Windows Analysis Report
SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe
Analysis ID: 1532613
MD5: 5d0de7f05d673ba4135d698134385416
SHA1: 8f54cb2091ef206bb9b608c5d2e2e8ee53176e51
SHA256: f221046e04812cb9cc27d82d35d6445f70801fb9ed0755d8cdffee45b61ba525
Tags: exe
Errors
  • Corrupt sample or wrongly selected analyzer. Details: The %1 application cannot be run in Win32 mode.

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Detected potential crypto function
Found potential string decryption / allocating functions
PE file contains an invalid checksum
Program does not show much activity (idle)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe ReversingLabs: Detection: 31%
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe Virustotal: Detection: 36% Perma Link
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: C:\Users\ac\Desktop\MTA\MTASA spoofer\x64\Release\MTASpoofer.pdb source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe
Source: Binary string: C:\Users\ac\Desktop\MTA\MTASA spoofer\x64\Release\MTASpoofer.pdb source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe Code function: 2_2_00007FF7F43E2A2C DbgPrint,ExAllocatePoolWithTag,ZwQuerySystemInformation,ExFreePoolWithTag,ExFreePoolWithTag, 2_2_00007FF7F43E2A2C
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe Code function: 2_2_00007FF7F43E1190: IoDriverObjectType,ObReferenceObjectByName,DbgPrint,ObfDereferenceObject,DbgPrint,IoDriverObjectType,ObReferenceObjectByName,DbgPrint,DbgPrint,IoEnumerateDeviceObjectList,ExAllocatePoolWithTag,IoEnumerateDeviceObjectList,IoGetAttachedDeviceReference,KeInitializeEvent,IoBuildDeviceIoControlRequest,IofCallDriver,KeWaitForSingleObject,DbgPrint,ObfDereferenceObject,DbgPrint,rand,ObfDereferenceObject,DbgPrint,DbgPrint,ExFreePoolWithTag,DbgPrint,DbgPrint,DbgPrint,ObfDereferenceObject,rand,DbgPrint, 2_2_00007FF7F43E1190
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe Code function: 2_2_00007FF7F43E1190 2_2_00007FF7F43E1190
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe Code function: String function: 00007FF7F43E2DAD appears 42 times
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe Binary string: \Device\%ws
Source: classification engine Classification label: mal48.winEXE@1/0@0/0
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe ReversingLabs: Detection: 31%
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe Virustotal: Detection: 36%
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\ac\Desktop\MTA\MTASA spoofer\x64\Release\MTASpoofer.pdb source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe
Source: Binary string: C:\Users\ac\Desktop\MTA\MTASA spoofer\x64\Release\MTASpoofer.pdb source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe
PE file contains an invalid checksum
Source: SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe Static PE information: real checksum: 0x9e88 should be: 0x118c0
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe Code function: 2_2_00007FF7F43E2DD4 cpuid 2_2_00007FF7F43E2DD4
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1532613 Sample: SecuriteInfo.com.Win64.Malw... Startdate: 13/10/2024 Architecture: WINDOWS Score: 48 7 Multi AV Scanner detection for submitted file 2->7 5 SecuriteInfo.com.Win64.Malware-gen.1863.6431.exe 2->5         started        process3
No contacted IP infos