindNextFileA,FindClose,FindFirstFileA,FindClose, 0_2_00411700
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00419BC0 FindFirstFileA,FindClose, 0_2_00419BC0
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_00401811 rdtsc 0_2_00401811
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0047435D GetModuleHandleA,LoadLibraryA,GetProcAddress,#17,#17,FreeLibrary, 0_2_0047435D
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_004372B0 GetProcessHeap,OleInitialize,GetModuleFileNameA,SetCurrentDirectoryA,LoadCursorA,GetStockObject,GetCurrentThreadId, 0_2_004372B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0046BDFD SetUnhandledExceptionFilter, 0_2_0046BDFD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0046BE0F SetUnhandledExceptionFilter, 0_2_0046BE0F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0046348A GetLocalTime,GetSystemTime,GetTimeZoneInformation, 0_2_0046348A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0046348A GetLocalTime,GetSystemTime,GetTimeZoneInformation, 0_2_0046348A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe Code function: 0_2_0047AB8E GetVersion,GetProcessVersion,LoadCursorA,LoadCursorA,LoadCursorA, 0_2_0047AB8E
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1521521 Sample: SecuriteInfo.com.Win32.Appl... Startdate: 28/09/2024 Architecture: WINDOWS Score: 56 8 15.164.165.52.in-addr.arpa 2->8 10 Multi AV Scanner detection for submitted file 2->10 12 Machine Learning detection for sample 2->12 14 AI detected suspicious sample 2->14 6 SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe 2->6         started        signatures3 process4
No contacted IP infos

Contacted Domains

Name IP Active
15.164.165.52.in-addr.arpa unknown unknown