Click to jump to signature section
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Avira: detected |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | ReversingLabs: Detection: 76% |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Virustotal: Detection: 81% | Perma Link |
Source: Submited Sample | Integrated Neural Analysis Model: Matched 81.4% probability |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Joe Sandbox ML: detected |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00406169 | 0_2_00406169 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00404240 | 0_2_00404240 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_004063D7 | 0_2_004063D7 |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe, 00000000.00000002.3348930492.0000000000416000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilename656.exe<?xml version="1.0" encoding="UTF-8" standalone="yes"?> vs SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Binary or memory string: OriginalFilename656.exe<?xml version="1.0" encoding="UTF-8" standalone="yes"?> vs SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine | Classification label: mal72.troj.winEXE@1/0@0/1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Mutant created: NULL |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | ReversingLabs: Detection: 76% |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Virustotal: Detection: 81% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Section loaded: msvbvm60.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Section loaded: vb6zz.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Section loaded: vb6es.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Section loaded: vb6es.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: Window Recorder | Window detected: More than 3 window changes detected |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Static PE information: real checksum: 0x1e602 should be: 0x24594 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00406169 push 00000007h; retf | 0_2_004063D6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00403042 push 00401246h; ret | 0_2_00403055 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00403444 push 00401246h; ret | 0_2_00403457 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00405C48 push 00401246h; ret | 0_2_00405C5B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00403056 push 00401246h; ret | 0_2_00403069 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00403458 push 00401246h; ret | 0_2_0040346B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00405C5C push 00401246h; ret | 0_2_00405C6F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_0040346C push 00401246h; ret | 0_2_0040347F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00405C70 push 00401246h; ret | 0_2_00405C83 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_0040387C push 00401246h; ret | 0_2_0040388F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00403006 push 00401246h; ret | 0_2_00403019 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_0040301A push 00401246h; ret | 0_2_0040302D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_0040341C push 00401246h; ret | 0_2_0040342F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_0040302E push 00401246h; ret | 0_2_00403041 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00403430 push 00401246h; ret | 0_2_00403443 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00405CC0 push 00401246h; ret | 0_2_00405CD3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_004038CC push 00401246h; ret | 0_2_004038DF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00405CD4 push 00401246h; ret | 0_2_00405CE7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_004038E0 push 00401246h; ret | 0_2_004038F3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00405CE8 push 00401246h; ret | 0_2_00405CFB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_004038F4 push 00401246h; ret | 0_2_00403907 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00405CFC push 00401246h; ret | 0_2_00405D0F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00403480 push 00401246h; ret | 0_2_00403493 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00405C84 push 00401246h; ret | 0_2_00405C97 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00403890 push 00401246h; ret | 0_2_004038A3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00403494 push 00401246h; ret | 0_2_004034A7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00405C98 push 00401246h; ret | 0_2_00405CAB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_004038A4 push 00401246h; ret | 0_2_004038B7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_004034A8 push 00401246h; ret | 0_2_004034BB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_00405CAC push 00401246h; ret | 0_2_00405CBF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Code function: 0_2_004038B8 push 00401246h; ret | 0_2_004038CB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe, 00000000.00000002.3349046085.00000000005D3000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: Yara match | File source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe, type: SAMPLE |
Source: Yara match | File source: 0.0.SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000000.2107913476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.3348882578.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe PID: 1804, type: MEMORYSTR |
Source: Yara match | File source: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe, type: SAMPLE |
Source: Yara match | File source: 0.0.SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000000.2107913476.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.3348882578.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Trojan.Siggen28.43392.13729.12160.exe PID: 1804, type: MEMORYSTR |