Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe
Analysis ID: 1428928
MD5: e8e8efc99eb20de4fbe6201ad6f64185
SHA1: 1b89bfa89b26e943d54851ba9dd7214c8570aef3
SHA256: 15d69ab1d05e98c462782c0af121990bc1bffa67593d3cb8b731e135f2210bb1
Tags: exe
Infos:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
PE file contains section with special chars
Entry point lies outside standard sections
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe ReversingLabs: Detection: 31%
Machine Learning detection for sample
Source: SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Joe Sandbox ML: detected
Source: SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

System Summary
barindex
PE file contains section with special chars
Source: SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Static PE information: section name: .Ii(
Source: SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Static PE information: section name: .FN"
Source: classification engine Classification label: mal56.winEXE@2/0@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7608:120:WilError_03
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe ReversingLabs: Detection: 31%
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Section loaded: d3dx11_43.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Section loaded: wldp.dll Jump to behavior
Source: SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Static file information: File size 16835584 > 1048576
Source: SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Static PE information: Raw size of .I0h is bigger than: 0x100000 < 0x100b200
Source: SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .I0h
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Static PE information: section name: .Ii(
Source: SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Static PE information: section name: .FN"
Source: SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe Static PE information: section name: .I0h
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1428928 Sample: SecuriteInfo.com.Win64.Malw... Startdate: 19/04/2024 Architecture: WINDOWS Score: 56 10 Multi AV Scanner detection for submitted file 2->10 12 Machine Learning detection for sample 2->12 14 PE file contains section with special chars 2->14 6 SecuriteInfo.com.Win64.MalwareX-gen.6353.14933.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
No contacted IP infos