Edit tour
Windows
Analysis Report
SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to delete services
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
- SecuriteInfo.com.Trojan.GenericKD.71965879.10556.925.exe (PID: 3040 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Gen ericKD.719 65879.1055 6.925.exe" MD5: 0712A91D8604BDD111EA4F9E783B3083) - conhost.exe (PID: 2020 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Window detected: |