Windows Analysis Report
SecuriteInfo.com.FileRepMalware.7137.26178.exe

Overview

General Information

Sample name: SecuriteInfo.com.FileRepMalware.7137.26178.exe
Analysis ID: 1433040
MD5: db742062ddf8dddd7521e31da16004de
SHA1: 709dcf09e33a128d0eee3bdbd03c99614f37e035
SHA256: 5ebde45359ac0a29318bbf1532367806a6219fae9a1508272862ecca77df2312
Tags: exe
Infos:

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Opens the same file many times (likely Sandbox evasion)
Contains functionality to dynamically determine API calls
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
May sleep (evasive loops) to hinder dynamic analysis

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe ReversingLabs: Detection: 44%
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe Virustotal: Detection: 57% Perma Link
Machine Learning detection for sample
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe Joe Sandbox ML: detected
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Code function: 0_2_00007FF681904F60 0_2_00007FF681904F60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Code function: 0_2_00007FF6819032E0 0_2_00007FF6819032E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Code function: 0_2_00007FF681907A40 0_2_00007FF681907A40
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Code function: 0_2_00007FF6819180D0 0_2_00007FF6819180D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Code function: 0_2_00007FF6819223FA 0_2_00007FF6819223FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Code function: 0_2_00007FF681901BA0 0_2_00007FF681901BA0
Source: classification engine Classification label: mal64.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Code function: 0_2_00007FF6819032E0 _fileno,_fileno,_isatty,_errno,_errno,fgets,memchr,_errno,_errno,clearerr,fgets,_errno,_errno,clearerr,_errno,fgets,_errno,_errno,clearerr,fgets,_errno,_errno,clearerr,ferror,ferror,_fileno,_get_osfhandle,ReadConsoleW,fclose,GetLastError,FormatMessageW,LocalFree, 0_2_00007FF6819032E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe File created: C:\Users\user\Desktop\Options.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe File read: C:\Users\user\Desktop\Options.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe ReversingLabs: Detection: 44%
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe Virustotal: Detection: 57%
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe File written: C:\Users\user\Desktop\Options.ini Jump to behavior
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Code function: 0_2_00007FF6819156E0 LoadLibraryA,GetProcAddress, 0_2_00007FF6819156E0
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1

Malware Analysis System Evasion
barindex
Opens the same file many times (likely Sandbox evasion)
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe File opened: C:\Users\user\Desktop\Options.ini count: 42090 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Window / User API: threadDelayed 2304 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Window / User API: threadDelayed 7695 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Window / User API: foregroundWindowGot 1775 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe API coverage: 7.8 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe TID: 5008 Thread sleep count: 2304 > 30 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe TID: 5008 Thread sleep time: -2304000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe TID: 5008 Thread sleep count: 7695 > 30 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe TID: 5008 Thread sleep time: -7695000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Code function: 0_2_00007FF68191D670 GetSystemInfo, 0_2_00007FF68191D670
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Code function: 0_2_00007FF6819156E0 LoadLibraryA,GetProcAddress, 0_2_00007FF6819156E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.7137.26178.exe Code function: 0_2_00007FF681901154 GetStartupInfoA,Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,exit,_cexit, 0_2_00007FF681901154
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Managerg
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager0v
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AECC000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Managera
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager0=
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager`m
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AECC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEEF000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager0
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AED0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEBB000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Managerp
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager`g
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Managerpf
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager@s
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager0d
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AECC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEEF000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager`
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AECC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager0j
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager@c
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager:\Windows\explo@t
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC7000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program ManagerPr
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program ManagerbNr
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4529740415.00007FF681901000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: @Shell_TrayWnd
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AECC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program ManagerP
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AED9000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Managernager
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program ManagerbN
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC7000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager u
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AF0B000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Managerofile
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC7000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager`q
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Managert
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC7000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager ~
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEBB000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager@
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager >
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager`7
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEC1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager:
Source: SecuriteInfo.com.FileRepMalware.7137.26178.exe, 00000000.00000002.4528712782.000002819AEE6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program ManagerbN@r
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1433040 Sample: SecuriteInfo.com.FileRepMal... Startdate: 29/04/2024 Architecture: WINDOWS Score: 64 11 Antivirus / Scanner detection for submitted sample 2->11 13 Multi AV Scanner detection for submitted file 2->13 15 Machine Learning detection for sample 2->15 5 SecuriteInfo.com.FileRepMalware.7137.26178.exe 1 2->5         started        process3 file4 9 C:\Users\user\Desktop\Options.ini, ASCII 5->9 dropped 17 Opens the same file many times (likely Sandbox evasion) 5->17 signatures5
No contacted IP infos