Edit tour
Windows
Analysis Report
SecuriteInfo.com.TScope.Trojan.Delf.21240.32647.exe
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Compliance
Score: | 30 |
Range: | 0 - 100 |
Signatures
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to modify clipboard data
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
EXE planting / hijacking vulnerabilities found
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
- SecuriteInfo.com.TScope.Trojan.Delf.21240.32647.exe (PID: 2872 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. TScope.Tro jan.Delf.2 1240.32647 .exe" MD5: F7D7BE5FD53C6039738F1A37C0F3760D)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
Timestamp: | 04/20/24-12:27:10.866025 |
SID: | 2814410 |
Source Port: | 49714 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-12:27:16.620516 |
SID: | 2812101 |
Source Port: | 80 |
Destination Port: | 49714 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | EXE: | Jump to behavior | ||
Source: | EXE: | Jump to behavior |
Compliance |
---|
Source: | EXE: | Jump to behavior | ||
Source: | EXE: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00409714 | |
Source: | Code function: | 0_2_004091AC | |
Source: | Code function: | 0_2_004142B4 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | HTTP traffic detected: |