General Information

  • Date:02.08.2020
  • Duration:0h 1m 2s
  • Sample file name:SecuriteInfo.com.Trojan.GenericKD.34263609.3735.31368 (renamed file extension from 31368 to exe)
  • Cookbook:default.jbs
  • Icon:
  • Filetype:exe

Detection

MALICIOUS
FormBook
    • Found 7 malicious signatures
    • Contacts 0 domains/IPs
    • Launches 3 processes
    • Drops 1 files

Signature Overview

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 255764 Sample: SecuriteInfo.com.Trojan.Gen... Startdate: 02/08/2020 Architecture: WINDOWS Score: 80 16 Malicious sample detected (through community Yara rule) 2->16 18 Yara detected AntiVM_3 2->18 20 Yara detected FormBook 2->20 22 2 other signatures 2->22 6 SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe 3 2->6         started        process3 file4 14 SecuriteInfo.com.T...263609.3735.exe.log, ASCII 6->14 dropped 24 Tries to detect virtualization through RDTSC time measurements 6->24 26 Injects a PE file into a foreign processes 6->26 10 SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe 6->10         started        12 SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe 6->12         started        signatures5 process6
    No contacted IP infos