Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Trojan.BrowseBan.32054.8200

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.BrowseBan.32054.8200 (renamed file extension from 8200 to exe)
Analysis ID:492347
MD5:7a61d4434b48575332c6d4227b5ed14f
SHA1:3dc79fb21dc1c58a3f9fb3fd5a94b5a4eb5cfd36
SHA256:44d9fb3b4faeb07506a95eaf45e7d9d40dac2830f2004bb6ca061167aa9a67e4
Tags:exe
Infos:

Most interesting Screenshot:

Detection

Score:8
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Uses 32bit PE files
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
PE file contains strange resources
Tries to load missing DLLs
Deletes files inside the Windows folder
Contains functionality to shutdown / reboot the system
Creates files inside the system directory
Detected potential crypto function
Potential key logger detected (key state polling based)
Contains functionality to query CPU information (cpuid)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to record screenshots
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_00468FC0 FindFirstFileA,FindFirstFileA,FindClose,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_0046DB90 lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcpynA,FindFirstFileA,lstrcpynA,lstrcpynA,FindClose,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004E3A20 FindFirstFileA,FindNextFileA,FindClose,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_00469980 FindFirstFileA,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_0047C0D0 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004C9B00 GetCursorPos,ScreenToClient,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004DD080 GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004A9170 GetDeviceCaps,GetDC,GetDC,CreateCompatibleBitmap,CreateCompatibleBitmap,CreateCompatibleDC,SelectObject,BitBlt,SelectObject,DeleteDC,DeleteObject,ReleaseDC,
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: No import functions for PE file found
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeSection loaded: qtim32.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeFile deleted: C:\Windows\A6W_DATA\SecuriteInfo.com.Trojan.BrowseBan.32054.recJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_00435DA0 DestroyWindow,GetCurrentProcess,OpenProcessToken,GetLastError,GetLastError,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,ExitWindowsEx,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeFile created: C:\Windows\A6W_DATAJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004EC150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004A4280
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_0045C400
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004A4650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004F87B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004C8980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_00498B6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004ECF90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004A5380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004F5430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_00489550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004A55E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004E9640
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeJump to behavior
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_00435DA0 DestroyWindow,GetCurrentProcess,OpenProcessToken,GetLastError,GetLastError,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,ExitWindowsEx,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_00401280 DefDlgProcA,LockResource,GetDC,SetMapMode,GetClientRect,GetClientRect,SetWindowExtEx,SetWindowExtEx,SetViewportExtEx,SetViewportExtEx,LPtoDP,ReleaseDC,ReleaseDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,MoveWindow,SetTimer,SetTimer,GetTickCount,FreeResource,KillTimer,BeginPaint,BeginPaint,GetClientRect,LockResource,SelectPalette,RealizePalette,SetRect,GetStockObject,FillRect,StretchDIBits,SelectPalette,DeleteObject,FreeResource,SetBkMode,SetTextAlign,lstrlenA,lstrlenA,TextOutA,TextOutA,lstrlenA,TextOutA,lstrlenA,lstrlenA,DrawTextA,EndPaint,GetClientRect,GetClientRect,GetStockObject,FillRect,EndDialog,
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeString found in binary or memory: Failure occured while loading Xtras. Please remove some Xtras from the Xtras directory and try to re-launch application again.
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeString found in binary or memory: Continue%mA duplicate Xtra has been encountered in your Xtras folder(s). Please quit and remove the duplicate to avoid a possible conflict.Failure occured while loading Xtras. Please remove some Xtras from the Xtras directory and try to re-launch application again.
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeFile written: C:\Windows\A6W.INIJump to behavior
Source: classification engineClassification label: clean8.winEXE@1/2@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeFile read: C:\Windows\A6W.INIJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_0046C520 GetSystemDirectoryA,GetSystemDirectoryA,CharPrevA,CharPrevA,lstrcpyA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,GetLastError,GetDriveTypeA,
Source: SecuriteInfo.com.Trojan.BrowseBan.32054.exeStatic file information: File size 1570477 > 1048576
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004FB570 LoadLibraryA,GetProcAddress,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004828B0 DefWindowProcA,PostQuitMessage,DefWindowProcA,GetLastActivePopup,IsWindowVisible,SetActiveWindow,SendMessageA,SendMessageA,SendMessageA,PostMessageA,IsIconic,DefWindowProcA,DefWindowProcA,DefWindowProcA,GlobalGetAtomNameA,IsIconic,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004828B0 DefWindowProcA,PostQuitMessage,DefWindowProcA,GetLastActivePopup,IsWindowVisible,SetActiveWindow,SendMessageA,SendMessageA,SendMessageA,PostMessageA,IsIconic,DefWindowProcA,DefWindowProcA,DefWindowProcA,GlobalGetAtomNameA,IsIconic,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004D9960 IsWindow,RemovePropA,GetWindow,IsIconic,GetPropA,ShowWindow,IsWindowVisible,ShowWindow,SendMessageA,SetPropA,RemovePropA,RemovePropA,ShowWindow,DefWindowProcA,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004EFE90 GetSystemTime followed by cmp: cmp word ptr [esp+0eh], cx and CTI: jne 004EFEF7h
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004EFE90 GetSystemTime followed by cmp: cmp word ptr [esp+0ch], ax and CTI: jne 004EFEF7h
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004EFE90 GetSystemTime followed by cmp: cmp word ptr [esp+0ah], ax and CTI: jne 004EFEF7h
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004EFE90 GetSystemTime followed by cmp: cmp word ptr [esp+06h], ax and CTI: jne 004EFEF7h
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004EFE90 GetSystemTime followed by cmp: cmp word ptr [esp+04h], ax and CTI: jne 004EFEF7h
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004A9540 GetSystemInfo,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_00468FC0 FindFirstFileA,FindFirstFileA,FindClose,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_0046DB90 lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcpynA,FindFirstFileA,lstrcpynA,lstrcpynA,FindClose,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004E3A20 FindFirstFileA,FindNextFileA,FindClose,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_00469980 FindFirstFileA,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeFile Volume queried: C:\Users\user\Desktop FullSizeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeFile Volume queried: C:\Windows\A6W_DATA FullSizeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeFile Volume queried: C:\Windows FullSizeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004FB570 LoadLibraryA,GetProcAddress,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004A9540 cpuid
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004F4520 GetTimeZoneInformation,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004F1340 EntryPoint,GetVersion,GetCommandLineA,GetStartupInfoA,GetModuleHandleA,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exeCode function: 0_2_004EFE90 GetLocalTime,GetSystemTime,GetTimeZoneInformation,

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsCommand and Scripting Interpreter2DLL Side-Loading1Access Token Manipulation1Masquerading1Input Capture21System Time Discovery12Remote ServicesScreen Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsNative API1Boot or Logon Initialization ScriptsDLL Side-Loading1Access Token Manipulation1LSASS MemoryApplication Window Discovery1Remote Desktop ProtocolInput Capture21Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)DLL Side-Loading1Security Account ManagerFile and Directory Discovery3SMB/Windows Admin SharesArchive Collected Data1Automated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)File Deletion1NTDSSystem Information Discovery26Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Trojan.BrowseBan.32054.exe3%VirustotalBrowse
SecuriteInfo.com.Trojan.BrowseBan.32054.exe5%MetadefenderBrowse
SecuriteInfo.com.Trojan.BrowseBan.32054.exe2%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:33.0.0 White Diamond
Analysis ID:492347
Start date:28.09.2021
Start time:16:11:05
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 49s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:SecuriteInfo.com.Trojan.BrowseBan.32054.8200 (renamed file extension from 8200 to exe)
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:13
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean8.winEXE@1/2@0/0
EGA Information:Failed
HDC Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Stop behavior analysis, all processes terminated
Warnings:
Show All
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
  • Excluded IPs from analysis (whitelisted): 20.82.210.154, 80.67.82.211, 80.67.82.235, 209.197.3.8, 20.54.110.249, 20.199.120.151, 40.112.88.60, 20.199.120.182
  • Excluded domains from analysis (whitelisted): client.wns.windows.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, cds.d2s7q6s2.hwcdn.net, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, wns.notify.trafficmanager.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Windows\A6W.INI
Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):35
Entropy (8bit):4.307714802597438
Encrypted:false
SSDEEP:3:ExLzdCwpA6jOYp:ENzoLSOI
MD5:D94D1652055EDF8F49C7991664AFEE1A
SHA1:97B41753CF7CF84A886E094217BFA850F9D474F8
SHA-256:6B6D4B0D139E08A0773CF7A591D64DD88825210CE184226423D50DC2BC20F19E
SHA-512:58B734C2B16339C39ED01B106931AFF9DB41FCEF3435F8E5149F847C028F28C67F171B7711B00242A1BC14C6ED3503F247C01BAFE3184C44F8049ABB91B2EA5B
Malicious:false
Reputation:low
Preview: [MMXTechnology]..MMXEnableCheck=1..
C:\Windows\Run32A60.mch
Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe
File Type:data
Category:dropped
Size (bytes):288
Entropy (8bit):4.686889438956984
Encrypted:false
SSDEEP:6:t10rm+aX2qyzwWSXmXlBhMGvqjt/al6wnKfRBm0opzlLNlv8uFRxjw3:707H02XkR0LXphNlv8uFg3
MD5:DDBD22FCBC5FC8DD7E120DBF85CA9519
SHA1:877C624A1829038173D8BF1B898ABA3EDD99BF81
SHA-256:E0C5778E7BFEC2EB403609850616FFA2ADD712AED5616D5B1F6891B99C6CB8F3
SHA-512:F699679FEAC9364186BEEA2FBEAC3541F44280BD42FF3A716F384EBE27AAF2674858F86941CF2F756EAB28E13DDC18F83999F42A0CC802A0D09666D65DB9DF9B
Malicious:false
Reputation:low
Preview: MoaCacheWin32_32..........OsType.......XtraClassInfo.......DirSpec......._rt_KeepInCache.......AlwaysCallRegister......._rt_RegDictList.......FileName......._rt_XtraDictList......._rt_XtraRef......._rt_FileDictList......._rt_NeedsRegistration.......Date.......FileHasXtraEntriesAdded.....

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):6.267914993120473
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • VXD Driver (31/22) 0.00%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:SecuriteInfo.com.Trojan.BrowseBan.32054.exe
File size:1570477
MD5:7a61d4434b48575332c6d4227b5ed14f
SHA1:3dc79fb21dc1c58a3f9fb3fd5a94b5a4eb5cfd36
SHA256:44d9fb3b4faeb07506a95eaf45e7d9d40dac2830f2004bb6ca061167aa9a67e4
SHA512:f51b4a93a2aebdbe89dc31d53363497d9d50cc178c530b7a25c0baa9770e01e7430ceb4365034e4fc6209aa3411e6b1d4fa4f79184f0de3735956278943dc668
SSDEEP:24576:rjGjEneWcf3c+rkqPGIwLqyz6phJLxwpX16ON/+vxM1fVQLcmOZ4WM7:fGnf3wOl0HgMpVQLMZM7
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....c.;............................@.............@.....................................................................5..

File Icon

Icon Hash:f2ecd4b2f6f4c4ec

Static PE Info

General

Entrypoint:0x4f1340
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
DLL Characteristics:
Time Stamp:0x3B8363CE [Wed Aug 22 07:48:30 2001 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:

Entrypoint Preview

Instruction
mov eax, dword ptr fs:[00000000h]
push ebp
mov ebp, esp
push FFFFFFFFh
push 004FF220h
push 004F7084h
push eax
mov dword ptr fs:[00000000h], esp
sub esp, 60h
push ebx
push esi
push edi
mov dword ptr [ebp-18h], esp
call dword ptr [0050FACCh]
mov dword ptr [00505140h], eax
xor eax, eax
mov al, byte ptr [00505141h]
mov dword ptr [0050514Ch], eax
mov eax, dword ptr [00505140h]
shr dword ptr [00505140h], 10h
and eax, 000000FFh
mov dword ptr [00505148h], eax
shl eax, 08h
add eax, dword ptr [0050514Ch]
mov dword ptr [00505144h], eax
call 00007FD7FC9A99CFh
test eax, eax
jne 00007FD7FC9A3D3Ch
push 0000001Ch
call 00007FD7FC9A3E64h
add esp, 04h
mov dword ptr [ebp-04h], 00000000h
call 00007FD7FC9A97D5h
call 00007FD7FC9A4E80h
call dword ptr [0050F998h]
mov dword ptr [0050E070h], eax
call 00007FD7FC9A9630h
mov dword ptr [00505120h], eax
test eax, eax
je 00007FD7FC9A3D3Bh
cmp dword ptr [0050E070h], 00000000h
jne 00007FD7FC9A3D3Ch
push FFFFFFFFh
call 00007FD7FC9A3F77h
add esp, 04h
call 00007FD7FC9A938Fh
call 00007FD7FC9A929Ah
call 00007FD7FC9A3F35h
mov esi, dword ptr [0050E070h]
mov al, byte ptr [esi]

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0xfffe00x35.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT0x10f0000xf0.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x1120000x5c490.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x16f0000xa130.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x10f7840x694.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000xfb3f60xfb400False0.512184196206data6.37515393741IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata0xfd0000x30150x3200False0.435078125data5.40448218626IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x1010000xd0740x5e00False0.400556848404data4.46430466957IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.idata0x10f0000x28f80x2a00False0.407087053571data5.53322081171IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc0x1120000x5c4900x5c600False0.179288417625data4.12178722438IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x16f0000xba6a0xbc00False0.625020777926data6.2745480459IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountry
RT_CURSOR0x15e2f40x134dataEnglishUnited States
RT_CURSOR0x15e43c0x134dataEnglishUnited States
RT_CURSOR0x15e5840x134dataEnglishUnited States
RT_CURSOR0x15e6cc0x134dataEnglishUnited States
RT_CURSOR0x15e8140x134dataEnglishUnited States
RT_CURSOR0x15e95c0x134dataEnglishUnited States
RT_CURSOR0x15eaa40x134dataEnglishUnited States
RT_CURSOR0x15ebec0x134AmigaOS bitmap fontEnglishUnited States
RT_BITMAP0x155cf80xecdataEnglishUnited States
RT_BITMAP0x1244c00xa458dataEnglishUnited States
RT_BITMAP0x12e9180x5080dataEnglishUnited States
RT_BITMAP0x155de40x29adataEnglishUnited States
RT_BITMAP0x1560800x2d2dataEnglishUnited States
RT_BITMAP0x1339980x16c94dataEnglishUnited States
RT_BITMAP0x14a62c0xb670dataEnglishUnited States
RT_BITMAP0x157dbc0x192dataEnglishUnited States
RT_BITMAP0x157f500x192dataEnglishUnited States
RT_BITMAP0x157c280x192dataEnglishUnited States
RT_BITMAP0x156df40x192dataEnglishUnited States
RT_BITMAP0x156f880x192dataEnglishUnited States
RT_BITMAP0x15711c0x192dataEnglishUnited States
RT_BITMAP0x1572b00x192dataEnglishUnited States
RT_BITMAP0x1574440x192dataEnglishUnited States
RT_BITMAP0x1575d80x192dataEnglishUnited States
RT_BITMAP0x15776c0x192dataEnglishUnited States
RT_BITMAP0x1579000x192dataEnglishUnited States
RT_BITMAP0x157a940x192dataEnglishUnited States
RT_BITMAP0x15bd740x150dataEnglishUnited States
RT_BITMAP0x15bec40x168dataEnglishUnited States
RT_BITMAP0x15c02c0x150dataEnglishUnited States
RT_BITMAP0x15c17c0x168dataEnglishUnited States
RT_BITMAP0x1563540xa8dataEnglishUnited States
RT_BITMAP0x1563fc0x54dataEnglishUnited States
RT_BITMAP0x1564500x54dataEnglishUnited States
RT_BITMAP0x1564a40x58dataEnglishUnited States
RT_BITMAP0x1564fc0x1e0dataEnglishUnited States
RT_BITMAP0x1566dc0x29adataEnglishUnited States
RT_BITMAP0x1569780x2d2dataEnglishUnited States
RT_BITMAP0x1585400x45adataEnglishUnited States
RT_BITMAP0x15899c0x45adataEnglishUnited States
RT_BITMAP0x1580e40x45adataEnglishUnited States
RT_BITMAP0x158df80x87adataEnglishUnited States
RT_BITMAP0x1596740x87adataEnglishUnited States
RT_BITMAP0x159ef00x45adataEnglishUnited States
RT_BITMAP0x15a34c0x45adataEnglishUnited States
RT_BITMAP0x15a7a80x45adataEnglishUnited States
RT_BITMAP0x15ac040x45adataEnglishUnited States
RT_BITMAP0x15b0600x45adataEnglishUnited States
RT_BITMAP0x15b4bc0x45adataEnglishUnited States
RT_BITMAP0x15b9180x45adataEnglishUnited States
RT_BITMAP0x15c2e40x2a8dataEnglishUnited States
RT_BITMAP0x15c58c0x2d8dataEnglishUnited States
RT_BITMAP0x15c8640x2a8dataEnglishUnited States
RT_BITMAP0x15cb0c0x2d8dataEnglishUnited States
RT_BITMAP0x15d09c0x150dataEnglishUnited States
RT_BITMAP0x15d1ec0x168dataEnglishUnited States
RT_BITMAP0x15cf4c0x150dataEnglishUnited States
RT_BITMAP0x15cde40x168dataEnglishUnited States
RT_BITMAP0x156c4c0xa8dataEnglishUnited States
RT_BITMAP0x156cf40x54dataEnglishUnited States
RT_BITMAP0x156d480x54dataEnglishUnited States
RT_BITMAP0x156d9c0x58dataEnglishUnited States
RT_BITMAP0x15d3540x168dataEnglishUnited States
RT_ICON0x1163300x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x1164580x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x1169c00x2e8dataEnglishUnited States
RT_ICON0x116ca80x8a8dataEnglishUnited States
RT_ICON0x1175900x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x1176b80x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x117c200x2e8dataEnglishUnited States
RT_ICON0x117f080x8a8dataEnglishUnited States
RT_ICON0x1187f00x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x1189180x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x118e800x2e8dataEnglishUnited States
RT_ICON0x1191680x8a8dataEnglishUnited States
RT_ICON0x119a500x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x119b780x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x11a0e00x2e8dataEnglishUnited States
RT_ICON0x11a3c80x8a8dataEnglishUnited States
RT_ICON0x11acb00x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x11add80x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x11b3400x2e8dataEnglishUnited States
RT_ICON0x11b6280x8a8dataEnglishUnited States
RT_ICON0x11bf100x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x11c0380x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x11c5a00x2e8dataEnglishUnited States
RT_ICON0x11c8880x8a8dataEnglishUnited States
RT_ICON0x11d1700x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x11d2980x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x11d8000x2e8dataEnglishUnited States
RT_ICON0x11dae80x8a8dataEnglishUnited States
RT_ICON0x11e3d00x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x11e4f80x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x11ea600x2e8dataEnglishUnited States
RT_ICON0x11ed480x8a8dataEnglishUnited States
RT_ICON0x11f6300x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x11f7580x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x11fcc00x2e8dataEnglishUnited States
RT_ICON0x11ffa80x8a8dataEnglishUnited States
RT_ICON0x1208900x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x1209b80x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x120f200x2e8dataEnglishUnited States
RT_ICON0x1212080x8a8dataEnglishUnited States
RT_ICON0x121af00x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x121c180x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x1221800x2e8dataEnglishUnited States
RT_ICON0x1224680x8a8dataEnglishUnited States
RT_ICON0x122d500x128GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x122e780x568GLS_BINARY_LSB_FIRSTEnglishUnited States
RT_ICON0x1233e00x2e8dataEnglishUnited States
RT_ICON0x1236c80x8a8dataEnglishUnited States
RT_ICON0x123fb00x130dataEnglishUnited States
RT_ICON0x1240f40x130dataEnglishUnited States
RT_ICON0x1242380x130dataEnglishUnited States
RT_ICON0x12437c0x130dataEnglishUnited States
RT_DIALOG0x15ff380x19edataEnglishUnited States
RT_DIALOG0x1602c00x1aadataEnglishUnited States
RT_DIALOG0x1604ec0x6edataEnglishUnited States
RT_DIALOG0x15f40c0x216dataEnglishUnited States
RT_DIALOG0x15f3540xb6dataEnglishUnited States
RT_DIALOG0x15f1bc0xd0dataEnglishUnited States
RT_DIALOG0x162b600xc2dataEnglishUnited States
RT_DIALOG0x15f28c0xc8dataEnglishUnited States
RT_DIALOG0x15f65c0x238dataEnglishUnited States
RT_DIALOG0x15f92c0x294dataEnglishUnited States
RT_DIALOG0x155c9c0x26dataEnglishUnited States
RT_DIALOG0x15fbc00xd6dataEnglishUnited States
RT_DIALOG0x15f6240x36dataEnglishUnited States
RT_DIALOG0x15f8940x96dataEnglishUnited States
RT_DIALOG0x15fd640x1d4dataEnglishUnited States
RT_DIALOG0x1600d80x1e8dataEnglishUnited States
RT_DIALOG0x16046c0x80dataEnglishUnited States
RT_STRING0x1657bc0x76dataEnglishUnited States
RT_STRING0x1658340x4adataEnglishUnited States
RT_STRING0x1659040x68dataEnglishUnited States
RT_STRING0x165a200x8edataEnglishUnited States
RT_STRING0x1698140xfcdataEnglishUnited States
RT_STRING0x1699100x92dataEnglishUnited States
RT_STRING0x16a8d80x2d8dataEnglishUnited States
RT_STRING0x16abb00xe4dataEnglishUnited States
RT_STRING0x16596c0xb4dataEnglishUnited States
RT_STRING0x1658800x84dataEnglishUnited States
RT_STRING0x1691a00x9edataEnglishUnited States
RT_STRING0x1692400xc2dataEnglishUnited States
RT_STRING0x1693040x38dataEnglishUnited States
RT_STRING0x1699a40xb8dataEnglishUnited States
RT_STRING0x169a5c0x60dataEnglishUnited States
RT_STRING0x169abc0xbcdataEnglishUnited States
RT_STRING0x169b780xb0dataEnglishUnited States
RT_STRING0x169c280x48dataEnglishUnited States
RT_STRING0x169c700x2aHitachi SH big-endian COFF object file, not stripped, 17152 sections, symbol offset=0x25006400EnglishUnited States
RT_STRING0x169d1c0x62dataEnglishUnited States
RT_STRING0x169d800x26dataEnglishUnited States
RT_STRING0x169da80x122dataEnglishUnited States
RT_STRING0x16a0940xa6dataEnglishUnited States
RT_STRING0x16a13c0x56dataEnglishUnited States
RT_STRING0x16a1940x14edataEnglishUnited States
RT_STRING0x16a0340x60dataEnglishUnited States
RT_STRING0x169ecc0x58dataEnglishUnited States
RT_STRING0x169c9c0x5adataEnglishUnited States
RT_STRING0x169cf80x24dataEnglishUnited States
RT_STRING0x16933c0x21cdataEnglishUnited States
RT_STRING0x1695580x274dataEnglishUnited States
RT_STRING0x1697cc0x46dataEnglishUnited States
RT_STRING0x16a2e40x7cdataEnglishUnited States
RT_STRING0x16a3600x72dataEnglishUnited States
RT_STRING0x16a3d40x110dataEnglishUnited States
RT_STRING0x16a4e40x390dataEnglishUnited States
RT_STRING0x16a8740x64dataEnglishUnited States
RT_STRING0x169f240x5adataEnglishUnited States
RT_STRING0x169f800xb2dataEnglishUnited States
RT_STRING0x16bb8c0x6edataEnglishUnited States
RT_STRING0x16bbfc0x142dataEnglishUnited States
RT_STRING0x16ac940xc2dataEnglishUnited States
RT_STRING0x16ad580x396dataEnglishUnited States
RT_STRING0x16b0f00x44adataEnglishUnited States
RT_STRING0x16b53c0x32adataEnglishUnited States
RT_STRING0x16bdf00x58dataEnglishUnited States
RT_STRING0x16b8680x62dataEnglishUnited States
RT_STRING0x16b8cc0x11adataEnglishUnited States
RT_STRING0x16bd400xb0dataEnglishUnited States
RT_STRING0x16b9e80x62dataEnglishUnited States
RT_STRING0x16ba4c0x106dataEnglishUnited States
RT_STRING0x16bb540x36dataEnglishUnited States
RT_STRING0x16be480x38dataEnglishUnited States
RT_STRING0x16be800x282dataEnglishUnited States
RT_STRING0x16c1040xf0dataEnglishUnited States
RT_STRING0x16c1f40xaedataEnglishUnited States
RT_STRING0x16c2a40x186dataEnglishUnited States
RT_STRING0x16c42c0x11edataEnglishUnited States
RT_STRING0x16c54c0xdadataEnglishUnited States
RT_STRING0x16c6280x148dataEnglishUnited States
RT_STRING0x16c9040x322dataEnglishUnited States
RT_STRING0x16cc280x314dataEnglishUnited States
RT_STRING0x16c7700x194dataEnglishUnited States
RT_STRING0x16cf3c0x1acdataEnglishUnited States
RT_STRING0x16d0e80xb8dataEnglishUnited States
RT_STRING0x16d1a00x32dataEnglishUnited States
RT_STRING0x16d1d40x1b2dataEnglishUnited States
RT_STRING0x16d3880x62dataEnglishUnited States
RT_STRING0x16d3ec0x48dataEnglishUnited States
RT_STRING0x16d4340x38dataEnglishUnited States
RT_STRING0x16d46c0x7edataEnglishUnited States
RT_STRING0x16d4ec0x84dataEnglishUnited States
RT_STRING0x16d5700x4edataEnglishUnited States
RT_STRING0x16d5c00x3adataEnglishUnited States
RT_STRING0x16d5fc0xcadataEnglishUnited States
RT_STRING0x16d6c80xe6dataEnglishUnited States
RT_STRING0x16d7b00xb2dataEnglishUnited States
RT_STRING0x16d8640x34dataEnglishUnited States
RT_STRING0x16d8980x46dataEnglishUnited States
RT_STRING0x16d8e00x364dataEnglishUnited States
RT_STRING0x16dc440x4fedataEnglishUnited States
RT_STRING0x16e1440x154dataEnglishUnited States
RT_STRING0x16e2980x1f8dataEnglishUnited States
RT_STRING0x165ab00x9adataEnglishUnited States
RT_STRING0x165b4c0x12cdataEnglishUnited States
RT_STRING0x165c780xf4dataEnglishUnited States
RT_STRING0x165d6c0x11cdataEnglishUnited States
RT_STRING0x165e880x146dataEnglishUnited States
RT_STRING0x165fd00x14edataEnglishUnited States
RT_STRING0x1661200x160dataEnglishUnited States
RT_STRING0x1662800x17edataEnglishUnited States
RT_STRING0x1664000x19cdataEnglishUnited States
RT_STRING0x16659c0x198dataEnglishUnited States
RT_STRING0x1667340x182dataEnglishUnited States
RT_STRING0x1668b80x160dataEnglishUnited States
RT_STRING0x166a180x1acdataEnglishUnited States
RT_STRING0x166bc40x16edataEnglishUnited States
RT_STRING0x166d340xf8dataEnglishUnited States
RT_STRING0x166e2c0x198dataEnglishUnited States
RT_STRING0x166fc40x17edataEnglishUnited States
RT_STRING0x1671440x1a8dataEnglishUnited States
RT_STRING0x1672ec0x234dataEnglishUnited States
RT_STRING0x1675200x1c0dataEnglishUnited States
RT_STRING0x1676e00x188dataEnglishUnited States
RT_STRING0x1678680x1eedataEnglishUnited States
RT_STRING0x167a580x62dataEnglishUnited States
RT_STRING0x167abc0x144dataEnglishUnited States
RT_STRING0x167c000x1a2dataEnglishUnited States
RT_STRING0x167da40x154dataEnglishUnited States
RT_STRING0x167ef80x128dataEnglishUnited States
RT_STRING0x1680200x124dataEnglishUnited States
RT_STRING0x1681440x14edataEnglishUnited States
RT_STRING0x1682940x12adataEnglishUnited States
RT_STRING0x1683c00x18cAmigaOS bitmap fontEnglishUnited States
RT_STRING0x16854c0x19adataEnglishUnited States
RT_STRING0x16880c0x1c6dataEnglishUnited States
RT_STRING0x1689d40x182dataEnglishUnited States
RT_STRING0x168b580x186dataEnglishUnited States
RT_STRING0x168ce00x194dataEnglishUnited States
RT_STRING0x168e740x1badataEnglishUnited States
RT_STRING0x1690300x16edataEnglishUnited States
RT_STRING0x1686e80x122dataEnglishUnited States
RT_RCDATA0x15d4bc0x120dataEnglishUnited States
RT_RCDATA0x16055c0x1734dataEnglishUnited States
RT_RCDATA0x161c900xed0dataEnglishUnited States
RT_GROUP_CURSOR0x15e4280x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
RT_GROUP_CURSOR0x15e5700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
RT_GROUP_CURSOR0x15e6b80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
RT_GROUP_CURSOR0x15e8000x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
RT_GROUP_CURSOR0x15e9480x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
RT_GROUP_CURSOR0x15ea900x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
RT_GROUP_CURSOR0x15ebd80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
RT_GROUP_CURSOR0x15ed200x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
RT_GROUP_ICON0x1175500x3edataEnglishUnited States
RT_GROUP_ICON0x1187b00x3edataEnglishUnited States
RT_GROUP_ICON0x119a100x3edataEnglishUnited States
RT_GROUP_ICON0x11ac700x3edataEnglishUnited States
RT_GROUP_ICON0x11bed00x3edataEnglishUnited States
RT_GROUP_ICON0x11d1300x3edataEnglishUnited States
RT_GROUP_ICON0x11e3900x3edataEnglishUnited States
RT_GROUP_ICON0x11f5f00x3edataEnglishUnited States
RT_GROUP_ICON0x1208500x3edataEnglishUnited States
RT_GROUP_ICON0x121ab00x3edataEnglishUnited States
RT_GROUP_ICON0x122d100x3edataEnglishUnited States
RT_GROUP_ICON0x123f700x3edataEnglishUnited States
RT_GROUP_ICON0x1240e00x14dataEnglishUnited States
RT_GROUP_ICON0x1242240x14dataEnglishUnited States
RT_GROUP_ICON0x1243680x14dataEnglishUnited States
RT_GROUP_ICON0x1244ac0x14dataEnglishUnited States
RT_VERSION0x1654dc0x2dedataEnglishUnited States
None0x1630340x2a1dataEnglishUnited States
None0x1649280xc9dataEnglishUnited States
None0x1632d80x69dataEnglishUnited States
None0x1649f40xd3dataEnglishUnited States
None0x162f600x59dataEnglishUnited States
None0x163f800x111dataEnglishUnited States
None0x1635ac0x51dataEnglishUnited States
None0x163adc0x15bdataEnglishUnited States
None0x164ac80x35dataEnglishUnited States
None0x164b000x32dataEnglishUnited States
None0x1636000x21cdataEnglishUnited States
None0x164b340x1a4dataEnglishUnited States
None0x1639300x43dataEnglishUnited States
None0x162d8c0xb2dataEnglishUnited States
None0x164cd80x4edataEnglishUnited States
None0x1633a80x91dataEnglishUnited States
None0x1634780x9fdataEnglishUnited States
None0x162c340x81dataEnglishUnited States
None0x162e400x90dataEnglishUnited States
None0x162cb80xd4dataEnglishUnited States
None0x162ed00x8ddataEnglishUnited States
None0x162fbc0x77dataEnglishUnited States
None0x16343c0x3cdataEnglishUnited States
None0x16381c0xc5dataEnglishUnited States
None0x164d280x44dataEnglishUnited States
None0x163c380x292dataEnglishUnited States
None0x163ecc0x39dataEnglishUnited States
None0x163f080x3edataEnglishUnited States
None0x1635180x93dataEnglishUnited States
None0x164d6c0x34dataEnglishUnited States
None0x164da00x3d6dataEnglishUnited States
None0x163a4c0x64dataEnglishUnited States
None0x162c240x10dataEnglishUnited States
None0x1638e40x49dataEnglishUnited States
None0x1639740x57dataEnglishUnited States
None0x1633440x64dataEnglishUnited States
None0x1639cc0x7fdataEnglishUnited States
None0x163ab00x2adataEnglishUnited States
None0x163f480x35dataEnglishUnited States
None0x1640940xd0dataEnglishUnited States
None0x1651780x53dataEnglishUnited States
None0x1641640x3fdataEnglishUnited States
None0x1641a40x4abdataEnglishUnited States
None0x1646500x7bdataEnglishUnited States
None0x1646cc0x58dataEnglishUnited States
None0x1647240x75dataEnglishUnited States
None0x16479c0xabdataEnglishUnited States
None0x1648480x92dataEnglishUnited States
None0x1648dc0x4adataEnglishUnited States
None0x15fc980x16dataEnglishUnited States
None0x15fcb00x16dataEnglishUnited States
None0x15fd0c0x16dataEnglishUnited States
None0x15fcdc0x16dataEnglishUnited States
None0x15fcf40x16dataEnglishUnited States
None0x15fcc80x12dataEnglishUnited States
None0x15fd240x1fdataEnglishUnited States
None0x15fd440x1fdataEnglishUnited States
None0x1651cc0x30cdataEnglishUnited States
None0x1654d80x4dataEnglishUnited States
None0x155cc40x34dataEnglishUnited States
None0x15d5dc0x100dataEnglishUnited States
None0x15d6dc0x8dataEnglishUnited States
None0x15d6e40x400dataEnglishUnited States
None0x15dae40x10dataEnglishUnited States
None0x15daf40x800dataEnglishUnited States
None0x15ed340x64RIFF (little-endian) data, palette, version 68, 0 entriesEnglishUnited States
None0x15ed980x424RIFF (little-endian) data, palette, version 1028, 0 entriesEnglishUnited States

Version Infos

DescriptionData
Translation0x0409 0x04b0
LegalCopyright1987-1998, Macromedia, Inc.
CompanyNameMacromedia, Inc.
LegalTrademarksMacromedia, the Macromedia Logo and Authorware are registered trademarks of Macromedia, Inc.
FileVersion6.0
FileDescriptionAuthorware Runtime

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

Network Port Distribution

UDP Packets

TimestampSource PortDest PortSource IPDest IP
Sep 28, 2021 16:12:25.662106991 CEST5745953192.168.2.38.8.8.8
Sep 28, 2021 16:12:25.681663990 CEST53574598.8.8.8192.168.2.3
Sep 28, 2021 16:12:32.004306078 CEST5787553192.168.2.38.8.8.8
Sep 28, 2021 16:12:32.023658037 CEST53578758.8.8.8192.168.2.3
Sep 28, 2021 16:12:47.941556931 CEST5415453192.168.2.38.8.8.8
Sep 28, 2021 16:12:47.960385084 CEST53541548.8.8.8192.168.2.3
Sep 28, 2021 16:12:49.861414909 CEST5280653192.168.2.38.8.8.8
Sep 28, 2021 16:12:49.870047092 CEST5391053192.168.2.38.8.8.8
Sep 28, 2021 16:12:49.885335922 CEST53528068.8.8.8192.168.2.3
Sep 28, 2021 16:12:49.889545918 CEST53539108.8.8.8192.168.2.3
Sep 28, 2021 16:12:50.316499949 CEST6402153192.168.2.38.8.8.8
Sep 28, 2021 16:12:50.336370945 CEST53640218.8.8.8192.168.2.3
Sep 28, 2021 16:12:50.866606951 CEST6078453192.168.2.38.8.8.8
Sep 28, 2021 16:12:50.883982897 CEST53607848.8.8.8192.168.2.3
Sep 28, 2021 16:12:51.208616018 CEST5114353192.168.2.38.8.8.8
Sep 28, 2021 16:12:51.228117943 CEST53511438.8.8.8192.168.2.3
Sep 28, 2021 16:12:51.651036024 CEST5600953192.168.2.38.8.8.8
Sep 28, 2021 16:12:51.670914888 CEST53560098.8.8.8192.168.2.3
Sep 28, 2021 16:12:51.766568899 CEST5902653192.168.2.38.8.8.8
Sep 28, 2021 16:12:51.794857025 CEST53590268.8.8.8192.168.2.3
Sep 28, 2021 16:12:52.171520948 CEST4957253192.168.2.38.8.8.8
Sep 28, 2021 16:12:52.191257954 CEST53495728.8.8.8192.168.2.3
Sep 28, 2021 16:12:52.760643959 CEST6082353192.168.2.38.8.8.8
Sep 28, 2021 16:12:52.795089006 CEST53608238.8.8.8192.168.2.3
Sep 28, 2021 16:12:53.160218000 CEST5213053192.168.2.38.8.8.8
Sep 28, 2021 16:12:53.188272953 CEST53521308.8.8.8192.168.2.3
Sep 28, 2021 16:12:53.533149004 CEST5510253192.168.2.38.8.8.8
Sep 28, 2021 16:12:53.553311110 CEST53551028.8.8.8192.168.2.3
Sep 28, 2021 16:12:54.226035118 CEST5623653192.168.2.38.8.8.8
Sep 28, 2021 16:12:54.246094942 CEST53562368.8.8.8192.168.2.3
Sep 28, 2021 16:12:54.888566017 CEST5652753192.168.2.38.8.8.8
Sep 28, 2021 16:12:54.906147003 CEST53565278.8.8.8192.168.2.3
Sep 28, 2021 16:13:01.458327055 CEST4955953192.168.2.38.8.8.8
Sep 28, 2021 16:13:01.477133989 CEST53495598.8.8.8192.168.2.3
Sep 28, 2021 16:13:13.235512972 CEST5265053192.168.2.38.8.8.8
Sep 28, 2021 16:13:13.258397102 CEST53526508.8.8.8192.168.2.3
Sep 28, 2021 16:13:30.183695078 CEST6329753192.168.2.38.8.8.8
Sep 28, 2021 16:13:30.204565048 CEST53632978.8.8.8192.168.2.3
Sep 28, 2021 16:13:49.759965897 CEST5836153192.168.2.38.8.8.8
Sep 28, 2021 16:13:49.779611111 CEST53583618.8.8.8192.168.2.3

Code Manipulations

Statistics

System Behavior

Analysis Process: SecuriteInfo.com.Trojan.BrowseBan.32054.exe PID: 4192 Parent PID: 5020

General

Start time:16:12:02
Start date:28/09/2021
Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe
Wow64 process (32bit):true
Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.BrowseBan.32054.exe'
Imagebase:0x400000
File size:1570477 bytes
MD5 hash:7A61D4434B48575332C6D4227B5ED14F
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low

Disassembly

Code Analysis

Reset < >