Windows Analysis Report
SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe
Analysis ID: 1528524
MD5: 3e6101bd944eb0acda2b8ea1ada80afd
SHA1: dfaa0ed4c74624298228c765d07eccee2b7b30b9
SHA256: 63ea83eadd460786f01cb7e24e9ffb24bd188f12e72087b8778b4a0867f5bedb
Tags: exe
Infos:

Detection

LummaC
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file has nameless sections
Sample uses string decryption to hide its real strings
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Lumma Stealer, LummaC2 Stealer Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Avira: detected
Antivirus detection for URL or domain
Source: https://steamcommunity.com/profiles/76561199724331900 URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/ URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/badges URL Reputation: Label: malware
Found malware configuration
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe.4188.0.memstrmin Malware Configuration Extractor: LummaC {"C2 url": ["wickedneatr.sbs", "bemuzzeki.sbsv", "isoplethui.sbs", "ponintnykqwm.shop", "invinjurhey.sbs", "exemplarou.sbs", "exilepolsiy.sbs", "laddyirekyi.sbs", "frizzettei.sbs"], "Build id": "sEm--"}
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe ReversingLabs: Detection: 57%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 00000000.00000002.2170997884.0000000000201000.00000040.00000001.01000000.00000003.sdmp String decryptor: wickedneatr.sbs
Source: 00000000.00000002.2170997884.0000000000201000.00000040.00000001.01000000.00000003.sdmp String decryptor: invinjurhey.sbs
Source: 00000000.00000002.2170997884.0000000000201000.00000040.00000001.01000000.00000003.sdmp String decryptor: laddyirekyi.sbs
Source: 00000000.00000002.2170997884.0000000000201000.00000040.00000001.01000000.00000003.sdmp String decryptor: exilepolsiy.sbs
Source: 00000000.00000002.2170997884.0000000000201000.00000040.00000001.01000000.00000003.sdmp String decryptor: bemuzzeki.sbsv
Source: 00000000.00000002.2170997884.0000000000201000.00000040.00000001.01000000.00000003.sdmp String decryptor: exemplarou.sbs
Source: 00000000.00000002.2170997884.0000000000201000.00000040.00000001.01000000.00000003.sdmp String decryptor: isoplethui.sbs
Source: 00000000.00000002.2170997884.0000000000201000.00000040.00000001.01000000.00000003.sdmp String decryptor: frizzettei.sbs
Source: 00000000.00000002.2170997884.0000000000201000.00000040.00000001.01000000.00000003.sdmp String decryptor: ponintnykqwm.shop
Source: 00000000.00000002.2170997884.0000000000201000.00000040.00000001.01000000.00000003.sdmp String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2170997884.0000000000201000.00000040.00000001.01000000.00000003.sdmp String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2170997884.0000000000201000.00000040.00000001.01000000.00000003.sdmp String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2170997884.0000000000201000.00000040.00000001.01000000.00000003.sdmp String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2170997884.0000000000201000.00000040.00000001.01000000.00000003.sdmp String decryptor: Workgroup: -
Source: 00000000.00000002.2170997884.0000000000201000.00000040.00000001.01000000.00000003.sdmp String decryptor: g392sM--
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00290490 FindFirstFileW, 0_2_00290490
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h 0_2_00244040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then mov ebp, eax 0_2_0020A300
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_002323E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_002323E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_002323E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then mov byte ptr [edi], al 0_2_002323E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_002323E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then mov eax, dword ptr [esi+14h] 0_2_002323E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h] 0_2_00208590
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then movzx edx, byte ptr [esi+edi] 0_2_002049A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then movzx edi, byte ptr [ecx+esi] 0_2_00206EA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then jmp ecx 0_2_00208FD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then mov ecx, dword ptr [edx] 0_2_00201000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh 0_2_00247520
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then movzx ecx, word ptr [edi+eax] 0_2_00247710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then movzx edx, byte ptr [esi+ebx] 0_2_00205A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then movzx ecx, word ptr [ebp+00h] 0_2_0020BEB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h 0_2_00247FC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00247FC0

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2056514 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frizzettei .sbs) : 192.168.2.6:57124 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056524 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wickedneatr .sbs) : 192.168.2.6:49857 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056512 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (exilepolsiy .sbs) : 192.168.2.6:62016 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056518 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (isoplethui .sbs) : 192.168.2.6:49299 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056520 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (laddyirekyi .sbs) : 192.168.2.6:55725 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056516 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (invinjurhey .sbs) : 192.168.2.6:54101 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056502 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bemuzzeki .sbs) : 192.168.2.6:56812 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056510 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (exemplarou .sbs) : 192.168.2.6:52300 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49711 -> 172.67.206.204:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49711 -> 172.67.206.204:443
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: wickedneatr.sbs
Source: Malware configuration extractor URLs: bemuzzeki.sbsv
Source: Malware configuration extractor URLs: isoplethui.sbs
Source: Malware configuration extractor URLs: ponintnykqwm.shop
Source: Malware configuration extractor URLs: invinjurhey.sbs
Source: Malware configuration extractor URLs: exemplarou.sbs
Source: Malware configuration extractor URLs: exilepolsiy.sbs
Source: Malware configuration extractor URLs: laddyirekyi.sbs
Source: Malware configuration extractor URLs: frizzettei.sbs
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.102.49.254 104.102.49.254
Source: Joe Sandbox View IP Address: 172.67.206.204 172.67.206.204
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic DNS traffic detected: DNS query: ponintnykqwm.shop
Source: global traffic DNS traffic detected: DNS query: frizzettei.sbs
Source: global traffic DNS traffic detected: DNS query: isoplethui.sbs
Source: global traffic DNS traffic detected: DNS query: exemplarou.sbs
Source: global traffic DNS traffic detected: DNS query: bemuzzeki.sbs
Source: global traffic DNS traffic detected: DNS query: exilepolsiy.sbs
Source: global traffic DNS traffic detected: DNS query: laddyirekyi.sbs
Source: global traffic DNS traffic detected: DNS query: invinjurhey.sbs
Source: global traffic DNS traffic detected: DNS query: wickedneatr.sbs
Source: global traffic DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic DNS traffic detected: DNS query: sergei-esenin.com
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171686687.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171686687.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171686687.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2170997884.000000000025E000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.enigmaprotector.com/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2170997884.000000000025E000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.enigmaprotector.com/openU
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171686687.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&l=e
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/en/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C38000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://invinjurhey.sbs/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C38000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://invinjurhey.sbs:443/api
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://laddyirekyi.sbs/api
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/B
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/Sw
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C73000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C73000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/api
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C73000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C73000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/apiM1
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000CBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/cw
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C38000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com:443/api
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/discussions/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171686687.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/market/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171686687.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/workshop/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C38000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/about/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/explore/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171686687.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/legal/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/mobile
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/news/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/points/shop/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/stats/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C38000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wickedneatr.sbs:443/api
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165786831.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.6:49711 version: TLS 1.2

System Summary
barindex
PE file has nameless sections
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: section name:
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B8634 NtClose, 0_2_002B8634
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B8650 NtSetInformationFile, 0_2_002B8650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B86B8 NtReadFile, 0_2_002B86B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B8710 NtCreateFile, 0_2_002B8710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B87F0 NtProtectVirtualMemory, 0_2_002B87F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B8028 NtCreateKey, 0_2_002B8028
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B8070 NtEnumerateKey, 0_2_002B8070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B80B0 NtSetValueKey, 0_2_002B80B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B8180 NtNotifyChangeKey, 0_2_002B8180
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B81E0 NtQueryMultipleValueKey, 0_2_002B81E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B827C NtSetInformationKey, 0_2_002B827C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B82E0 NtWriteFile, 0_2_002B82E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B82C4 NtTerminateProcess, 0_2_002B82C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B8338 NtQueryObject, 0_2_002B8338
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B836C NtQueryDirectoryFile, 0_2_002B836C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B83F4 NtDuplicateObject, 0_2_002B83F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B843C NtQueryVolumeInformationFile, 0_2_002B843C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B848C NtLockFile, 0_2_002B848C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B84EC NtUnlockFile, 0_2_002B84EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B853C NtUnmapViewOfSection, 0_2_002B853C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B8558 NtQuerySection, 0_2_002B8558
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B858C NtMapViewOfSection, 0_2_002B858C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B85EC NtCreateSection, 0_2_002B85EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B8684 NtQueryInformationFile, 0_2_002B8684
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B8778 NtOpenFile, 0_2_002B8778
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7B50 NtDeviceIoControlFile, 0_2_002B7B50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7BB0 NtQueryInformationProcess, 0_2_002B7BB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7BE4 NtCreateThread, 0_2_002B7BE4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7C50 NtCreateProcess, 0_2_002B7C50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7CA0 NtCreateProcessEx, 0_2_002B7CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7CF8 NtCreateUserProcess, 0_2_002B7CF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7D60 NtOpenKeyEx, 0_2_002B7D60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7D8C NtSetVolumeInformationFile, 0_2_002B7D8C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7DE0 NtQuerySecurityObject, 0_2_002B7DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7E14 NtNotifyChangeDirectoryFile, 0_2_002B7E14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7E6C NtFsControlFile, 0_2_002B7E6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7F04 NtAccessCheck, 0_2_002B7F04
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7F74 NtEnumerateValueKey, 0_2_002B7F74
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7F54 NtOpenKey, 0_2_002B7F54
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7FB4 NtQueryKey, 0_2_002B7FB4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B7FE8 NtQueryValueKey, 0_2_002B7FE8
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00316CA4: CreateFileA,DeviceIoControl, 0_2_00316CA4
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00244040 0_2_00244040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0020E1A0 0_2_0020E1A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00316264 0_2_00316264
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002382D0 0_2_002382D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0020A300 0_2_0020A300
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002323E0 0_2_002323E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0035E434 0_2_0035E434
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002364F0 0_2_002364F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00208590 0_2_00208590
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00316600 0_2_00316600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002E482C 0_2_002E482C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0036480C 0_2_0036480C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0020A850 0_2_0020A850
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0023E8A0 0_2_0023E8A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_003688C4 0_2_003688C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002489A0 0_2_002489A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00336A04 0_2_00336A04
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00316A40 0_2_00316A40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00248A80 0_2_00248A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002C8BB0 0_2_002C8BB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00370C38 0_2_00370C38
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002D2C0C 0_2_002D2C0C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0036AD68 0_2_0036AD68
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0035CE4C 0_2_0035CE4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0020AF10 0_2_0020AF10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0034AFF0 0_2_0034AFF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002A0FF0 0_2_002A0FF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00208FD0 0_2_00208FD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00201000 0_2_00201000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0036B01C 0_2_0036B01C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0036705C 0_2_0036705C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0036F048 0_2_0036F048
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0036513C 0_2_0036513C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00205160 0_2_00205160
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002071F0 0_2_002071F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002012F7 0_2_002012F7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0020B3A0 0_2_0020B3A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002013A3 0_2_002013A3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00331498 0_2_00331498
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002035B0 0_2_002035B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0020164F 0_2_0020164F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002AB97C 0_2_002AB97C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00351958 0_2_00351958
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00339A18 0_2_00339A18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00247AB0 0_2_00247AB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00313AC8 0_2_00313AC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00335AC8 0_2_00335AC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00207BF0 0_2_00207BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002F3C28 0_2_002F3C28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00313D94 0_2_00313D94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0033DEB0 0_2_0033DEB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0020BEB0 0_2_0020BEB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00351E80 0_2_00351E80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00313F24 0_2_00313F24
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00339F48 0_2_00339F48
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_003CBF40 0_2_003CBF40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00247FC0 0_2_00247FC0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: String function: 00269D9C appears 123 times
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: Section: ZLIB complexity 0.999778891509434
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: Section: ZLIB complexity 0.9959435096153846
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: Section: .data ZLIB complexity 0.9971848574740863
Source: classification engine Classification label: mal100.troj.evad.winEXE@1/0@11/2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe ReversingLabs: Detection: 57%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Section loaded: dpapi.dll Jump to behavior
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static file information: File size 1281024 > 1048576

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Unpacked PE file: 0.2.SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe.200000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:EW;.data:EW;
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: section name:
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_003059C4 push 00305A51h; ret 0_2_00305A49
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00274054 push 00274080h; ret 0_2_00274078
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002A80BC push 002A80E8h; ret 0_2_002A80E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_003100FC push 00310134h; ret 0_2_0031012C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002A80F4 push 002A8120h; ret 0_2_002A8118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0028A12C push 0028A1D7h; ret 0_2_0028A1CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00348124 push 00348150h; ret 0_2_00348148
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002EE160 push 002EE18Ch; ret 0_2_002EE184
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002E0194 push 002E01C0h; ret 0_2_002E01B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002AC194 push 002AC1CCh; ret 0_2_002AC1C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0028A1DC push 0028A26Ch; ret 0_2_0028A264
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002CC290 push 002CC2C3h; ret 0_2_002CC2BB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002CC2F0 push 002CC31Ch; ret 0_2_002CC314
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002CC33C push 002CC388h; ret 0_2_002CC380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0034A348 push 0034A394h; ret 0_2_0034A38C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0027C3A0 push 0027C400h; ret 0_2_0027C3F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0034A3A0 push 0034A3CCh; ret 0_2_0034A3C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00314394 push 003143C0h; ret 0_2_003143B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002CC394 push 002CC3DFh; ret 0_2_002CC3D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00342388 push 0034243Ch; ret 0_2_00342434
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0036441C push 0036445Ah; ret 0_2_00364452
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0030E47C push 0030E4C8h; ret 0_2_0030E4C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002CA578 push ecx; mov dword ptr [esp], ecx 0_2_002CA57D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0027C578 push 0027C5A4h; ret 0_2_0027C59C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002EC55C push 002EC5B6h; ret 0_2_002EC5AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_003D0548 push 003D057Bh; ret 0_2_003D0573
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0028E5C4 push 0028E5F0h; ret 0_2_0028E5E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0027A62C push 0027A6A2h; ret 0_2_0027A69A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0027C664 push ecx; mov dword ptr [esp], ecx 0_2_0027C667
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0027A6A4 push 0027A74Ch; ret 0_2_0027A744
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_0027C684 push ecx; mov dword ptr [esp], ecx 0_2_0027C687
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: section name: entropy: 7.998539516041993
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: section name: entropy: 7.715240043082984
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: section name: entropy: 7.979386559598038
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: section name: entropy: 7.834037673407767
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Static PE information: section name: .data entropy: 7.985314766441003
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe TID: 2936 Thread sleep count: 209 > 30 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe TID: 2616 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00290490 FindFirstFileW, 0_2_00290490
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW8
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2170997884.000000000025E000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: VBoxService.exe
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2170997884.00000000003A9000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: ~VirtualMachineTypes
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C73000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C73000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWr
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2170997884.00000000003A9000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: ]DLL_Loader_VirtualMachine
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000003.2165817669.0000000000C73000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2171547106.0000000000C73000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2170997884.000000000025E000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: VMWare
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2170997884.00000000003A9000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe, 00000000.00000002.2170997884.000000000025E000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: &VBoxService.exe

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Thread information set: HideFromDebugger Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00245BB0 LdrInitializeThunk, 0_2_00245BB0
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_02998B0C mov eax, dword ptr fs:[00000030h] 0_2_02998B0C

HIPS / PFW / Operating System Protection Evasion
barindex
LummaC encrypted strings found
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe String found in binary or memory: wickedneatr.sbs
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe String found in binary or memory: invinjurhey.sbs
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe String found in binary or memory: laddyirekyi.sbs
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe String found in binary or memory: exilepolsiy.sbs
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe String found in binary or memory: bemuzzeki.sbsv
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe String found in binary or memory: exemplarou.sbs
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe String found in binary or memory: isoplethui.sbs
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe String found in binary or memory: frizzettei.sbs
Source: SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe String found in binary or memory: ponintnykqwm.shop
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_00315268 cpuid 0_2_00315268
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,GetLocaleInfoA, 0_2_003C7208
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe Code function: 0_2_002B6CC0 GetTimeZoneInformation, 0_2_002B6CC0

Stealing of Sensitive Information
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528524 Sample: SecuriteInfo.com.Win32.Evo-... Startdate: 08/10/2024 Architecture: WINDOWS Score: 100 10 wickedneatr.sbs 2->10 12 sergei-esenin.com 2->12 14 9 other IPs or domains 2->14 20 Suricata IDS alerts for network traffic 2->20 22 Found malware configuration 2->22 24 Antivirus detection for URL or domain 2->24 26 9 other signatures 2->26 6 SecuriteInfo.com.Win32.Evo-gen.11282.4102.exe 2->6         started        signatures3 process4 dnsIp5 16 sergei-esenin.com 172.67.206.204, 443, 49711 CLOUDFLARENETUS United States 6->16 18 steamcommunity.com 104.102.49.254, 443, 49710 AKAMAI-ASUS United States 6->18 28 Detected unpacking (changes PE section rights) 6->28 30 Hides threads from debuggers 6->30 signatures6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.102.49.254
 steamcommunity.com United States
16625 AKAMAI-ASUS false
172.67.206.204
 sergei-esenin.com United States
13335 CLOUDFLARENETUS true

Contacted Domains

Name IP Active
steamcommunity.com 104.102.49.254 true
sergei-esenin.com 172.67.206.204 true
frizzettei.sbs unknown unknown
laddyirekyi.sbs unknown unknown
wickedneatr.sbs unknown unknown
ponintnykqwm.shop unknown unknown
bemuzzeki.sbs unknown unknown
invinjurhey.sbs unknown unknown
isoplethui.sbs unknown unknown
exilepolsiy.sbs unknown unknown
exemplarou.sbs unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
frizzettei.sbs true
    		unknown
    laddyirekyi.sbs true
      		unknown
      isoplethui.sbs true
        		unknown
        https://steamcommunity.com/profiles/76561199724331900 true
        • URL Reputation: malware
        		 unknown
        invinjurhey.sbs true
          		unknown
          exilepolsiy.sbs true
            		unknown
            ponintnykqwm.shop true
              		unknown
              exemplarou.sbs true
                		unknown
                bemuzzeki.sbsv true
                  		unknown
                  wickedneatr.sbs true
                    		unknown
                    https://sergei-esenin.com/api true
                      		unknown