Windows Analysis Report
SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe

Overview

General Information

Sample name: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Analysis ID: 1431465
MD5: 0712a91d8604bdd111ea4f9e783b3083
SHA1: 3d70cf48c5a9d38bfac0f2f744bf00ffcede9e9d
SHA256: c38982211b0b80699e6379501fe48ca594727fffdd580eb1dc5c05aa06bd6d04
Tags: exe
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to delete services
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe ReversingLabs: Detection: 25%
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Virustotal: Detection: 27% Perma Link
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Window detected: You can also use the /accepteula command-line switch to accept the EULA.&Agree&Decline&PrintSYSINTERNALS SOFTWARE LICENSE TERMSThese license terms are an agreement between Sysinternals (a wholly owned subsidiary of Microsoft Corporation) and you. Please read them. They apply to the software you are downloading from Sysinternals.com which includes the media on which you received it if any. The terms also apply to any SysinternalsupdatessupplementsInternet-based services and support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.Scope of License. The software is licensed not sold. This agreement only gives you some rights to use the software. Sysinternals reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notwork around any technical limitations in the binary versions of the software;reverse engineer decompile or disassemble the binary versions of the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.SENSITIVE INFORMATION. Please be aware that similar to other debug tools that capture "process state" information files saved by Sysinternals tools may include personally identifiable or other sensitive information (such as usernames passwords paths to files accessed and paths to registry accessed). By using this software you acknowledge that you are aware of this and take sole responsibility for any personally identifiable or other sensitive information provided to Microsoft or any other party through your use of the software.. DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.6.Export Restrictions. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting <<http://www.microsoft.com/exporting>>.7.SUPPORT SERVICES. Because this software is "as is "
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\s\pssuspend\exe\x64\Release\pssuspend64.pdb source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: Binary string: D:\a\1\s\pssuspend\svc\x64\Release\psspndsvc.pdb source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: Binary string: D:\a\1\s\pssuspend\exe\x64\Release\pssuspend64.pdb- source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D95810A8 FindFirstFileExW, 0_2_00007FF7D95810A8
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe String found in binary or memory: http://www.microsoft.co
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe String found in binary or memory: https://www.sysinternals.com0
Contains functionality to delete services
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D95636F0 GetComputerNameA,gethostname,gethostbyname,inet_ntoa,OpenSCManagerA,CreateServiceA,GetLastError,GetLastError,SetLastError,WaitForSingleObject,SetLastError,CloseServiceHandle,GetLastError,CloseServiceHandle,SetLastError,GetLastError,GetStdHandle,GetConsoleScreenBufferInfo,OpenSCManagerA,OpenServiceA,DeleteService,CloseServiceHandle,CloseServiceHandle,GetComputerNameA,GetSystemDirectoryA,DeleteFileA,GetLastError,Sleep, 0_2_00007FF7D95636F0
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D9572260 0_2_00007FF7D9572260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D956F1DC 0_2_00007FF7D956F1DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D956E9BC 0_2_00007FF7D956E9BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D9570494 0_2_00007FF7D9570494
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D9585C74 0_2_00007FF7D9585C74
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D957731C 0_2_00007FF7D957731C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D9572B28 0_2_00007FF7D9572B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D956EBC8 0_2_00007FF7D956EBC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D957DBD4 0_2_00007FF7D957DBD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D9570BB0 0_2_00007FF7D9570BB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D9572664 0_2_00007FF7D9572664
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D9561E20 0_2_00007FF7D9561E20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D9571E28 0_2_00007FF7D9571E28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D957D554 0_2_00007FF7D957D554
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D95855D8 0_2_00007FF7D95855D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D956EDCC 0_2_00007FF7D956EDCC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D9576DA0 0_2_00007FF7D9576DA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D957082C 0_2_00007FF7D957082C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D95700F8 0_2_00007FF7D95700F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D958410C 0_2_00007FF7D958410C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D95800EC 0_2_00007FF7D95800EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D957D0C0 0_2_00007FF7D957D0C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D95810A8 0_2_00007FF7D95810A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D957A730 0_2_00007FF7D957A730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D956EFD8 0_2_00007FF7D956EFD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D956E7B8 0_2_00007FF7D956E7B8
PE / OLE file has an invalid certificate
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: invalid certificate
PE file contains executable resources (Code or Archives)
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: Resource name: BINRES type: PE32+ executable (console) x86-64, for MS Windows
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe, 00000000.00000002.2085127651.00000288AAA4C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameP.E.S.P..........L* vs SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe, 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamepsspndsv.exe^ vs SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe, 00000000.00000002.2085506736.00007FF7D95A9000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameP.E.S.P..........L* vs SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Binary or memory string: OriginalFilenamepsspndsv.exe^ vs SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Binary or memory string: OriginalFilenameP.E.S.P..........L* vs SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: classification engine Classification label: mal48.winEXE@2/1@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D9563180 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle, 0_2_00007FF7D9563180
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: GetComputerNameA,gethostname,gethostbyname,inet_ntoa,OpenSCManagerA,CreateServiceA,GetLastError,GetLastError,SetLastError,WaitForSingleObject,SetLastError,CloseServiceHandle,GetLastError,CloseServiceHandle,SetLastError,GetLastError,GetStdHandle,GetConsoleScreenBufferInfo,OpenSCManagerA,OpenServiceA,DeleteService,CloseServiceHandle,CloseServiceHandle,GetComputerNameA,GetSystemDirectoryA,DeleteFileA,GetLastError,Sleep, 0_2_00007FF7D95636F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D9563260 FindResourceA,LoadResource,SizeofResource,LockResource, 0_2_00007FF7D9563260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D95642D0 GetTickCount,CloseServiceHandle,OpenServiceA,StartServiceA,GetLastError,QueryServiceStatus,GetTickCount,Sleep,QueryServiceStatus,SetLastError,GetLastError,CloseServiceHandle,SetLastError, 0_2_00007FF7D95642D0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2020:120:WilError_03
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe File read: C:\Windows\win.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe ReversingLabs: Detection: 25%
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Virustotal: Detection: 27%
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe String found in binary or memory: %s -install to install the service
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe String found in binary or memory: %s -install to install the service
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe String found in binary or memory: .*PSINFSVCinstallremovedebugPsInfSvc%s -install to install the service
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: riched32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Window found: window name: RICHEDIT Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe File opened: C:\Windows\SYSTEM32\Riched32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Window detected: You can also use the /accepteula command-line switch to accept the EULA.&Agree&Decline&PrintSYSINTERNALS SOFTWARE LICENSE TERMSThese license terms are an agreement between Sysinternals (a wholly owned subsidiary of Microsoft Corporation) and you. Please read them. They apply to the software you are downloading from Sysinternals.com which includes the media on which you received it if any. The terms also apply to any SysinternalsupdatessupplementsInternet-based services and support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.Scope of License. The software is licensed not sold. This agreement only gives you some rights to use the software. Sysinternals reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notwork around any technical limitations in the binary versions of the software;reverse engineer decompile or disassemble the binary versions of the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.SENSITIVE INFORMATION. Please be aware that similar to other debug tools that capture "process state" information files saved by Sysinternals tools may include personally identifiable or other sensitive information (such as usernames passwords paths to files accessed and paths to registry accessed). By using this software you acknowledge that you are aware of this and take sole responsibility for any personally identifiable or other sensitive information provided to Microsoft or any other party through your use of the software.. DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.6.Export Restrictions. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting <<http://www.microsoft.com/exporting>>.7.SUPPORT SERVICES. Because this software is "as is "
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\s\pssuspend\exe\x64\Release\pssuspend64.pdb source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: Binary string: D:\a\1\s\pssuspend\svc\x64\Release\psspndsvc.pdb source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: Binary string: D:\a\1\s\pssuspend\exe\x64\Release\pssuspend64.pdb- source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
PE file contains an invalid checksum
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: real checksum: 0x789eb should be: 0x77a44
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D9578738 push rax; retf 0001h 0_2_00007FF7D957873D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D95642D0 GetTickCount,CloseServiceHandle,OpenServiceA,StartServiceA,GetLastError,QueryServiceStatus,GetTickCount,Sleep,QueryServiceStatus,SetLastError,GetLastError,CloseServiceHandle,SetLastError, 0_2_00007FF7D95642D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D95810A8 FindFirstFileExW, 0_2_00007FF7D95810A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D956620C VirtualQuery,GetSystemInfo, 0_2_00007FF7D956620C
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D95674C4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7D95674C4
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D9582854 GetProcessHeap, 0_2_00007FF7D9582854
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D956720C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF7D956720C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D95674C4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7D95674C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D956CE94 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7D956CE94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D9567670 SetUnhandledExceptionFilter, 0_2_00007FF7D9567670
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D95805B0 cpuid 0_2_00007FF7D95805B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D95676DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_00007FF7D95676DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe Code function: 0_2_00007FF7D9561850 GetVersionExA,LoadLibraryExA,SetLastError, 0_2_00007FF7D9561850
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1431465 Sample: SecuriteInfo.com.Trojan.Gen... Startdate: 25/04/2024 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe 1 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
No contacted IP infos