Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe
Analysis ID:	1529188
MD5:	b8192d9e9ce7362a3aba5a02fd309a32
SHA1:	93a36ca96babd90db517f329a6a37fc3931667f3
SHA256:	75f0da5d20808037e11e583ccfe0ec12d848e562e768e339e3da321019180806
Tags:	exe
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

PE file contains section with special chars

Entry point lies outside standard sections

PE / OLE file has an invalid certificate

PE file contains sections with non-standard names

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe

ReversingLabs: Detection: 39%

Uses 32bit PE files

Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	String found in binary or memory: http://ocsp.sectigo.com0
Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	String found in binary or memory: https://sectigo.com/CPS0

System Summary

PE file contains section with special chars

Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	Static PE information: section name: .+&`
Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	Static PE information: section name: ._h

PE / OLE file has an invalid certificate

Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe

Static PE information: invalid certificate

Uses 32bit PE files

Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal60.winEXE@2/0@0/0

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5228:120:WilError_03

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe

ReversingLabs: Detection: 39%

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	Section loaded: d3dcompiler_43.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	Section loaded: xinput1_3.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe

Static file information: File size 7209984 > 1048576

Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe

Static PE information: Raw size of .CF6 is bigger than: 0x100000 < 0x6dd600

Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .CF6

PE file contains sections with non-standard names

Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	Static PE information: section name: .+&`
Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	Static PE information: section name: ._h
Source: SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe	Static PE information: section name: .CF6

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1529188
Product:	CloudBasic
Start time:	18:24:06
Start date:	08.10.2024
Sample:	SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	b8192d9e9ce7362a3aba5a02fd309a32
SHA1:	93a36ca96babd90db517f329a6a37fc3931667f3
SHA256:	75f0da5d20808037e11e583ccfe0ec12d848e562e768e339e3da321019180806
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Screenshots

Behavior Graph

Network Map

Windows Analysis Report SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.218.20145.exe