Windows Analysis Report
SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe
Analysis ID: 1428927
MD5: 61769dd2942b6894e7dbd5f8af9e037a
SHA1: c21221da05db3fd0786a2f2d8b27233df3afc446
SHA256: 38b55c3dcefd3f1d1c21c52d0f150c11010158377afabc8684d55afa1be7e62e
Tags: exe
Infos:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to read the clipboard data
Detected potential crypto function
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe ReversingLabs: Detection: 31%
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe, 00000000.00000002.2483491466.00007FF6851C0000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_40d50803-a
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\Fortn\Desktop\v4\remade\build\husXveru.pdb source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: http://scripts.sil.org/OFL
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: http://scripts.sil.org/OFLCopyright
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: http://scripts.sil.org/OFLProza
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: http://www.houseindustries.com/license
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: http://www.houseindustries.com/licenseBurbank
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: http://www.houseindustries.com/licenseCopyright
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: http://www.houseindustries.comhttp://www.talleming.comHouse
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: https://github.com/ThomasJockin/lexend)Lexend
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: https://github.com/cadsondemak/kanit)
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: https://github.com/itfoundry/Poppins)&&&&o
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: https://scripts.sil.org/OFLThis
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: https://scripts.sil.org/OFLhttps://indiantypefoundry.comNinad
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: https://scripts.sil.org/OFLhttps://www.katatrad.comhttps://cadsondemak.comKatatrad
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF68513CBB0 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard, 0_2_00007FF68513CBB0
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF68513CBB0 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard, 0_2_00007FF68513CBB0
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF685147260 0_2_00007FF685147260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF685168E70 0_2_00007FF685168E70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF6851406D4 0_2_00007FF6851406D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF685153170 0_2_00007FF685153170
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF68516A9C0 0_2_00007FF68516A9C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF68513CE20 0_2_00007FF68513CE20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF685141E00 0_2_00007FF685141E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF685141200 0_2_00007FF685141200
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF6851508A0 0_2_00007FF6851508A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF6851310F0 0_2_00007FF6851310F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF6851464F0 0_2_00007FF6851464F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF68514B530 0_2_00007FF68514B530
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF68513CF40 0_2_00007FF68513CF40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF6851343F0 0_2_00007FF6851343F0
Source: classification engine Classification label: mal56.winEXE@2/0@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1340:120:WilError_03
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe ReversingLabs: Detection: 31%
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe String found in binary or memory: kernel32LoadLibraryExA\/AddDllDirectory
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Section loaded: d3dx11_43.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Section loaded: d3dcompiler_43.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Section loaded: dxgi.dll Jump to behavior
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static file information: File size 3709440 > 1048576
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: Raw size of .data is bigger than: 0x100000 < 0x2d4c00
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\Fortn\Desktop\v4\remade\build\husXveru.pdb source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Static PE information: section name: _RDATA
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF6851BD354 memset,GetLastError,IsDebuggerPresent,OutputDebugStringW, 0_2_00007FF6851BD354
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF6851BD354 memset,GetLastError,IsDebuggerPresent,OutputDebugStringW, 0_2_00007FF6851BD354
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF6851BC154 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF6851BC154
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe Code function: 0_2_00007FF6851BD1B0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_00007FF6851BD1B0
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1428927 Sample: SecuriteInfo.com.Win64.Evo-... Startdate: 19/04/2024 Architecture: WINDOWS Score: 56 10 Antivirus / Scanner detection for submitted sample 2->10 12 Multi AV Scanner detection for submitted file 2->12 6 SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
No contacted IP infos