Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Avira: detected |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
ReversingLabs: Detection: 76% |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Virustotal: Detection: 81% |
Perma Link |
Source: Submited Sample |
Integrated Neural Analysis Model: Matched 81.4% probability |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Joe Sandbox ML: detected |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00406169 |
0_2_00406169 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00404240 |
0_2_00404240 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_004063D7 |
0_2_004063D7 |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe, 00000000.00000002.3348930492.0000000000416000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilename656.exe<?xml version="1.0" encoding="UTF-8" standalone="yes"?> vs SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Binary or memory string: OriginalFilename656.exe<?xml version="1.0" encoding="UTF-8" standalone="yes"?> vs SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal72.troj.winEXE@1/0@0/1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Mutant created: NULL |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
ReversingLabs: Detection: 76% |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Virustotal: Detection: 81% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Section loaded: msvbvm60.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Section loaded: vb6zz.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Section loaded: vb6es.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Section loaded: vb6es.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Static PE information: real checksum: 0x1e602 should be: 0x24594 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00406169 push 00000007h; retf |
0_2_004063D6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00403042 push 00401246h; ret |
0_2_00403055 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00403444 push 00401246h; ret |
0_2_00403457 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00405C48 push 00401246h; ret |
0_2_00405C5B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00403056 push 00401246h; ret |
0_2_00403069 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00403458 push 00401246h; ret |
0_2_0040346B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00405C5C push 00401246h; ret |
0_2_00405C6F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_0040346C push 00401246h; ret |
0_2_0040347F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00405C70 push 00401246h; ret |
0_2_00405C83 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_0040387C push 00401246h; ret |
0_2_0040388F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00403006 push 00401246h; ret |
0_2_00403019 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_0040301A push 00401246h; ret |
0_2_0040302D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_0040341C push 00401246h; ret |
0_2_0040342F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_0040302E push 00401246h; ret |
0_2_00403041 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00403430 push 00401246h; ret |
0_2_00403443 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00405CC0 push 00401246h; ret |
0_2_00405CD3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_004038CC push 00401246h; ret |
0_2_004038DF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00405CD4 push 00401246h; ret |
0_2_00405CE7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_004038E0 push 00401246h; ret |
0_2_004038F3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00405CE8 push 00401246h; ret |
0_2_00405CFB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_004038F4 push 00401246h; ret |
0_2_00403907 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00405CFC push 00401246h; ret |
0_2_00405D0F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00403480 push 00401246h; ret |
0_2_00403493 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00405C84 push 00401246h; ret |
0_2_00405C97 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00403890 push 00401246h; ret |
0_2_004038A3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00403494 push 00401246h; ret |
0_2_004034A7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00405C98 push 00401246h; ret |
0_2_00405CAB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_004038A4 push 00401246h; ret |
0_2_004038B7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_004034A8 push 00401246h; ret |
0_2_004034BB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_00405CAC push 00401246h; ret |
0_2_00405CBF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Code function: 0_2_004038B8 push 00401246h; ret |
0_2_004038CB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe, 00000000.00000002.3349046085.00000000005D3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: Yara match |
File source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.2107913476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3348882578.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe PID: 1804, type: MEMORYSTR |
Source: Yara match |
File source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.2107913476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3348882578.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe PID: 1804, type: MEMORYSTR |