Windows Analysis Report
SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe

Overview

General Information

Sample name: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe
Analysis ID: 1427022
MD5: 1b532fd7cbde856162611c2af516ec33
SHA1: ffb770b825984182a4fab752f35e1d4b34b3e06e
SHA256: fe6d639360c8882b05fc9028ed5233c63dcb8f3e638812bc10bfa41bbea1d96b
Tags: exe

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

PE file contains sections with non-standard names
Program does not show much activity (idle)
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Static PE information: certificate valid
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://ocsp.thawte.com0
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://s.symcd.com06
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://s2.symcb.com0
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://sv.symcd.com0&
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://www.symauth.com/cps0(
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: http://www.symauth.com/rpa00
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: https://d.symcb.com/cps0%
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: https://d.symcb.com/rpa0
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: https://d.symcb.com/rpa0.
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe String found in binary or memory: https://mail.ru/0
Uses 32bit PE files
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: clean1.winEXE@1/0@0/0
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Section loaded: d3d8.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Section loaded: d3dxof.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Section loaded: dsound.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Section loaded: ylaxawif.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Section loaded: d3d8thk.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Section loaded: winmmbase.dll Jump to behavior
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Static PE information: certificate valid
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Static file information: File size 2454432 > 1048576
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x224000
PE file contains sections with non-standard names
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe Static PE information: section name: .ps4
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1427022 Sample: SecuriteInfo.com.BScope.Adw... Startdate: 16/04/2024 Architecture: WINDOWS Score: 1 4 SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe 2->4         started       
No contacted IP infos