Windows Analysis Report
SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe

Overview

General Information

Sample name: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Analysis ID: 1429058
MD5: 6556b3ca424db754337ab375e343eb97
SHA1: 4c5477378a6ef695d6ae87019976af94fc5abe37
SHA256: 52231c311a10ab3adf5fdf74f8215d24c7a33356d88d442b0ebf638b6a7d8f32
Tags: exe
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Checks for available system drives (often done to infect USB drives)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File created: C:\Users\user~1\AppData\Local\Temp\OCLC.OPEN.FrontendInstaller00000.log Jump to behavior
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scasched.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\wixca.pdb0 source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\sfxca.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\setup.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\PrintEula.pdbPRh{ source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\wixca.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scaexec.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\PrintEula.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scasched.pdb| source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Checks for available system drives (often done to infect USB drives)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: z: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: x: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: v: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: t: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: r: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: p: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: n: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: l: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: j: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: h: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: f: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: b: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: y: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: w: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: u: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: s: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: q: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: o: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: m: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: k: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: i: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: g: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: e: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: c: Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File opened: a: Jump to behavior
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown DNS traffic detected: queries for: time.windows.com
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.00000000011F2000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamescaexec.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.00000000011F2000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamesetup.exeL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.0000000001155000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameOCLC.OPEN.CustomActions.dllD vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.0000000001155000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameSfxCA.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.0000000001155000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameprinteula.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.000000000118B000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamewixca.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.000000000118B000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamescasched.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Binary or memory string: OriginalFilenameOCLC.OPEN.CustomActions.dllD vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Binary or memory string: OriginalFilenameSfxCA.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Binary or memory string: OriginalFilenameprinteula.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Binary or memory string: OriginalFilenamewixca.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Binary or memory string: OriginalFilenamescasched.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Binary or memory string: OriginalFilenamescaexec.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Binary or memory string: OriginalFilenamesetup.exeL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: clean2.winEXE@2/2@1/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File created: C:\Users\user~1\AppData\Local\Temp\{5BDC703B-E4F6-43C5-8B5F-3A45E826F992}\ Jump to behavior
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe "C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe"
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: msi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: msihnd.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56ad4c5d-b908-4f85-8ff1-7940c29b3bcf}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static file information: File size 15797760 > 1048576
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0xf01c00
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scasched.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\wixca.pdb0 source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\sfxca.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Source: Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\setup.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\PrintEula.pdbPRh{ source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\wixca.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scaexec.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\PrintEula.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Source: Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scasched.pdb| source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File created: C:\Users\user~1\AppData\Local\Temp\OCLC.OPEN.FrontendInstaller00000.log Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe Code function: 0_2_00336A2F GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, 0_2_00336A2F
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1429058 Sample: SecuriteInfo.com.Downloader... Startdate: 20/04/2024 Architecture: WINDOWS Score: 2 9 time.windows.com 2->9 5 SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe 7 2->5         started        7 msiexec.exe 2->7         started        process3
No contacted IP infos

Contacted Domains

Name IP Active
time.windows.com unknown unknown