Windows Analysis Report
SecuriteInfo.com.Riskware.Application.2939.9339.dll

Overview

General Information

Sample name: SecuriteInfo.com.Riskware.Application.2939.9339.dll
Analysis ID: 1532736
MD5: bd745fd12f4298c0faf6d3cb1058bb30
SHA1: c0b140ff4199d43005b0bb464a48fd46e2e4f20e
SHA256: 5a738bc13f111911358ff5d0dabf9660897162c9d3493c0924129bac038eb793
Tags: dll
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary contains a suspicious time stamp
Creates a process in suspended mode (likely to inject code)
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll ReversingLabs: Detection: 15%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 99.8% probability
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll String found in binary or memory: https://cdn.pixabay.com/photo/2013/07/12/12/56/home-146585_640.png
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll String found in binary or memory: https://dm0qx8t0i9gc9.cloudfront.net/thumbnails/image/rDtN98Qoishumwih/cemented-wall-seamless-textur
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll String found in binary or memory: https://i.pinimg.com/736x/58/72/db/5872dbc337cee578532d0bd784924c94.jpg
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll String found in binary or memory: https://static-00.iconduck.com/assets.00/person-icon-1901x2048-a9h70k71.png
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll String found in binary or memory: https://www.krqe.com/wp-content/uploads/sites/12/2022/12/AdobeStock_81556974.jpeg?w=2560&h=1440&crop
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll Binary or memory string: OriginalFilenameVxV Pad 2 V1.dll: vs SecuriteInfo.com.Riskware.Application.2939.9339.dll
Source: classification engine Classification label: mal52.winDLL@6/0@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4016:120:WilError_03
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll Static file information: TRID: Win32 Dynamic Link Library (generic) Net Framework (1011504/3) 49.81%
Source: C:\Windows\System32\loaddll32.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Riskware.Application.2939.9339.dll",#1
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll ReversingLabs: Detection: 15%
Source: unknown Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Riskware.Application.2939.9339.dll"
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Riskware.Application.2939.9339.dll",#1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Riskware.Application.2939.9339.dll",#1
Source: C:\Windows\System32\loaddll32.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Riskware.Application.2939.9339.dll",#1 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Riskware.Application.2939.9339.dll",#1 Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\loaddll32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll Static PE information: Virtual size of .text is bigger than: 0x100000
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll Static file information: File size 4884992 > 1048576
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll Static PE information: Raw size of .text is bigger than: 0x100000 < 0x4a8200
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains a suspicious time stamp
Source: SecuriteInfo.com.Riskware.Application.2939.9339.dll Static PE information: 0x864ED97F [Tue May 28 00:40:31 2041 UTC]
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\loaddll32.exe Thread delayed: delay time: 120000 Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Riskware.Application.2939.9339.dll",#1 Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1532736 Sample: SecuriteInfo.com.Riskware.A... Startdate: 13/10/2024 Architecture: WINDOWS Score: 52 15 Multi AV Scanner detection for submitted file 2->15 17 AI detected suspicious sample 2->17 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        process5 13 rundll32.exe 9->13         started       
No contacted IP infos

Contacted Domains

Name IP Active
s-part-0017.t-0009.t-msedge.net 13.107.246.45 true