Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe
Analysis ID:	1546296
MD5:	7289f7cd6b9eb00b3504a8769598d139
SHA1:	8878453a31f61b4de7538c4556bfab3e8d26df9f
SHA256:	dafbd02bca5538d5f0367f2983e9f916f860d89dae1bd385b488cb9c768c8ede
Tags:	exe

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Uses Windows timers to delay execution

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe (PID: 4340 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe" MD5: 7289F7CD6B9EB00B3504A8769598D139)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-31T18:27:28.733359+0100	2022930	1	A Network Trojan was detected	172.202.163.200	443	192.168.2.7	49754	TCP
2024-10-31T18:28:13.039992+0100	2022930	1	A Network Trojan was detected	172.202.163.200	443	192.168.2.7	49973	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe

ReversingLabs: Detection: 13%

Source: SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.7:49754
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.7:49973

Source: SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe, 00000005.00000000.1276620008.00000000005D7000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilename" vs SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Binary or memory string: OriginalFilename" vs SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe

Source: SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: mal52.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe

ReversingLabs: Detection: 13%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe

Window found: window name: TButton

Jump to behavior

Source: SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe

Static file information: File size 2703872 > 1048576

Source: SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe

Static PE information: Raw size of CODE is bigger than: 0x100000 < 0x1cac00

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Code function: 5_2_022E4434 push edi; ret		5_2_022E4474
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	Code function: 5_2_022E4475 push edi; ret		5_2_022E4474

Malware Analysis System Evasion

Uses Windows timers to delay execution

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 100ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 250ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 250ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	User Timer Set: Timeout: 500ms	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	OS Credential Dumping	1 Virtualization/Sandbox Evasion	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 DLL Side-Loading	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe	13%	ReversingLabs	Win32.Trojan.Generic

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1546296
Start date and time:	2024-10-31 18:26:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe
Detection:	MAL
Classification:	mal52.evad.winEXE@1/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe, PID 4340 because there are no executed function
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe

Simulations

Behavior and APIs

Time	Type	Description
14:57:06	API Interceptor	55x Sleep call for process: SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.840232509305977
TrID:	Win32 Executable (generic) a (10002005/4) 92.22% Win32 Executable Borland Delphi 7 (665061/41) 6.13% Windows ActiveX control (116523/4) 1.07% Win32 EXE PECompact compressed (generic) (41571/9) 0.38% Win32 Executable Delphi generic (14689/80) 0.14%
File name:	SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe
File size:	2'703'872 bytes
MD5:	7289f7cd6b9eb00b3504a8769598d139
SHA1:	8878453a31f61b4de7538c4556bfab3e8d26df9f
SHA256:	dafbd02bca5538d5f0367f2983e9f916f860d89dae1bd385b488cb9c768c8ede
SHA512:	efa8a23382efe2d8d2632847c542296faae08c0dfee7530fc8b3ca5910a00c64323ee87b3dc6e6c55abfdd88e702173c982ed2cd832e6b7d14c06b6d4cd7b103
SSDEEP:	49152:gU9JZj3gOjuT2JEH+tvcYJXaBVRpN/PD:gsZj3gxTPHTYJ8VLd
TLSH:	A3C56CF7E1404472DA332F796C5BA39A4D217F842FE88B57FBD5ACD80E3A110782A456
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	8737656535170646

Static PE Info

General

Entrypoint:	0x5cbb48
Entrypoint Section:	CODE
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:
Time Stamp:	0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	92c2ee4988f0629ae080b641fbef84f6

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFF0h
mov eax, 005CB570h
call 00007F1DC87A57D1h
mov eax, dword ptr [005CF4CCh]
mov eax, dword ptr [eax]
call 00007F1DC880F875h
mov ecx, dword ptr [005CF744h]
mov eax, dword ptr [005CF4CCh]
mov eax, dword ptr [eax]
mov edx, dword ptr [005CAB48h]
call 00007F1DC880F875h
mov eax, dword ptr [005CF4CCh]
mov eax, dword ptr [eax]
call 00007F1DC880F8E9h
call 00007F1DC87A2DD4h
lea eax, dword ptr [eax+00h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1d2000	0x2adc	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1f2000	0xa8600	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1d7000	0x1a264	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x1d6000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
CODE	0x1000	0x1cab90	0x1cac00	f3724d654abc44b478fb3b6f2a88823b	False	0.4948883472411444	data	6.520229220748421	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
DATA	0x1cc000	0x3888	0x3a00	446ac44b94d7b1a5b8daa0da7e119335	False	0.44537984913793105	data	4.921617298958611	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
BSS	0x1d0000	0x12d1	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x1d2000	0x2adc	0x2c00	44e275af2180428434e55a5206873040	False	0.3516512784090909	data	4.935365344142082	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x1d5000	0x10	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x1d6000	0x18	0x200	3a7a9a28f3267ff66e85079f0bcff4fc	False	0.05078125	data	0.2069200177871819	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.reloc	0x1d7000	0x1a264	0x1a400	028498c78a19c29b15ccb3fcdf8ab839	False	0.498335193452381	data	6.61673813519834	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.rsrc	0x1f2000	0xa8600	0xa8600	4c01885ffc6a17c7efff74868c9d0de4	False	0.08819802106533037	data	6.161279104918009	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x1f4324	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"			0.38636363636363635
RT_CURSOR	0x1f4458	0x134	Targa image data 64 x 65536 x 1 +32 "\001"	Russian	Russia	0.29545454545454547
RT_CURSOR	0x1f458c	0x134	data			0.4805194805194805
RT_CURSOR	0x1f46c0	0x134	data			0.38311688311688313
RT_CURSOR	0x1f47f4	0x134	data			0.36038961038961037
RT_CURSOR	0x1f4928	0x134	data			0.4090909090909091
RT_CURSOR	0x1f4a5c	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"			0.4967532467532468
RT_CURSOR	0x1f4b90	0x134	data	Arabic	Saudi Arabia	0.2597402597402597
RT_CURSOR	0x1f4cc4	0x134	Targa image data 64 x 65536 x 1 +32 "\001"	Russian	Russia	0.2824675324675325
RT_CURSOR	0x1f4df8	0x134	data	Dutch	Netherlands	0.38636363636363635
RT_CURSOR	0x1f4f2c	0x134	Targa image data 64 x 65536 x 1 +32 "\001"	Dutch	Netherlands	0.30194805194805197
RT_CURSOR	0x1f5060	0x134	Targa image data - RLE 64 x 65536 x 1 +32 "\001"	Dutch	Netherlands	0.275974025974026
RT_CURSOR	0x1f5194	0x134	data			0.4642857142857143
RT_BITMAP	0x1f52c8	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.43103448275862066
RT_BITMAP	0x1f5498	0x1e4	Device independent bitmap graphic, 36 x 19 x 4, image size 380			0.46487603305785125
RT_BITMAP	0x1f567c	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.43103448275862066
RT_BITMAP	0x1f584c	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.39870689655172414
RT_BITMAP	0x1f5a1c	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.4245689655172414
RT_BITMAP	0x1f5bec	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.5021551724137931
RT_BITMAP	0x1f5dbc	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.5064655172413793
RT_BITMAP	0x1f5f8c	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.39655172413793105
RT_BITMAP	0x1f615c	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.5344827586206896
RT_BITMAP	0x1f632c	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.39655172413793105
RT_BITMAP	0x1f64fc	0xc0	Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors			0.5208333333333334
RT_BITMAP	0x1f65bc	0xe0	Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors			0.42857142857142855
RT_BITMAP	0x1f669c	0xe0	Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors			0.4955357142857143
RT_BITMAP	0x1f677c	0x5c	Device independent bitmap graphic, 6 x 11 x 1, image size 44			0.391304347826087
RT_BITMAP	0x1f67d8	0x5c	Device independent bitmap graphic, 6 x 11 x 1, image size 44			0.391304347826087
RT_BITMAP	0x1f6834	0x5c	Device independent bitmap graphic, 6 x 11 x 1, image size 44			0.532608695652174
RT_BITMAP	0x1f6890	0x5c	Device independent bitmap graphic, 6 x 11 x 1, image size 44			0.532608695652174
RT_BITMAP	0x1f68ec	0x94	Device independent bitmap graphic, 6 x 11 x 4, image size 44	Russian	Russia	0.5
RT_BITMAP	0x1f6980	0x5c	Device independent bitmap graphic, 6 x 11 x 1, image size 44			0.4782608695652174
RT_BITMAP	0x1f69dc	0x5c	Device independent bitmap graphic, 6 x 11 x 1, image size 44			0.4782608695652174
RT_BITMAP	0x1f6a38	0x5c	Device independent bitmap graphic, 6 x 11 x 1, image size 44			0.5543478260869565
RT_BITMAP	0x1f6a94	0x5c	Device independent bitmap graphic, 6 x 11 x 1, image size 44			0.5543478260869565
RT_BITMAP	0x1f6af0	0x5c	Device independent bitmap graphic, 6 x 11 x 1, image size 44			0.4673913043478261
RT_BITMAP	0x1f6b4c	0x5c	Device independent bitmap graphic, 6 x 11 x 1, image size 44			0.4673913043478261
RT_BITMAP	0x1f6ba8	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.41025641025641024
RT_BITMAP	0x1f6ce0	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.27564102564102566
RT_BITMAP	0x1f6e18	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.3685897435897436
RT_BITMAP	0x1f6f50	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.3685897435897436
RT_BITMAP	0x1f7088	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.34294871794871795
RT_BITMAP	0x1f71c0	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.3717948717948718
RT_BITMAP	0x1f72f8	0x104	Device independent bitmap graphic, 20 x 13 x 4, image size 156			0.5038461538461538
RT_BITMAP	0x1f73fc	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.4326923076923077
RT_BITMAP	0x1f7534	0x104	Device independent bitmap graphic, 20 x 13 x 4, image size 156			0.5153846153846153
RT_BITMAP	0x1f7638	0x138	Device independent bitmap graphic, 28 x 13 x 4, image size 208			0.46474358974358976
RT_BITMAP	0x1f7770	0xb0	Device independent bitmap graphic, 10 x 9 x 4, image size 72	Russian	Russia	0.5056818181818182
RT_BITMAP	0x1f7820	0xb0	Device independent bitmap graphic, 10 x 9 x 4, image size 72	Russian	Russia	0.4943181818181818
RT_BITMAP	0x1f78d0	0xb0	Device independent bitmap graphic, 10 x 9 x 4, image size 72	Russian	Russia	0.4375
RT_BITMAP	0x1f7980	0xe0	Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors			0.38392857142857145
RT_BITMAP	0x1f7a60	0xc0	Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors			0.4947916666666667
RT_BITMAP	0x1f7b20	0xc0	Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors			0.484375
RT_BITMAP	0x1f7be0	0xe0	Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors			0.42410714285714285
RT_BITMAP	0x1f7cc0	0xc0	Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors			0.5104166666666666
RT_BITMAP	0x1f7d80	0xe0	Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors			0.5
RT_BITMAP	0x1f7e60	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128			0.4870689655172414
RT_BITMAP	0x1f7f48	0xc0	Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors			0.4895833333333333
RT_BITMAP	0x1f8008	0xd0	Device independent bitmap graphic, 12 x 13 x 4, image size 104			0.5625
RT_BITMAP	0x1f80d8	0xd0	Device independent bitmap graphic, 12 x 13 x 4, image size 104			0.4855769230769231
RT_BITMAP	0x1f81a8	0xd0	Device independent bitmap graphic, 12 x 13 x 4, image size 104			0.4326923076923077
RT_BITMAP	0x1f8278	0xd0	Device independent bitmap graphic, 12 x 13 x 4, image size 104			0.5576923076923077
RT_BITMAP	0x1f8348	0xd0	Device independent bitmap graphic, 12 x 13 x 4, image size 104			0.4807692307692308
RT_BITMAP	0x1f8418	0xd0	Device independent bitmap graphic, 12 x 13 x 4, image size 104			0.5625
RT_BITMAP	0x1f84e8	0x188	Device independent bitmap graphic, 24 x 24 x 4, image size 288	English	Canada	0.34183673469387754
RT_BITMAP	0x1f8670	0x88	Device independent bitmap graphic, 16 x 4 x 4, image size 32	English	United States	0.4852941176470588
RT_BITMAP	0x1f86f8	0xa8	Device independent bitmap graphic, 4 x 16 x 4, image size 64	English	United States	0.40476190476190477
RT_BITMAP	0x1f87a0	0x450	Device independent bitmap graphic, 5 x 5 x 8, image size 40	Dutch	Netherlands	0.32608695652173914
RT_BITMAP	0x1f8bf0	0x450	Device independent bitmap graphic, 7 x 5 x 8, image size 40	Dutch	Netherlands	0.322463768115942
RT_BITMAP	0x1f9040	0x4ac	Device independent bitmap graphic, 11 x 11 x 8, image size 132	Dutch	Netherlands	0.41555183946488294
RT_BITMAP	0x1f94ec	0x480	Device independent bitmap graphic, 6 x 11 x 8, image size 88	Dutch	Netherlands	0.3559027777777778
RT_BITMAP	0x1f996c	0x4ac	Device independent bitmap graphic, 9 x 11 x 8, image size 132	Dutch	Netherlands	0.41638795986622074
RT_BITMAP	0x1f9e18	0x4c4	Device independent bitmap graphic, 12 x 13 x 8, image size 156	Dutch	Netherlands	0.4024590163934426
RT_BITMAP	0x1fa2dc	0x4c4	Device independent bitmap graphic, 12 x 13 x 8, image size 156	Dutch	Netherlands	0.40491803278688526
RT_BITMAP	0x1fa7a0	0x4c4	Device independent bitmap graphic, 12 x 13 x 8, image size 156	Dutch	Netherlands	0.40491803278688526
RT_BITMAP	0x1fac64	0x448	Device independent bitmap graphic, 7 x 4 x 8, image size 32	Dutch	Netherlands	0.43156934306569344
RT_BITMAP	0x1fb0ac	0x444	Device independent bitmap graphic, 4 x 7 x 8, image size 28	Dutch	Netherlands	0.4358974358974359
RT_BITMAP	0x1fb4f0	0x444	Device independent bitmap graphic, 4 x 7 x 8, image size 28	Dutch	Netherlands	0.43223443223443225
RT_BITMAP	0x1fb934	0x448	Device independent bitmap graphic, 7 x 4 x 8, image size 32	Dutch	Netherlands	0.43156934306569344
RT_BITMAP	0x1fbd7c	0x188	Device independent bitmap graphic, 24 x 24 x 4, image size 288	English	United States	0.3137755102040816
RT_BITMAP	0x1fbf04	0x188	Device independent bitmap graphic, 24 x 24 x 4, image size 288	Dutch	Netherlands	0.413265306122449
RT_BITMAP	0x1fc08c	0x188	Device independent bitmap graphic, 24 x 24 x 4, image size 288	English	United States	0.25510204081632654
RT_BITMAP	0x1fc214	0xe0	Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors			0.3794642857142857
RT_BITMAP	0x1fc2f4	0xb0	Device independent bitmap graphic, 64 x 16 x 1, image size 128	English	United States	0.5113636363636364
RT_ICON	0x1fc3a4	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	Chinese	China	0.42338709677419356
RT_DIALOG	0x1fc68c	0x52	data			0.7682926829268293
RT_STRING	0x1fc6e0	0x2dc	data			0.3907103825136612
RT_STRING	0x1fc9bc	0x3dc	data			0.3967611336032389
RT_STRING	0x1fcd98	0x38c	data			0.394273127753304
RT_STRING	0x1fd124	0x3c0	data			0.3416666666666667
RT_STRING	0x1fd4e4	0x2f0	data			0.4401595744680851
RT_STRING	0x1fd7d4	0x348	data			0.42857142857142855
RT_STRING	0x1fdb1c	0x488	data			0.40948275862068967
RT_STRING	0x1fdfa4	0x3d8	data			0.3719512195121951
RT_STRING	0x1fe37c	0x144	data			0.5339506172839507
RT_STRING	0x1fe4c0	0x378	data			0.3952702702702703
RT_STRING	0x1fe838	0x404	data			0.38715953307393
RT_STRING	0x1fec3c	0x328	data			0.40222772277227725
RT_STRING	0x1fef64	0x448	data			0.39963503649635035
RT_STRING	0x1ff3ac	0x458	data			0.3552158273381295
RT_STRING	0x1ff804	0x4cc	data			0.3273615635179153
RT_STRING	0x1ffcd0	0x510	data			0.2785493827160494
RT_STRING	0x2001e0	0x424	data			0.32547169811320753
RT_STRING	0x200604	0x300	data			0.4401041666666667
RT_STRING	0x200904	0x204	data			0.36046511627906974
RT_STRING	0x200b08	0x10c	data			0.585820895522388
RT_STRING	0x200c14	0x350	data			0.43160377358490565
RT_STRING	0x200f64	0x168	data			0.5111111111111111
RT_STRING	0x2010cc	0xe8	data			0.6077586206896551
RT_STRING	0x2011b4	0x2c4	data			0.4138418079096045
RT_STRING	0x201478	0x268	data			0.4707792207792208
RT_STRING	0x2016e0	0x3fc	data			0.36764705882352944
RT_STRING	0x201adc	0x390	data			0.4024122807017544
RT_STRING	0x201e6c	0x374	data			0.34615384615384615
RT_STRING	0x2021e0	0x464	data			0.3505338078291815
RT_STRING	0x202644	0x1b0	data			0.4675925925925926
RT_STRING	0x2027f4	0xec	data			0.5508474576271186
RT_STRING	0x2028e0	0x20c	data			0.5
RT_STRING	0x202aec	0x454	data			0.3231046931407942
RT_STRING	0x202f40	0x3d0	data			0.36168032786885246
RT_STRING	0x203310	0x2fc	data			0.36649214659685864
RT_STRING	0x20360c	0x354	data			0.318075117370892
RT_RCDATA	0x203960	0x10	data			1.5
RT_RCDATA	0x203970	0x8ac	data			0.6004504504504504
RT_RCDATA	0x20421c	0x1772	Delphi compiled form 'TCalculatorEh'			0.12812395868043985
RT_RCDATA	0x205990	0x91e	Delphi compiled form 'TDBGridEhFindDlg'			0.3916023993144816
RT_RCDATA	0x2062b0	0xe70b	Delphi compiled form 'TForm1'			0.5741626794258373
RT_RCDATA	0x2149bc	0x85024	Delphi compiled form 'TFTemplate'			0.012299836271393015
RT_RCDATA	0x2999e0	0x494	Delphi compiled form 'TLoginDialog'			0.4931740614334471
RT_RCDATA	0x299e74	0x3c4	Delphi compiled form 'TPasswordDialog'			0.4678423236514523
RT_GROUP_CURSOR	0x29a238	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.25
RT_GROUP_CURSOR	0x29a24c	0x14	Lotus unknown worksheet or configuration, revision 0x1	Arabic	Saudi Arabia	1.3
RT_GROUP_CURSOR	0x29a260	0x14	Lotus unknown worksheet or configuration, revision 0x1	Russian	Russia	1.3
RT_GROUP_CURSOR	0x29a274	0x14	Lotus unknown worksheet or configuration, revision 0x1	Dutch	Netherlands	1.3
RT_GROUP_CURSOR	0x29a288	0x14	Lotus unknown worksheet or configuration, revision 0x1	Dutch	Netherlands	1.3
RT_GROUP_CURSOR	0x29a29c	0x14	Lotus unknown worksheet or configuration, revision 0x1	Dutch	Netherlands	1.3
RT_GROUP_CURSOR	0x29a2b0	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.25
RT_GROUP_CURSOR	0x29a2c4	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x29a2d8	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x29a2ec	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x29a300	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x29a314	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x29a328	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_ICON	0x29a33c	0x14	data	Chinese	China	1.2
RT_VERSION	0x29a350	0x274	data	Chinese	China	0.46656050955414013

Imports

DLL	Import
kernel32.dll	DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
user32.dll	GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegCloseKey
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
kernel32.dll	TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
advapi32.dll	RegSetValueExA, RegQueryValueExA, RegQueryValueA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey
kernel32.dll	lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReleaseMutex, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, IsBadReadPtr, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetExitCodeThread, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateMutexA, CreateFileA, CreateEventA, CompareStringA, CloseHandle
version.dll	VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
gdi32.dll	UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyPolyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetViewportOrgEx, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetOutlineTextMetricsA, GetObjectA, GetNearestColor, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetCurrentObject, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExtSelectClipRgn, ExtCreateRegion, ExtCreatePen, ExcludeClipRect, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePen, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, BitBlt
user32.dll	CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, ValidateRect, UpdateWindow, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, ShowCaret, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCaretPos, SetCapture, SetActiveWindow, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MoveWindow, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsClipboardFormatAvailable, IsChild, IsCharAlphaNumericA, IsCharAlphaA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, HideCaret, GetWindowThreadProcessId, GetWindowTextLengthW, GetWindowTextW, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDlgItem, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCaretPos, GetCapture, GetActiveWindow, FrameRect, FindWindowExA, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExA, DrawTextW, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DestroyCaret, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CreateCaret, CopyImage, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
ole32.dll	CoTaskMemFree, StringFromCLSID
kernel32.dll	Sleep
oleaut32.dll	SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
ole32.dll	CoCreateInstance, CoGetMalloc, CoUninitialize, CoInitialize, IsEqualGUID
oleaut32.dll	CreateErrorInfo, GetErrorInfo, SetErrorInfo, SafeArrayCopy, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayDestroy, SafeArrayCreate, SysFreeString
comctl32.dll	ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_LoadImageA, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
comdlg32.dll	GetSaveFileNameA, GetOpenFileNameA
kernel32.dll	MulDiv
kernel32.dll	MulDiv

Possible Origin

Language of compilation system	Country where language is spoken	Map
Russian	Russia
Arabic	Saudi Arabia
Dutch	Netherlands
English	Canada
English	United States
Chinese	China

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exePID: 4340, Parent PID: 4056

General

Target ID:	5
Start time:	13:27:08
Start date:	31/10/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe"
Imagebase:	0x400000
File size:	2'703'872 bytes
MD5 hash:	7289F7CD6B9EB00B3504A8769598D139
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exePID: 4340, Parent PID: 4056

General

Chronological Activities

Disassembly

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.20242.3716.exe