Windows Analysis Report
SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe

Overview

General Information

Sample name: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe
Analysis ID: 1416009
MD5: 30bfaa616f636182db9969cb430259d8
SHA1: ee79baea063ffcd410287fbce92fd2ffe18854ad
SHA256: 6050dcd009f11a022028af182260830c423bdc29e72f97f1d0014d9403f6d536
Tags: exe
Infos:

Detection

Score: 5
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Program does not show much activity (idle)
Tries to load missing DLLs

Classification

Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: certificate valid
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: Z:\IdeaProjects\product\modules\hydraulic.conveyor.launcher\msixstub\x64\Release\MSIXInstallStub.pdb source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe
Source: Binary string: Z:\IdeaProjects\product\modules\hydraulic.conveyor.launcher\msixstub\x64\Release\MSIXInstallStub.pdb" source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2ABD264 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose, 0_2_00007FF7F2ABD264
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://ocsp.comodoca.com0
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://ocsp.sectigo.com0
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://subca.ocsp-certum.com01
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://subca.ocsp-certum.com02
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://subca.ocsp-certum.com05
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: http://www.certum.pl/CPS0
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: https://conveyor.hydraulic.dev/redir/http-range-requests
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: https://download.fleurop-interflora.be/
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000002.2022862474.000001535588C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.fleurop-interflora.be/0
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000002.2022862474.00000153558EE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000003.2022571705.0000015355920000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000002.2022862474.00000153558D7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.fleurop-interflora.be/desktop-print.appinstaller
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000003.2022571705.00000153558D7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000002.2022862474.00000153558D7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.fleurop-interflora.be/desktop-print.appinstallerX
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: https://download.fleurop-interflora.be/desktop-print.appinstallershell:appsFolder
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000003.2022571705.00000153558EE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000002.2022862474.00000153558EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.fleurop-interflora.be/desktop-print.appinstallerzd
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: https://sectigo.com/CPS0
Creates a window with clipboard capturing capabilities
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Window created: window name: CLIPBRDWNDCLASS Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2ACAF4B 0_2_00007FF7F2ACAF4B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A923F8 0_2_00007FF7F2A923F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AB9320 0_2_00007FF7F2AB9320
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2ACE4C6 0_2_00007FF7F2ACE4C6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A9A4EC 0_2_00007FF7F2A9A4EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AB6430 0_2_00007FF7F2AB6430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A9A1A0 0_2_00007FF7F2A9A1A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A8B208 0_2_00007FF7F2A8B208
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A8918C 0_2_00007FF7F2A8918C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2ABC22C 0_2_00007FF7F2ABC22C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2ACE278 0_2_00007FF7F2ACE278
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2ABD264 0_2_00007FF7F2ABD264
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AB17A0 0_2_00007FF7F2AB17A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A81728 0_2_00007FF7F2A81728
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AB8770 0_2_00007FF7F2AB8770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A918CC 0_2_00007FF7F2A918CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AC8848 0_2_00007FF7F2AC8848
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A85824 0_2_00007FF7F2A85824
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2ABA6FC 0_2_00007FF7F2ABA6FC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AB5694 0_2_00007FF7F2AB5694
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2ABEB1C 0_2_00007FF7F2ABEB1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AB1CA9 0_2_00007FF7F2AB1CA9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A86CD8 0_2_00007FF7F2A86CD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A8BAA8 0_2_00007FF7F2A8BAA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AAFA1C 0_2_00007FF7F2AAFA1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AB8770 0_2_00007FF7F2AB8770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A8AA5C 0_2_00007FF7F2A8AA5C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AB0A6C 0_2_00007FF7F2AB0A6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A8AA5C 0_2_00007FF7F2A8AA5C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AC2010 0_2_00007FF7F2AC2010
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AC3F88 0_2_00007FF7F2AC3F88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A9E024 0_2_00007FF7F2A9E024
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AB108C 0_2_00007FF7F2AB108C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AC0070 0_2_00007FF7F2AC0070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A87DA0 0_2_00007FF7F2A87DA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AB9D2C 0_2_00007FF7F2AB9D2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A9AF00 0_2_00007FF7F2A9AF00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A84E58 0_2_00007FF7F2A84E58
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: String function: 00007FF7F2A955A4 appears 66 times
Tries to load missing DLLs
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: appxdeploymentclient.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: storageusage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: wer.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: windows.applicationmodel.datatransfer.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: feclient.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Section loaded: textshaping.dll Jump to behavior
Source: classification engine Classification label: clean5.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A861F8 GetLastError,FormatMessageW,LocalFree, 0_2_00007FF7F2A861F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A8DC60 GetModuleHandleW,FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipAlloc,GdipCreateBitmapFromStream,OutputDebugStringW, 0_2_00007FF7F2A8DC60
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: windows.exe-installer-name
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: windows.exe-installer-name
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe String found in binary or memory: Parsed metadata: = app.windows.manifests.version-quadwindows.package-family-namewindows.exe-installer-namewindows.site-base-urlapp.windows.manifests.msix.update-escape-hatch.exeapp.windows.manifests.msix.update-escape-hatch.run-ifalwayspackage-family-changedreinstall-requirednot-up-to-date.Already checked for update, just start the app.
Source: Window Recorder Window detected: More than 3 window changes detected
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: certificate valid
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: Z:\IdeaProjects\product\modules\hydraulic.conveyor.launcher\msixstub\x64\Release\MSIXInstallStub.pdb source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe
Source: Binary string: Z:\IdeaProjects\product\modules\hydraulic.conveyor.launcher\msixstub\x64\Release\MSIXInstallStub.pdb" source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AA3604 LoadLibraryW,GetProcAddress,LoadLibraryW,GetProcAddress,GetErrorInfo,LoadLibraryW,GetProcAddress,FreeLibrary,SetErrorInfo,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF7F2AA3604
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Static PE information: section name: _RDATA
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe API coverage: 9.4 %
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2ABD264 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose, 0_2_00007FF7F2ABD264
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe API call chain: ExitProcess graph end node
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AA8164 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7F2AA8164
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A8918C GetProcessHeap,HeapFree,CreateEventW,WaitForSingleObject,CreateEventW,WaitForSingleObject,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,OutputDebugStringW,CreateEventW,WaitForSingleObject,OutputDebugStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,ShellExecuteW,GetLastError,GetProcessHeap,HeapFree,Sleep,GetProcessHeap,HeapFree,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,OutputDebugStringW, 0_2_00007FF7F2A8918C
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AA3604 LoadLibraryW,GetProcAddress,LoadLibraryW,GetProcAddress,GetErrorInfo,LoadLibraryW,GetProcAddress,FreeLibrary,SetErrorInfo,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF7F2AA3604
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2ACAC7C _invalid_parameter_noinfo_noreturn,OutputDebugStringW,OutputDebugStringW,SendMessageW,OutputDebugStringW,SetWindowTextW,GetProcessHeap,HeapFree, 0_2_00007FF7F2ACAC7C
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AA8348 SetUnhandledExceptionFilter, 0_2_00007FF7F2AA8348
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AA8164 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7F2AA8164
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AADB04 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7F2AADB04
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AA7EAC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF7F2AA7EAC
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A8918C GetProcessHeap,HeapFree,CreateEventW,WaitForSingleObject,CreateEventW,WaitForSingleObject,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,OutputDebugStringW,CreateEventW,WaitForSingleObject,OutputDebugStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,ShellExecuteW,GetLastError,GetProcessHeap,HeapFree,Sleep,GetProcessHeap,HeapFree,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,OutputDebugStringW, 0_2_00007FF7F2A8918C
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2ABC990 cpuid 0_2_00007FF7F2ABC990
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, 0_2_00007FF7F2AC0614
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: EnumSystemLocalesW, 0_2_00007FF7F2ABB5EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: try_get_function,GetLocaleInfoW, 0_2_00007FF7F2ABBB6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: GetLocaleInfoEx,FormatMessageA, 0_2_00007FF7F2AA5B64
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: GetLocaleInfoW, 0_2_00007FF7F2AC0D14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: EnumSystemLocalesW, 0_2_00007FF7F2AC0960
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, 0_2_00007FF7F2AC0AC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: EnumSystemLocalesW, 0_2_00007FF7F2AC0A30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: GetLocaleInfoW, 0_2_00007FF7F2AC0F1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 0_2_00007FF7F2AC1048
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 0_2_00007FF7F2AC0E6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2AA83B4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_00007FF7F2AA83B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe Code function: 0_2_00007FF7F2A87DA0 GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,OutputDebugStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,ShellExecuteW,GetLastError,Sleep,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,OutputDebugStringW,GetUserNameW,NetUserGetInfo,NetApiBufferFree,GetModuleFileNameW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,OutputDebugStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,OutputDebugStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,OutputDebugStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,CopyFileW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,_invalid_parameter_noinfo_noreturn, 0_2_00007FF7F2A87DA0
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1416009 Sample: SecuriteInfo.com.Variant.La... Startdate: 26/03/2024 Architecture: WINDOWS Score: 5 4 SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe 2->4         started       
No contacted IP infos