Windows Analysis Report
SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe
Analysis ID:	1428762
MD5:	5432fcb8372a914d2670229b972002e0
SHA1:	60e23c6a714fe412b31e25b5a2ed8fa47d167bf9
SHA256:	5c8b8cb2444a1a89bf1a1c77150a942bf27c554cb0148c6b9547dfb01941d94f
Tags:	exe
Infos:

Detection

Score:	36
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Multi AV Scanner detection for submitted file

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to communicate with device drivers

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

PE file contains sections with non-standard names

Program does not show much activity (idle)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

ReversingLabs: Detection: 18%

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:

Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF771904150 FindFirstFileExA,	0_2_00007FF771904150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718DDDB0 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,	0_2_00007FF7718DDDB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F3000 EndDialog,GetDlgItem,SetDlgItemTextW,FindFirstFileW,swprintf,SetDlgItemTextW,FindClose,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW,	0_2_00007FF7718F3000

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7718D903C: wcscpy,CreateFileW,CloseHandle,wcscpy,wcscpy,CreateDirectoryW,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,

0_2_00007FF7718D903C

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D42C4	0_2_00007FF7718D42C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F23F0	0_2_00007FF7718F23F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E2550	0_2_00007FF7718E2550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E5008	0_2_00007FF7718E5008
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E9AFC	0_2_00007FF7718E9AFC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D5A30	0_2_00007FF7718D5A30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF771906290	0_2_00007FF771906290
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E71AC	0_2_00007FF7718E71AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E39C4	0_2_00007FF7718E39C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E0120	0_2_00007FF7718E0120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF771900CDC	0_2_00007FF771900CDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D7C4C	0_2_00007FF7718D7C4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E3394	0_2_00007FF7718E3394
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E9378	0_2_00007FF7718E9378
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D370C	0_2_00007FF7718D370C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E4704	0_2_00007FF7718E4704
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718ECE2C	0_2_00007FF7718ECE2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718ED650	0_2_00007FF7718ED650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D2E60	0_2_00007FF7718D2E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F0DAC	0_2_00007FF7718F0DAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718DADE8	0_2_00007FF7718DADE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D55F8	0_2_00007FF7718D55F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718FCD18	0_2_00007FF7718FCD18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F353C	0_2_00007FF7718F353C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E2D78	0_2_00007FF7718E2D78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D78E4	0_2_00007FF7718D78E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D903C	0_2_00007FF7718D903C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E9060	0_2_00007FF7718E9060
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E8858	0_2_00007FF7718E8858
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF771903F44	0_2_00007FF771903F44
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF771906760	0_2_00007FF771906760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718FCF94	0_2_00007FF7718FCF94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E9790	0_2_00007FF7718E9790
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF771909F68	0_2_00007FF771909F68

Source: classification engine

Classification label: sus36.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7718D8AD4 GetLastError,FormatMessageW,

0_2_00007FF7718D8AD4

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7718F0C0C FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,

0_2_00007FF7718F0C0C

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

ReversingLabs: Detection: 18%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: <pi-ms-win-core-localization-l1-2-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: dxgidebug.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Static file information: File size 2311022 > 1048576

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains sections with non-standard names

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: section name: .didat
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: section name: _RDATA

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF771904150 FindFirstFileExA,	0_2_00007FF771904150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718DDDB0 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,	0_2_00007FF7718DDDB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F3000 EndDialog,GetDlgItem,SetDlgItemTextW,FindFirstFileW,swprintf,SetDlgItemTextW,FindClose,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW,	0_2_00007FF7718F3000

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7718F5F78 VirtualQuery,GetSystemInfo,

0_2_00007FF7718F5F78

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

API call chain: ExitProcess graph end node

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7718FBB94 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF7718FBB94

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7719051D0 GetProcessHeap,

0_2_00007FF7719051D0

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718FBB94 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7718FBB94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F7388 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7718F7388
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F756C SetUnhandledExceptionFilter,	0_2_00007FF7718F756C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F6894 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF7718F6894

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7718E4E78 cpuid

0_2_00007FF7718E4E78

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: GetLocaleInfoW,GetNumberFormatW,

0_2_00007FF7718F18DC

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7718F5334 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,CloseHandle,

0_2_00007FF7718F5334

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7718DEB40 GetVersionExW,

0_2_00007FF7718DEB40

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

ReversingLabs: Detection: 18%

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:

Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF771904150 FindFirstFileExA,	0_2_00007FF771904150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718DDDB0 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,	0_2_00007FF7718DDDB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F3000 EndDialog,GetDlgItem,SetDlgItemTextW,FindFirstFileW,swprintf,SetDlgItemTextW,FindClose,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW,	0_2_00007FF7718F3000

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7718D903C: wcscpy,CreateFileW,CloseHandle,wcscpy,wcscpy,CreateDirectoryW,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,

0_2_00007FF7718D903C

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D42C4	0_2_00007FF7718D42C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F23F0	0_2_00007FF7718F23F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E2550	0_2_00007FF7718E2550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E5008	0_2_00007FF7718E5008
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E9AFC	0_2_00007FF7718E9AFC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D5A30	0_2_00007FF7718D5A30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF771906290	0_2_00007FF771906290
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E71AC	0_2_00007FF7718E71AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E39C4	0_2_00007FF7718E39C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E0120	0_2_00007FF7718E0120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF771900CDC	0_2_00007FF771900CDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D7C4C	0_2_00007FF7718D7C4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E3394	0_2_00007FF7718E3394
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E9378	0_2_00007FF7718E9378
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D370C	0_2_00007FF7718D370C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E4704	0_2_00007FF7718E4704
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718ECE2C	0_2_00007FF7718ECE2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718ED650	0_2_00007FF7718ED650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D2E60	0_2_00007FF7718D2E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F0DAC	0_2_00007FF7718F0DAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718DADE8	0_2_00007FF7718DADE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D55F8	0_2_00007FF7718D55F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718FCD18	0_2_00007FF7718FCD18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F353C	0_2_00007FF7718F353C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E2D78	0_2_00007FF7718E2D78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D78E4	0_2_00007FF7718D78E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718D903C	0_2_00007FF7718D903C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E9060	0_2_00007FF7718E9060
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E8858	0_2_00007FF7718E8858
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF771903F44	0_2_00007FF771903F44
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF771906760	0_2_00007FF771906760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718FCF94	0_2_00007FF7718FCF94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718E9790	0_2_00007FF7718E9790
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF771909F68	0_2_00007FF771909F68

Source: classification engine

Classification label: sus36.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7718D8AD4 GetLastError,FormatMessageW,

0_2_00007FF7718D8AD4

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7718F0C0C FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,

0_2_00007FF7718F0C0C

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

ReversingLabs: Detection: 18%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: <pi-ms-win-core-synch-l1-2-0.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: <pi-ms-win-core-localization-l1-2-1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: dxgidebug.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Static file information: File size 2311022 > 1048576

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains sections with non-standard names

Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: section name: .didat
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Static PE information: section name: _RDATA

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF771904150 FindFirstFileExA,	0_2_00007FF771904150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718DDDB0 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,	0_2_00007FF7718DDDB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F3000 EndDialog,GetDlgItem,SetDlgItemTextW,FindFirstFileW,swprintf,SetDlgItemTextW,FindClose,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW,	0_2_00007FF7718F3000

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7718F5F78 VirtualQuery,GetSystemInfo,

0_2_00007FF7718F5F78

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

API call chain: ExitProcess graph end node

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7718FBB94 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF7718FBB94

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7719051D0 GetProcessHeap,

0_2_00007FF7719051D0

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718FBB94 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7718FBB94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F7388 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7718F7388
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F756C SetUnhandledExceptionFilter,	0_2_00007FF7718F756C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe	Code function: 0_2_00007FF7718F6894 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF7718F6894

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7718E4E78 cpuid

0_2_00007FF7718E4E78

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: GetLocaleInfoW,GetNumberFormatW,

0_2_00007FF7718F18DC

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

0_2_00007FF7718F5334

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Code function: 0_2_00007FF7718DEB40 GetVersionExW,

0_2_00007FF7718DEB40

ID:	1428762
Product:	CloudBasic
Start time:	15:30:06
Start date:	19.04.2024
Sample:	SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	5432fcb8372a914d2670229b972002e0
SHA1:	60e23c6a714fe412b31e25b5a2ed8fa47d167bf9
SHA256:	5c8b8cb2444a1a89bf1a1c77150a942bf27c554cb0148c6b9547dfb01941d94f
Filetype:	Win64 Executable GUI (202006/5) 92.65%

Windows Analysis Report
SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe