Windows Analysis Report SecuriteInfo.com.Trojan.BrowseBan.32054.8200

Overview

General Information

Sample Name:	SecuriteInfo.com.Trojan.BrowseBan.32054.8200 (renamed file extension from 8200 to exe)
Analysis ID:	492347
MD5:	7a61d4434b48575332c6d4227b5ed14f
SHA1:	3dc79fb21dc1c58a3f9fb3fd5a94b5a4eb5cfd36
SHA256:	44d9fb3b4faeb07506a95eaf45e7d9d40dac2830f2004bb6ca061167aa9a67e4
Tags:	exe
Infos:
Most interesting Screenshot:

Detection

Score:	8
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Uses 32bit PE files

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

PE file contains strange resources

Tries to load missing DLLs

Deletes files inside the Windows folder

Contains functionality to shutdown / reboot the system

Creates files inside the system directory

Detected potential crypto function

Potential key logger detected (key state polling based)

Contains functionality to query CPU information (cpuid)

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Contains functionality to record screenshots

Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Signatures

Compliance:

Uses 32bit PE files

Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_00468FC0 FindFirstFileA,FindFirstFileA,FindClose,	0_2_00468FC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_0046DB90 lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcpynA,FindFirstFileA,lstrcpynA,lstrcpynA,FindClose,	0_2_0046DB90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004E3A20 FindFirstFileA,FindNextFileA,FindClose,	0_2_004E3A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_00469980 FindFirstFileA,	0_2_00469980

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Potential key logger detected (key state polling based)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_0047C0D0 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_0047C0D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004C9B00 GetCursorPos,ScreenToClient,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_004C9B00

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004DD080 GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,

0_2_004DD080

Contains functionality to record screenshots

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004A9170 GetDeviceCaps,GetDC,GetDC,CreateCompatibleBitmap,CreateCompatibleBitmap,CreateCompatibleDC,SelectObject,BitBlt,SelectObject,DeleteDC,DeleteObject,ReleaseDC,

0_2_004A9170

System Summary:

Uses 32bit PE files

Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED

PE file does not import any functions

Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Static PE information: No import functions for PE file found

PE file contains strange resources

Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Tries to load missing DLLs

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Section loaded: qtim32.dll

Jump to behavior

Deletes files inside the Windows folder

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

File deleted: C:\Windows\A6W_DATA\SecuriteInfo.com.Trojan.BrowseBan.32054.rec

Jump to behavior

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_00435DA0 DestroyWindow,GetCurrentProcess,OpenProcessToken,GetLastError,GetLastError,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,ExitWindowsEx,

0_2_00435DA0

Creates files inside the system directory

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

File created: C:\Windows\A6W_DATA

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004EC150	0_2_004EC150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004A4280	0_2_004A4280
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_0045C400	0_2_0045C400
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004A4650	0_2_004A4650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004F87B0	0_2_004F87B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004C8980	0_2_004C8980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_00498B6C	0_2_00498B6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004ECF90	0_2_004ECF90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004A5380	0_2_004A5380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004F5430	0_2_004F5430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_00489550	0_2_00489550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004A55E0	0_2_004A55E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004E9640	0_2_004E9640

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Jump to behavior

Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_00435DA0 DestroyWindow,GetCurrentProcess,OpenProcessToken,GetLastError,GetLastError,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,ExitWindowsEx,

0_2_00435DA0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_00401280 DefDlgProcA,LockResource,GetDC,SetMapMode,GetClientRect,GetClientRect,SetWindowExtEx,SetWindowExtEx,SetViewportExtEx,SetViewportExtEx,LPtoDP,ReleaseDC,ReleaseDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,MoveWindow,SetTimer,SetTimer,GetTickCount,FreeResource,KillTimer,BeginPaint,BeginPaint,GetClientRect,LockResource,SelectPalette,RealizePalette,SetRect,GetStockObject,FillRect,StretchDIBits,SelectPalette,DeleteObject,FreeResource,SetBkMode,SetTextAlign,lstrlenA,lstrlenA,TextOutA,TextOutA,lstrlenA,TextOutA,lstrlenA,lstrlenA,DrawTextA,EndPaint,GetClientRect,GetClientRect,GetStockObject,FillRect,EndDialog,

0_2_00401280

Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	String found in binary or memory: Failure occured while loading Xtras. Please remove some Xtras from the Xtras directory and try to re-launch application again.
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe	String found in binary or memory: Continue%mA duplicate Xtra has been encountered in your Xtras folder(s). Please quit and remove the duplicate to avoid a possible conflict.Failure occured while loading Xtras. Please remove some Xtras from the Xtras directory and try to re-launch application again.

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

File written: C:\Windows\A6W.INI

Jump to behavior

Source: classification engine

Classification label: clean8.winEXE@1/2@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

File read: C:\Windows\A6W.INI

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_0046C520 GetSystemDirectoryA,GetSystemDirectoryA,CharPrevA,CharPrevA,lstrcpyA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,GetLastError,GetDriveTypeA,

0_2_0046C520

Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Static file information: File size 1570477 > 1048576

Data Obfuscation:

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004FB570 LoadLibraryA,GetProcAddress,

0_2_004FB570

Hooking and other Techniques for Hiding and Protection:

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004828B0 DefWindowProcA,PostQuitMessage,DefWindowProcA,GetLastActivePopup,IsWindowVisible,SetActiveWindow,SendMessageA,SendMessageA,SendMessageA,PostMessageA,IsIconic,DefWindowProcA,DefWindowProcA,DefWindowProcA,GlobalGetAtomNameA,IsIconic,	0_2_004828B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004828B0 DefWindowProcA,PostQuitMessage,DefWindowProcA,GetLastActivePopup,IsWindowVisible,SetActiveWindow,SendMessageA,SendMessageA,SendMessageA,PostMessageA,IsIconic,DefWindowProcA,DefWindowProcA,DefWindowProcA,GlobalGetAtomNameA,IsIconic,	0_2_004828B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004D9960 IsWindow,RemovePropA,GetWindow,IsIconic,GetPropA,ShowWindow,IsWindowVisible,ShowWindow,SendMessageA,SetPropA,RemovePropA,RemovePropA,ShowWindow,DefWindowProcA,	0_2_004D9960

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Uses the system / local time for branch decision (may execute only at specific dates)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004EFE90 GetSystemTime followed by cmp: cmp word ptr [esp+0eh], cx and CTI: jne 004EFEF7h	0_2_004EFE90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004EFE90 GetSystemTime followed by cmp: cmp word ptr [esp+0ch], ax and CTI: jne 004EFEF7h	0_2_004EFE90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004EFE90 GetSystemTime followed by cmp: cmp word ptr [esp+0ah], ax and CTI: jne 004EFEF7h	0_2_004EFE90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004EFE90 GetSystemTime followed by cmp: cmp word ptr [esp+06h], ax and CTI: jne 004EFEF7h	0_2_004EFE90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004EFE90 GetSystemTime followed by cmp: cmp word ptr [esp+04h], ax and CTI: jne 004EFEF7h	0_2_004EFE90

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004A9540 GetSystemInfo,

0_2_004A9540

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_00468FC0 FindFirstFileA,FindFirstFileA,FindClose,	0_2_00468FC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_0046DB90 lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcpynA,FindFirstFileA,lstrcpynA,lstrcpynA,FindClose,	0_2_0046DB90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_004E3A20 FindFirstFileA,FindNextFileA,FindClose,	0_2_004E3A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Code function: 0_2_00469980 FindFirstFileA,	0_2_00469980

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	File Volume queried: C:\Windows\A6W_DATA FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	File Volume queried: C:\Windows FullSizeInformation	Jump to behavior

Anti Debugging:

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004FB570 LoadLibraryA,GetProcAddress,

0_2_004FB570

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004A9540 cpuid

0_2_004A9540

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004F4520 GetTimeZoneInformation,

0_2_004F4520

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004F1340 EntryPoint,GetVersion,GetCommandLineA,GetStartupInfoA,GetModuleHandleA,

0_2_004F1340

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe

Code function: 0_2_004EFE90 GetLocalTime,GetSystemTime,GetTimeZoneInformation,

0_2_004EFE90

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No contacted IP infos

ID:	492347
Product:	CloudBasic
Start time:	16:11:05
Start date:	28.09.2021
Sample:	SecuriteInfo.com.Trojan.BrowseBan.32054.8200
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	7a61d4434b48575332c6d4227b5ed14f
SHA1:	3dc79fb21dc1c58a3f9fb3fd5a94b5a4eb5cfd36
SHA256:	44d9fb3b4faeb07506a95eaf45e7d9d40dac2830f2004bb6ca061167aa9a67e4
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Windows\A6W.INI	ASCII text, with CRLF line terminators	D94D1652055EDF8F49C7991664AFEE1A	97B41753CF7CF84A886E094217BFA850F9D474F8	6B6D4B0D139E08A0773CF7A591D64DD88825210CE184226423D50DC2BC20F19E
C:\Windows\Run32A60.mch	data	DDBD22FCBC5FC8DD7E120DBF85CA9519	877C624A1829038173D8BF1B898ABA3EDD99BF81	E0C5778E7BFEC2EB403609850616FFA2ADD712AED5616D5B1F6891B99C6CB8F3

Windows Analysis Report SecuriteInfo.com.Trojan.BrowseBan.32054.8200

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Spreading:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

Language, Device and Operating System Detection:

Screenshots

Behavior Graph

Network Map