Windows Analysis Report
SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Overview

General Information

Sample name:	SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe
Analysis ID:	1431434
MD5:	ffb4c4458546447f3bee304de21cd2eb
SHA1:	002c2f32ee46dacb422e75f687d8f74690184d31
SHA256:	2e823662bd36d30faea424591d4bf1557224007d9ee859917bb769a45cd4c0c6
Tags:	exe
Infos:

Detection

Score:	24
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Creates files in alternative data streams (ADS)

AV process strings found (often used to terminate AV products)

Creates files inside the system directory

Detected potential crypto function

Found potential string decryption / allocating functions

PE / OLE file has an invalid certificate

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

Uses 32bit PE files

Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Jump to behavior

Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://aia.startssl.com/certs/sub.class2.code.ca.crt0#
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://blog.aloaha.com
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://crl.startssl.com/crtc2-crl.crl0
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://crl.startssl.com/sfsca.crl0
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://ocsp.startssl.com/sub/class2/code/ca0
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://ocsp.thawte.com0
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://www.aloaha.com/shop-en/aloaha-smart-login.php
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://www.aloaha.com/shop-en/aloaha-smart-login.php$Leaving
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.2470982431.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.2214764796.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.1992240817.00000000007BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.2407966143.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.1896431358.00000000007BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.1928775661.00000000007BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.2181469819.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.2342547839.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.2247901875.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.2311192642.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.2118500796.00000000007BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.1928655788.00000000007BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.1960719350.00000000007BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.2533960764.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.2279753063.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.2023977033.00000000007BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.2087013980.00000000007BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.2023817636.00000000007BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000002.2637451643.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.2565522617.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000003.2439512762.00000000007B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aloaha.com/shop-en/aloaha-smart-login.phpslator.dll945.exe:2172
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://www.aloaha.com/wi-software-en/uprade-your-aloaha-pdf-suite.php
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://www.startssl.com/0
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://www.startssl.com/intermediate.pdf0
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://www.startssl.com/policy.pdf0
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://www.startssl.com/policy.pdf04
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://www.startssl.com/sfsca.crl0
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	String found in binary or memory: http://www.startssl.com/sfsca.crt0

Creates files inside the system directory

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

File created: C:\Windows\FalseUserPass.ini

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Code function: 0_2_004BDCB0	0_2_004BDCB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Code function: 0_2_004AC9C0	0_2_004AC9C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Code function: 0_2_004B4E60	0_2_004B4E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Code function: 0_2_004C5070	0_2_004C5070
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Code function: 0_2_004E3370	0_2_004E3370
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Code function: 0_2_004E8F90	0_2_004E8F90

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Code function: String function: 00523470 appears 33 times

PE / OLE file has an invalid certificate

Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Static PE information: invalid certificate

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000000.1377279706.0000000000550000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamecredentialprovider.exe vs SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Binary or memory string: OriginalFilenamecredentialprovider.exe vs SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Uses 32bit PE files

Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: sus24.evad.winEXE@1/4@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

File created: C:\Users\user\Desktop\FalseUserPass.ini:SmartLogin.txt

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

File created: C:\Users\user~1\AppData\Local\Temp\~DF7FC1D6B129264C8B.TMP

Jump to behavior

Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

File read: C:\Windows\FalseUserPass.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Section loaded: msvbvm60.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Section loaded: vb6zz.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Section loaded: winscard.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Section loaded: wtsapi32.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

File written: C:\Windows\FalseUserPass.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Jump to behavior

Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Static file information: File size 1772168 > 1048576

Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x14c000

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Code function: 0_2_004085C4 push es; ret		0_2_004085C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Code function: 0_2_00404206 push eax; iretd		0_2_00404231

Hooking and other Techniques for Hiding and Protection

Creates files in alternative data streams (ADS)

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

File created: C:\Users\user\Desktop\FalseUserPass.ini:SmartLogin.txt

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Binary or memory string: Shell_TrayWnd

AV process strings found (often used to terminate AV products)

Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000002.2637034256.0000000000469000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: ClamTray.exe
Source: SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe, 00000000.00000002.2637034256.0000000000469000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: ClamWin.exe

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1431434
Product:	CloudBasic
Start time:	05:24:22
Start date:	25.04.2024
Sample:	SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	ffb4c4458546447f3bee304de21cd2eb
SHA1:	002c2f32ee46dacb422e75f687d8f74690184d31
SHA256:	2e823662bd36d30faea424591d4bf1557224007d9ee859917bb769a45cd4c0c6
Filetype:	Win32 Executable (generic) a (10002005/4) 99.15%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\~DF7FC1D6B129264C8B.TMP	Composite Document File V2 Document, Cannot read section info	5CB901EE88427DCDEF0BA031088CD891	7991EDA7E07B0C2F17E51C61025D27476B0C3AB4	9E708CFCDF9457F34E4FBEE8ECC9015052D594E9D07A8445EFC9A53DC27A4E6E
C:\Users\user\Desktop\FalseUserPass.ini.lock	ASCII text, with no line terminators	9978B7063E297D84BB2AC8E46C1C845F	E78E1C8A184B06B3CFAAF828461FB13F7DE798A6	77334823791BEA53E508BA59387C1287C8DA962026769657B4686756DB4B7BC8
C:\Users\user\Desktop\FalseUserPass.ini:SmartLogin.txt	ASCII text, with no line terminators	EEDC6ED006E6F49A7010013CC1FD8A3F	72577F813E0B1012A020FBDC28028FFD80B7EA7B	0D02233B2626A00CC924AC6C228433C46EC307678AD1D70687831FDFE73B25F7
C:\Windows\FalseUserPass.ini	ASCII text, with CRLF line terminators	D14429A2A43420229ACCE2BA85BCE909	23312D958EB7DB8AA494B74171E90EA01F8877AF	477B77CB74AD7ABFA6200153B9B95BA849871B6278C122273A338A7474A2FF7C

Windows Analysis Report
SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

HIPS / PFW / Operating System Protection Evasion

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

HIPS / PFW / Operating System Protection Evasion

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
SecuriteInfo.com.BScope.Trojan.Diple.31685.13945.exe