Windows Analysis Report
HitPawInfo.exe

Overview

General Information

Sample name:	HitPawInfo.exe
Analysis ID:	1528531
MD5:	00ced89a573ad1e1f96c94c763222e1e
SHA1:	808183d9160a89ad3c8730d2b6b76803ca97f38f
SHA256:	5fc1bd27c679b1b5306996cfa518fa1a7b4fb60e0fe6ea92bb4ba3b82c471a85
Tags:	exegibbooc2comremcosuser-PeterGabaldon

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Detected potential crypto function

PE file contains an invalid checksum

Program does not show much activity (idle)

Classification

Signatures

Source: HitPawInfo.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: HitPawInfo.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: HitPawInfo.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: HitPawInfo.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: HitPawInfo.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: HitPawInfo.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: HitPawInfo.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: HitPawInfo.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: HitPawInfo.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: HitPawInfo.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: HitPawInfo.exe	String found in binary or memory: http://ocsp.digicert.com0
Source: HitPawInfo.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: HitPawInfo.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: HitPawInfo.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: HitPawInfo.exe	String found in binary or memory: http://www.digicert.com/CPS0

Detected potential crypto function

Source: C:\Users\user\Desktop\HitPawInfo.exe

Code function: 0_2_00007FF639BD3CA0

0_2_00007FF639BD3CA0

Source: classification engine

Classification label: clean2.winEXE@1/0@0/0

Source: HitPawInfo.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\HitPawInfo.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\HitPawInfo.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\HitPawInfo.exe	Section loaded: pcinfo.dll			Jump to behavior

Source: HitPawInfo.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: HitPawInfo.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: HitPawInfo.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: HitPawInfo.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: HitPawInfo.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: HitPawInfo.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: HitPawInfo.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: HitPawInfo.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: HitPawInfo.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: HitPawInfo.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: HitPawInfo.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: HitPawInfo.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: HitPawInfo.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: HitPawInfo.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains an invalid checksum

Source: HitPawInfo.exe

Static PE information: real checksum: 0x7d382 should be: 0x7cdc6

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\HitPawInfo.exe

Code function: 0_2_00007FF639BD5EAC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF639BD5EAC

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\HitPawInfo.exe	Code function: 0_2_00007FF639BD6090 SetUnhandledExceptionFilter,	0_2_00007FF639BD6090
Source: C:\Users\user\Desktop\HitPawInfo.exe	Code function: 0_2_00007FF639BD5EAC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF639BD5EAC
Source: C:\Users\user\Desktop\HitPawInfo.exe	Code function: 0_2_00007FF639BD59BC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF639BD59BC

Source: C:\Users\user\Desktop\HitPawInfo.exe

Code function: 0_2_00007FF639BD5D88 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF639BD5D88

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1528531
Product:	CloudBasic
Start time:	00:43:52
Start date:	08.10.2024
Sample:	HitPawInfo.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	00ced89a573ad1e1f96c94c763222e1e
SHA1:	808183d9160a89ad3c8730d2b6b76803ca97f38f
SHA256:	5fc1bd27c679b1b5306996cfa518fa1a7b4fb60e0fe6ea92bb4ba3b82c471a85
Filetype:	Win64 Executable GUI (202006/5) 92.65%

Windows Analysis Report
HitPawInfo.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report HitPawInfo.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
HitPawInfo.exe