Windows Analysis Report
SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe
Analysis ID: 1428706
MD5: af1e56057951887a763d4e97670a1036
SHA1: bc0b8c98c0fdbb805b8e8415a860be0966de30be
SHA256: 5eb65feae4e36b791ced20aa9fb912311ab3f920613857819a51df2ccba9a485
Tags: exe
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Yara detected Keylogger Generic

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe ReversingLabs: Detection: 71%
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Jump to behavior
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Static PE information: certificate valid
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Source: unknown DNS traffic detected: query: hotnews.dftoutiao.com replaycode: Name error (3)
Source: unknown DNS traffic detected: query: report.thorzip.muxin.fun replaycode: Name error (3)
Source: unknown DNS traffic detected: query: files.news.baidu.com replaycode: Name error (3)
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown DNS traffic detected: queries for: files.news.baidu.com
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://api.map.baidu.com/telematics/v3/weather?location=%s&output=json&ak=spmMww7Eoqcmf3FXbnLyDUwL
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://api.map.baidu.com/telematics/v3/weather?location=%s&output=json&ak=spmMww7Eoqcmf3FXbnLyDUwLU
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://bsalsa.com/
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000618000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://files.news.baidu.com/mini_new3/jjj/MiniLogo.PNG
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000672000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://hotnews.dftoutiao.com/
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://hotnews.dftoutiao.com/hotwordsnews/getnews?qid=%s&platform=pc&newstype=%s
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000003.1265338071.0000000002389000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://hotnews.dftoutiao.com/hotwordsnews/getnews?qid=kuaiyatitle&platform=pc&newstype=now
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://iplocation.7654.com/v1
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://news.7654.com/mini_new3/jsb/
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://news.baidu.com/mini_new3/jjj/
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://pv.sohu.com/cityjson?ie=utf-8
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000618000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://report.thorzip.muxin.fun/
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000618000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://report.thorzip.muxin.fun/crosoft
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.000000000065B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://report.thorzip.muxin.fun/eH
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000686000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000003.1265338071.0000000002398000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://report.thorzip.muxin.fun/lszip/bubble_info?code=jWLGHnD6CYifDIjqc6sGs/Bbp6bCfV8bglNO
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000003.1265338071.0000000002398000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://report.thorzip.muxin.fun/lszip/bubble_info?code=jwlghnd6cyifdijqc6sgs/bbp6bcfv8bglno
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000618000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://report.thorzip.muxin.fun/tart
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://s2.symcb.com0
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://ssp.7654.com/ct/m?mixData=
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://ssp.7654.com/ct?mixData=
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000003.1265338071.00000000023D8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ssp.7654.com/ct?mixData=les
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://sv.symcd.com0&
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://weather.shzhanmeng.com/api/weather/%s
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://weather.shzhanmeng.com/api/weather/%sU
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://www.symauth.com/cps0(
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: http://www.symauth.com/rpa00
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: https://d.symcb.com/cps0%
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: https://d.symcb.com/rpa0
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe String found in binary or memory: https://www.digicert.com/CPS0
Yara detected Keylogger Generic
Source: Yara match File source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, type: SAMPLE
Source: Yara match File source: 0.0.SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000003.1233899209.000000007FD40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe PID: 3044, type: MEMORYSTR
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Binary string: \device\
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Binary string: \device\x
Source: classification engine Classification label: mal52.winEXE@1/1@7/0
Source: Yara match File source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, type: SAMPLE
Source: Yara match File source: 0.0.SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000000.1201641660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1233899209.000000007FD40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe ReversingLabs: Detection: 71%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: olepro32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe File written: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Static PE information: certificate valid
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Static file information: File size 1112208 > 1048576
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Queries disk information (often used to detect virtual machines)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe File opened: PhysicalDrive0 Jump to behavior
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000003.1265338071.000000000236E000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ]C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2ad8eCDPUserSvc_2ad8ec_2ad8eClipboard User Service_2ad8eService_2ad8ecbdhsvc_2ad8e_2ad8eWindows Push Notifications System Servicetions System ServiceWpnServicevicePortable Device Enumerator Serviceumerator ServiceWPDBusEnumEnumWindows Overlay File System Filter DriverSystem Filter DriverWoffWindows Management Instrumentation InstrumentationWinmgmtgmtWinHTTP Web Proxy Auto-Discovery Serviceo-Discovery ServiceWinHttpAutoProxySvcoProxySvcMicrosoft Windows Trusted Runtime Secure Service Runtime Secure ServiceWindowsTrustedRTProxytedRTProxyWindows Trusted Execution Environment Class Extensionnvironment Class ExtensionWindowsTrustedRTustedRTs serviceWdf01000000Windows Connection Managertion ManagerWcmsvcvcWindows Container Isolationner IsolationwcifsfsRemote Access IP ARP DriverIP ARP DriverwanarprpVirtual WiFi Filter Driverilter DrivervwififltfltVolume driverdrivervolumemeVolume Shadow Copy driver Copy drivervolsnapnapDynamic Volume Managerme ManagervolmgrxgrxVolume Manager Driverger DrivervolmgrgrVMware VMCI Bus DriverBus DrivervmciiViddViddMicrosoft Virtual Drive EnumeratorDrive EnumeratorvdrvrootootUser ManagernagerUserManagernagerUSB xHCI Compliant Host Controller Host ControllerUSBXHCIHCIUSB Mass Storage Driverrage DriverUSBSTORTORSuperSpeed Hubed HubUSBHUB3UB3Microsoft USB Standard Hub Driverndard Hub DriverusbhububMicrosoft USB 2.0 Enhanced Host Controller Miniport Drivert Controller Miniport DriverusbehcihciMicrosoft USB Generic Parent Driverric Parent DriverusbccgpcgpUSB Role-Switch Support LibrarySupport LibraryUrsCx010001000Chipidea USB Role-Swit3.
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Binary or memory string: vmware
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000003.1265338071.000000000236E000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Microsoft Hyper-V Generation Counter
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000003.1265338071.000000000236E000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMware VMCI Bus Driver
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000618000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe, 00000000.00000002.1266582827.0000000000618000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: WcmsvcvcWindows Container Isolationner IsolationwcifsfsRemote Access IP ARP DriverIP ARP DriverwanarprpVirtual WiFi Filter Driverilter DrivervwififltfltVolume driverdrivervolumemeVolume Shadow Copy driver Copy drivervolsnapnapDynamic Volume Managerme ManagervolmgrxgrxVolume Manager Driverger DrivervolmgrgrVMware VMCI Bus DriverBus DrivervmciiViddViddMicrosoft Virtual Drive EnumeratorDrive EnumeratorvdrvrootootUser ManagernagerUserManagernagerUSB xHCI Compliant Host Controller Host ControllerUSBXHCIHCIUSB Mass Storage Driverrage DriverUSBSTORTORSuperSpeed Hubed HubUSBHUB3UB3Microsoft USB Standard Hub Driverndard Hub DriverusbhububMicrosoft USB 2.0 Enhanced Host Controller Miniport Drivert Controller Miniport DriverusbehcihciMicrosoft USB Generic Parent Driverric Parent DriverusbccgpcgpUSB Role-Switch Support LibrarySupport LibraryUrsCx010001000Chipidea USB Role-Switch Drivere-Switch DriverUrsChipideapideaUMBus Enumerator Driverator DriverumbususudfssudfssUSB Host Support Libraryort LibraryUcx01000000USB Attached SCSI (UAS) DriverI (UAS) DriverUASPStortorDistributed Link Tracking ClientTracking ClientTrkWksksWeb Account Managert ManagerTokenBrokerrokerTime BrokerrokerTimeBrokerSvckerSvcThemesesThemesesIntel(R) Telemetry Serviceetry ServiceTelemetryetryNetIO Legacy TDI Support Driver Support DrivertdxxTCP/IP Registry Compatibility Compatibilitytcpipregreg
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Process information queried: ProcessInformation Jump to behavior
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Binary or memory string: Shell_TrayWnd
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Binary or memory string: ProgMan
Source: SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Binary or memory string: Shell_TrayWndProgManU
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1428706 Sample: SecuriteInfo.com.Win32.Adwa... Startdate: 19/04/2024 Architecture: WINDOWS Score: 52 8 report.thorzip.muxin.fun 2->8 10 hotnews.dftoutiao.com 2->10 12 files.news.baidu.com 2->12 14 Multi AV Scanner detection for submitted file 2->14 16 Machine Learning detection for sample 2->16 6 SecuriteInfo.com.Win32.Adware-gen.13861.28606.exe 3 11 2->6         started        signatures3 process4
No contacted IP infos

Contacted Domains

Name IP Active
report.thorzip.muxin.fun unknown unknown
hotnews.dftoutiao.com unknown unknown
files.news.baidu.com unknown unknown