Windows Analysis Report
SecuriteInfo.com.Trojan-Dropper.17837.23667.exe

Overview

General Information

Sample name: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe
Analysis ID: 1431436
MD5: 448ac477d6ee07ef2bab4aa206e55371
SHA1: f174f8f81f6817db32a32380c7ad70213f19f971
SHA256: 8d09e55629dd15deebce3ee83f5a4b6cc09925c83eaca7c2fa75707c2ab9cd11
Tags: exe
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Found large amount of non-executed APIs
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://dhld.dyndns.org/libgen/forum
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/Converter.exe
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/Function.dat
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/Index.mht
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/LibGen.exe
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/Readme.txt
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/BEAM.DAT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/COLOUR.DAT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/EFFECTS.DAT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/GROUP.DAT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/LIBRARY/FUNCTION.TXT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/LIBRARY/_lib.lib
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/LIBRARY/_userlib.dat
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/LIBRARY/oldFunc.res
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/LIBRARY/tokens.res
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/LIBRARY/tokens.res$TemplateShow
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/PAGE.DAT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/POSITION.DAT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/RTTABLE.DAT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/RTTABLE.DAT(TemplateShow
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/DESKTOP.DAT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/FIXTURE.DAT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/INPUT.DAT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/INPUT.DATTitlebody
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/MIDIMAP.TXT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/MOREOPTS.TXT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/OPTIONS.DAT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/PATCH.DAT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/REPORTS.DAT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/_ZCAT.DAT
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/config.ini
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/fixtures.dat
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe String found in binary or memory: http://www.lightkid.de/updater/vbzip11.dll
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe, 00000000.00000000.1520017120.0000000000414000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameupdate.exe vs SecuriteInfo.com.Trojan-Dropper.17837.23667.exe
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Binary or memory string: OriginalFilenameupdate.exe vs SecuriteInfo.com.Trojan-Dropper.17837.23667.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Binary or memory string: @ A*\AC:\Dokumente und Einstellungen\denis\Desktop\developing\ver 0.6.8\updater\Project1.vbp
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe, 00000000.00000002.1563935125.0000000000412000.00000004.00000001.01000000.00000003.sdmp Binary or memory string: 2@*\AC:\Dokumente und Einstellungen\denis\Desktop\developing\ver 0.6.8\updater\Project1.vbp
Source: classification engine Classification label: clean2.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Mutant created: NULL
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe File created: C:\Users\user\AppData\Local\Temp\~DFF081A0D5B7062551.TMP Jump to behavior
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: vb6zz.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 Jump to behavior
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Code function: 0_2_0040387A push ss; iretd 0_2_0040387B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe API coverage: 0.6 %
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe, 00000000.00000003.1563694466.00000000005ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-Dropper.17837.23667.exe, 00000000.00000002.1564062291.00000000005ED000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1431436 Sample: SecuriteInfo.com.Trojan-Dro... Startdate: 25/04/2024 Architecture: WINDOWS Score: 2 4 SecuriteInfo.com.Trojan-Dropper.17837.23667.exe 1 2->4         started       
No contacted IP infos