Windows Analysis Report
SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Overview

General Information

Sample Name:	SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe
Analysis ID:	800788
MD5:	d0adfd6a3ae38491118d11e6caacd186
SHA1:	6ebe1f86e07fb3fbc79e518bc6d8eb02913b11e1
SHA256:	1e7586126018ff22f443a86f027af1e94cb7746d0acdd4814c4970fe33d82b04
Tags:	exe
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Uses 32bit PE files

AV process strings found (often used to terminate AV products)

Found inlined nop instructions (likely shell or obfuscated code)

PE file does not import any functions

One or more processes crash

Uses code obfuscation techniques (call, push, ret)

Checks if the current process is being debugged

PE file contains sections with non-standard names

Detected potential crypto function

Entry point lies outside standard sections

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	ReversingLabs: Detection: 38%
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Virustotal: Detection: 31%			Perma Link

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, BYTES_REVERSED_LO, 32BIT_MACHINE, DEBUG_STRIPPED, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP, BYTES_REVERSED_HI

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 4x nop then push esi		0_2_0042A972
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 4x nop then mov eax, dword ptr [ecx+0000024Ch]		0_2_00432BBC

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: <Ac@AUIA steamcommunity.comSoftware\Microsoft\Windows\CurrentVersion\Run\steamcommunity_3020.0.0.0 www.steamcommunity.com store.steampowered.com api.steampowered.com discordapp.com dl.discordapp.net status.discordapp.com cdn.discordapp.com media.discordapp.net images-ext-2.discordapp.net images-ext-1.discordapp.net support.discordapp.com twitch.tv www.twitch.tv m.twitch.tv app.twitch.tv music.twitch.tv badges.twitch.tv blog.twitch.tv inspector.twitch.tv stream.twitch.tv dev.twitch.tv platform.twitter.com clips.twitch.tv spade.twitch.tv gql.twitch.tv vod-secure.twitch.tv vod-storyboards.twitch.tv trowel.twitch.tv countess.twitch.tv extension-files.twitch.tv vod-metro.twitch.tv pubster.twitch.tv help.twitch.tv passport.twitch.tv id.twitch.tv link.twitch.tv id-cdn.twitch.tv player.twitch.tv api.twitch.tv cvp.twitch.tv pubsub-edge.twitch.tv clips-media-assets2.twitch.tv client-event-reporter.twitch.tv gds-vhs-drops-campaign-images.twitch.tv us-west-2.uploads-regional.twitch.tv assets.help.twitch.tv discuss.dev.twitch.tv irc-ws.chat.twitch.tv usher.ttvnw.net steamcdn-a.akamaihd.net origin-a.akamaihd.net static3.cdn.ubi.com equals www.twitter.com (Twitter)
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: steamcommunity.comwww.steamcommunity.comstore.steampowered.comapi.steampowered.comdiscordapp.comdl.discordapp.netstatus.discordapp.comcdn.discordapp.commedia.discordapp.netimages-ext-2.discordapp.netimages-ext-1.discordapp.netsupport.discordapp.comtwitch.tvwww.twitch.tvm.twitch.tvapp.twitch.tvmusic.twitch.tvbadges.twitch.tvblog.twitch.tvinspector.twitch.tvstream.twitch.tvdev.twitch.tvplatform.twitter.comclips.twitch.tvspade.twitch.tvgql.twitch.tvvod-secure.twitch.tvvod-storyboards.twitch.tvtrowel.twitch.tvcountess.twitch.tvextension-files.twitch.tvvod-metro.twitch.tvpubster.twitch.tvhelp.twitch.tvpassport.twitch.tvid.twitch.tvlink.twitch.tvid-cdn.twitch.tvplayer.twitch.tvapi.twitch.tvcvp.twitch.tvpubsub-edge.twitch.tvclips-media-assets2.twitch.tvclient-event-reporter.twitch.tvgds-vhs-drops-campaign-images.twitch.tvus-west-2.uploads-regional.twitch.tvassets.help.twitch.tvdiscuss.dev.twitch.tvirc-ws.chat.twitch.tvusher.ttvnw.netsteamcdn-a.akamaihd.netorigin-a.akamaihd.netstatic3.cdn.ubi.com equals www.twitter.com (Twitter)

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: http://cctv4-lh.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: http://hgtv-i.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: http://moviesok-i.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: http://toots-a.akamaihd.net
Source: Amcache.hve.3.dr	String found in binary or memory: http://upx.sf.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: http://usher.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: http://vluki-a.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: http://www.clamav.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://06b67885560f95cbdf0ba34722e8d33c.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://104.16.51.111
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://104.16.52.111
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://104.16.53.111
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://104.16.54.111
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://104.16.55.111
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://104.17.2.37
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://162.159.128.232
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://162.159.129.232
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://162.159.129.233
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://1d23669ea58a590fd66d9204d4301563.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://1da58962a7dd53edd9775f6f74ff14e5.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://1f9e8ace0a1f5bb29e03a418a1decade.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://21fe13a7e38f7c092db817a188a63c79.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://2973c6ca0e111662ed293b57dbae9fbf.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://2f16aa2ed3889461cd1076540300a6b3.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://2f9e9e61f7236db30c1ce0bb9d53581b.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://43658a3dbcfbc284a9030abbc3691c30.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://522c432cc10e237a02fa1d6481d7d247.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://5a895ed07aed1b254ee21cd78958ae0b.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://5bcfae2f38d0e143c888d07ec9733d8c.s
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://5bcfae2f38d0e143c888d07ec9733d8c.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://5dd1e18eb1a29671b73c32e518b37111.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://6d7b94f6a3142075c6e14f949daff580.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://6d859be7aa0440f65c8a940ef5218337.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://7106a273bf3bbce901b765718ecbe69b.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://890c88446f94f25bd32a3f1e0df6c120.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://91b1eb7256ac2992f03fe0c7e7ef998d.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://95df2ea9aba3e1cad7f8f4526047b63b.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://985a89155dd090eacda1b82388e334ed.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://a22ea2da0e1c896a46c16a51f3eb16f4.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://aa88a8ab3fabc0c5d90ca85c9442a948.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://api.steampowered.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://api.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://app.tw
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://app.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://assets.help.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://aws.amazon.com
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://b3a0f6b6d20e3408d1725780186c54d3.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://badges.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://bd4a0c7567edeaa0401463857c28ead7.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://blog.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://c2491d9d37e95faee1c67e314ae9a4bb.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://c3ad68a16f66bff24e2d82595bd240a1.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://c58c9f027b8d0739f6b6d94b831e1010.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://cdn.discordapp.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://client-event-reporter.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://clips-media-assets2.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://clips.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://countess.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://cvp.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://dbc180c27b3635f9e5b006f3a037b87e.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://dev.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://discordapp.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://discordcdn.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://discuss.dev.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://dl.discordapp.net:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://e320c9db4f90dd219ab379f6a5e50dbd.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://e8304b1598fbfa673d2055f0a3342d7a.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://eaassets-a.akam
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://eaassets-a.akama
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://eaassets-a.akamaihd
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://eaassets-a.akamaihd.
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://eaassets-a.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://extension-files.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://fb96613da2b5475079b93f4be2e94cd3.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://fc13c9775f9e169a8677a3a43f121d5c.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://gateway.discord.gg
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://gateway.discord.gg:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://gds-vhs-drops-campaign-images.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://gql.twitc
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://gql.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://help.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://humblebundle-a.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://id-cdn.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://id.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://images-ext-1.discordapp.net:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://images-ext-2.discordapp.net:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://inspector.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://irc-ws.chat.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://link.twitch.
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://link.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://m.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://media.discordapp.net:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://music.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://origin-a.akamaihd.net:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://passport.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://platform.twitter.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://player.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://pubster.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://pubsub-edge.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://spade.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://static2.cdn.ubi.com
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://static3.cdn.ubi.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://status.discordapp.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcdn-a.akam
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcdn-a.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcdn-a.akamaihd.net:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcn.com/t419530-1-1
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcommunity-a.akam
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcommunity-a.akamai
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcommunity-a.akamaihd.ne
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcommunity-a.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcommunity.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steampipe.ak
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steampipe.akamaized.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamstore-a.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamuserimages-a.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://store.steampowered.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://stream.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://support.discordapp.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://trowel.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://us-west-2.uploads-regional.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://usher.ttvnw.net:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://vod-metro.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://vod-secure.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://vod-storyboards.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://www.dogfight360.com/blog
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://www.dogfight360.com/blogopenhttps://steamcn.com/t419530-1-10autostart1certificate_newNode
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://www.twitch.tv:

Uses 32bit PE files

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, BYTES_REVERSED_LO, 32BIT_MACHINE, DEBUG_STRIPPED, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP, BYTES_REVERSED_HI

PE file does not import any functions

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Static PE information: No import functions for PE file found

One or more processes crash

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 212

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_004900E2	0_2_004900E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00470080	0_2_00470080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_004600B0	0_2_004600B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00472259	0_2_00472259
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0046231B	0_2_0046231B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_004743A0	0_2_004743A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00464520	0_2_00464520
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0046264D	0_2_0046264D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00472716	0_2_00472716
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0046E8B0	0_2_0046E8B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00438980	0_2_00438980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00478980	0_2_00478980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00482980	0_2_00482980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0047EA60	0_2_0047EA60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00472A01	0_2_00472A01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00484AD0	0_2_00484AD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00442B10	0_2_00442B10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00472BB4	0_2_00472BB4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00480C90	0_2_00480C90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0046EDF0	0_2_0046EDF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0049EE59	0_2_0049EE59
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00494E07	0_2_00494E07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00472E2E	0_2_00472E2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00440E30	0_2_00440E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0046AED0	0_2_0046AED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0045AEE5	0_2_0045AEE5

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	ReversingLabs: Detection: 38%
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Virustotal: Detection: 31%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 212

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2104

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER1CE4.tmp

Jump to behavior

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: /c /add "
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: /c /add "
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: -3\steamcommunityCA.pem" /s /n Steamcommunity302 root /c /add "

Source: classification engine

Classification label: mal60.winEXE@2/6@0/0

Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Static file information: File size 1221632 > 1048576

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_004060E8 push ds; retf	0_2_00406665
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00492545 push ecx; ret	0_2_00492558
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0048EDBC push eax; ret	0_2_0048EDDA

PE file contains sections with non-standard names

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Static PE information: section name: .clam01
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Static PE information: section name: .clam02
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Static PE information: section name: .clam03
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Static PE information: section name: .clam04
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Static PE information: section name: .clam05

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .clam01

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: Amcache.hve.3.dr	Binary or memory string: VMware
Source: Amcache.hve.3.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.3.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.3.dr	Binary or memory string: VMware Virtual disk SCSI Disk Devicehbin
Source: Amcache.hve.3.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.3.dr	Binary or memory string: VMware7,1
Source: Amcache.hve.3.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.3.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.3.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.3.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.3.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.3.dr	Binary or memory string: VMware, Inc.me
Source: Amcache.hve.3.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: VMware-42 35 44 6e 75 85 11 47-bd a2 bb ed 21 43 9f 89
Source: Amcache.hve.3.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Process queried: DebugPort

Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Code function: 0_2_0048B8C3 LdrInitializeThunk,

0_2_0048B8C3

AV process strings found (often used to terminate AV products)

Source: Amcache.hve.3.dr

Binary or memory string: c:\program files\windows defender\msmpeng.exe

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_204454340d62a71d08cbd555255239a29f2fb7_7335685e_02342cf2\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	528FBDC062172E34FF6D8689B37CDDFD	BA294D3FFEFACFCF2C53B29824C0C80689F794CD	903D23E82946BB703C47CDEAE888745AC9A63A00D12146138C95CA7964D97748
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1CE4.tmp.dmp	Mini DuMP crash report, 14 streams, Wed Feb 8 03:55:36 2023, 0x1205a4 type	0AF9AAC29E895BFE177F2FEBB9737130	93A3C614BBA89260923CFB7372F32DA8B8E2DF0D	467190DA3C4E3CAC7165DB7967A96F7BCA19D12C6BFF9283FBD12BB97972017E
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E1E.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	7B4035284266865A60FB7680BB259E22	4CC193D3B12B8F1EFD01407BEF2D246E5BCA18D1	990AA97F93147DE99DAF4CA3605CDD3C58802105328AA76B5E7CE2ACCD242681
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1EAB.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	5BEBADB9C659A226B7C59175D758B728	A9FA57FD17BDEC306C21A4EB268FC0E1000F0BE5	2C5BF620A47986FB77F651FA88A5FC82A6D147F1802190198FF55C1ACC5D9976
C:\Windows\appcompat\Programs\Amcache.hve	MS Windows registry file, NT/2000 or above	5C8AD2DA10D37316DB724545A8AD4B3F	8C45CCEF31C99F13815C5789D8522FC1048EBDF1	1BA676771BF07CC6B00E63E30F706DDD8ED13B8799D9C3DD62110590E3E64ACE
C:\Windows\appcompat\Programs\Amcache.hve.LOG1	MS Windows registry file, NT/2000 or above	E01D01116FFD9019EFF90DCE91DE578E	8E90BD90DD49DE45D0C0886AD49902B11BF6360C	B7486C3CC8AE5EE4485A9AAEB392213AB41693E509EE37B929C4D3B4F49545CA

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	ReversingLabs: Detection: 38%
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Virustotal: Detection: 31%			Perma Link

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, BYTES_REVERSED_LO, 32BIT_MACHINE, DEBUG_STRIPPED, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP, BYTES_REVERSED_HI

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 4x nop then push esi		0_2_0042A972
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 4x nop then mov eax, dword ptr [ecx+0000024Ch]		0_2_00432BBC

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: <Ac@AUIA steamcommunity.comSoftware\Microsoft\Windows\CurrentVersion\Run\steamcommunity_3020.0.0.0 www.steamcommunity.com store.steampowered.com api.steampowered.com discordapp.com dl.discordapp.net status.discordapp.com cdn.discordapp.com media.discordapp.net images-ext-2.discordapp.net images-ext-1.discordapp.net support.discordapp.com twitch.tv www.twitch.tv m.twitch.tv app.twitch.tv music.twitch.tv badges.twitch.tv blog.twitch.tv inspector.twitch.tv stream.twitch.tv dev.twitch.tv platform.twitter.com clips.twitch.tv spade.twitch.tv gql.twitch.tv vod-secure.twitch.tv vod-storyboards.twitch.tv trowel.twitch.tv countess.twitch.tv extension-files.twitch.tv vod-metro.twitch.tv pubster.twitch.tv help.twitch.tv passport.twitch.tv id.twitch.tv link.twitch.tv id-cdn.twitch.tv player.twitch.tv api.twitch.tv cvp.twitch.tv pubsub-edge.twitch.tv clips-media-assets2.twitch.tv client-event-reporter.twitch.tv gds-vhs-drops-campaign-images.twitch.tv us-west-2.uploads-regional.twitch.tv assets.help.twitch.tv discuss.dev.twitch.tv irc-ws.chat.twitch.tv usher.ttvnw.net steamcdn-a.akamaihd.net origin-a.akamaihd.net static3.cdn.ubi.com equals www.twitter.com (Twitter)
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: steamcommunity.comwww.steamcommunity.comstore.steampowered.comapi.steampowered.comdiscordapp.comdl.discordapp.netstatus.discordapp.comcdn.discordapp.commedia.discordapp.netimages-ext-2.discordapp.netimages-ext-1.discordapp.netsupport.discordapp.comtwitch.tvwww.twitch.tvm.twitch.tvapp.twitch.tvmusic.twitch.tvbadges.twitch.tvblog.twitch.tvinspector.twitch.tvstream.twitch.tvdev.twitch.tvplatform.twitter.comclips.twitch.tvspade.twitch.tvgql.twitch.tvvod-secure.twitch.tvvod-storyboards.twitch.tvtrowel.twitch.tvcountess.twitch.tvextension-files.twitch.tvvod-metro.twitch.tvpubster.twitch.tvhelp.twitch.tvpassport.twitch.tvid.twitch.tvlink.twitch.tvid-cdn.twitch.tvplayer.twitch.tvapi.twitch.tvcvp.twitch.tvpubsub-edge.twitch.tvclips-media-assets2.twitch.tvclient-event-reporter.twitch.tvgds-vhs-drops-campaign-images.twitch.tvus-west-2.uploads-regional.twitch.tvassets.help.twitch.tvdiscuss.dev.twitch.tvirc-ws.chat.twitch.tvusher.ttvnw.netsteamcdn-a.akamaihd.netorigin-a.akamaihd.netstatic3.cdn.ubi.com equals www.twitter.com (Twitter)

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: http://cctv4-lh.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: http://hgtv-i.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: http://moviesok-i.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: http://toots-a.akamaihd.net
Source: Amcache.hve.3.dr	String found in binary or memory: http://upx.sf.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: http://usher.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: http://vluki-a.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: http://www.clamav.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://06b67885560f95cbdf0ba34722e8d33c.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://104.16.51.111
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://104.16.52.111
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://104.16.53.111
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://104.16.54.111
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://104.16.55.111
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://104.17.2.37
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://162.159.128.232
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://162.159.129.232
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://162.159.129.233
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://1d23669ea58a590fd66d9204d4301563.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://1da58962a7dd53edd9775f6f74ff14e5.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://1f9e8ace0a1f5bb29e03a418a1decade.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://21fe13a7e38f7c092db817a188a63c79.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://2973c6ca0e111662ed293b57dbae9fbf.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://2f16aa2ed3889461cd1076540300a6b3.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://2f9e9e61f7236db30c1ce0bb9d53581b.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://43658a3dbcfbc284a9030abbc3691c30.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://522c432cc10e237a02fa1d6481d7d247.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://5a895ed07aed1b254ee21cd78958ae0b.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://5bcfae2f38d0e143c888d07ec9733d8c.s
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://5bcfae2f38d0e143c888d07ec9733d8c.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://5dd1e18eb1a29671b73c32e518b37111.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://6d7b94f6a3142075c6e14f949daff580.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://6d859be7aa0440f65c8a940ef5218337.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://7106a273bf3bbce901b765718ecbe69b.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://890c88446f94f25bd32a3f1e0df6c120.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://91b1eb7256ac2992f03fe0c7e7ef998d.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://95df2ea9aba3e1cad7f8f4526047b63b.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://985a89155dd090eacda1b82388e334ed.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://a22ea2da0e1c896a46c16a51f3eb16f4.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://aa88a8ab3fabc0c5d90ca85c9442a948.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://api.steampowered.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://api.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://app.tw
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://app.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://assets.help.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://aws.amazon.com
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://b3a0f6b6d20e3408d1725780186c54d3.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://badges.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://bd4a0c7567edeaa0401463857c28ead7.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://blog.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://c2491d9d37e95faee1c67e314ae9a4bb.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://c3ad68a16f66bff24e2d82595bd240a1.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://c58c9f027b8d0739f6b6d94b831e1010.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://cdn.discordapp.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://client-event-reporter.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://clips-media-assets2.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://clips.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://countess.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://cvp.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://dbc180c27b3635f9e5b006f3a037b87e.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://dev.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://discordapp.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://discordcdn.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://discuss.dev.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://dl.discordapp.net:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://e320c9db4f90dd219ab379f6a5e50dbd.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://e8304b1598fbfa673d2055f0a3342d7a.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://eaassets-a.akam
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://eaassets-a.akama
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://eaassets-a.akamaihd
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://eaassets-a.akamaihd.
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://eaassets-a.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://extension-files.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://fb96613da2b5475079b93f4be2e94cd3.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://fc13c9775f9e169a8677a3a43f121d5c.steam302.xyz
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://gateway.discord.gg
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://gateway.discord.gg:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://gds-vhs-drops-campaign-images.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://gql.twitc
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://gql.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://help.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://humblebundle-a.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://id-cdn.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://id.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://images-ext-1.discordapp.net:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://images-ext-2.discordapp.net:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://inspector.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://irc-ws.chat.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://link.twitch.
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://link.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://m.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://media.discordapp.net:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://music.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://origin-a.akamaihd.net:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://passport.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://platform.twitter.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://player.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://pubster.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://pubsub-edge.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://spade.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://static2.cdn.ubi.com
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://static3.cdn.ubi.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://status.discordapp.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcdn-a.akam
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcdn-a.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcdn-a.akamaihd.net:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcn.com/t419530-1-1
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcommunity-a.akam
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcommunity-a.akamai
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcommunity-a.akamaihd.ne
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcommunity-a.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamcommunity.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steampipe.ak
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steampipe.akamaized.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamstore-a.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://steamuserimages-a.akamaihd.net
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://store.steampowered.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://stream.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://support.discordapp.com:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://trowel.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://us-west-2.uploads-regional.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://usher.ttvnw.net:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://vod-metro.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://vod-secure.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://vod-storyboards.twitch.tv:
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://www.dogfight360.com/blog
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://www.dogfight360.com/blogopenhttps://steamcn.com/t419530-1-10autostart1certificate_newNode
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: https://www.twitch.tv:

Uses 32bit PE files

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, BYTES_REVERSED_LO, 32BIT_MACHINE, DEBUG_STRIPPED, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP, BYTES_REVERSED_HI

PE file does not import any functions

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Static PE information: No import functions for PE file found

One or more processes crash

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 212

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_004900E2	0_2_004900E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00470080	0_2_00470080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_004600B0	0_2_004600B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00472259	0_2_00472259
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0046231B	0_2_0046231B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_004743A0	0_2_004743A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00464520	0_2_00464520
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0046264D	0_2_0046264D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00472716	0_2_00472716
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0046E8B0	0_2_0046E8B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00438980	0_2_00438980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00478980	0_2_00478980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00482980	0_2_00482980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0047EA60	0_2_0047EA60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00472A01	0_2_00472A01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00484AD0	0_2_00484AD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00442B10	0_2_00442B10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00472BB4	0_2_00472BB4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00480C90	0_2_00480C90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0046EDF0	0_2_0046EDF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0049EE59	0_2_0049EE59
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00494E07	0_2_00494E07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00472E2E	0_2_00472E2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00440E30	0_2_00440E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0046AED0	0_2_0046AED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0045AEE5	0_2_0045AEE5

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	ReversingLabs: Detection: 38%
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Virustotal: Detection: 31%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 212

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2104

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER1CE4.tmp

Jump to behavior

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: /c /add "
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: /c /add "
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	String found in binary or memory: -3\steamcommunityCA.pem" /s /n Steamcommunity302 root /c /add "

Source: classification engine

Classification label: mal60.winEXE@2/6@0/0

Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Static file information: File size 1221632 > 1048576

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_004060E8 push ds; retf	0_2_00406665
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_00492545 push ecx; ret	0_2_00492558
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Code function: 0_2_0048EDBC push eax; ret	0_2_0048EDDA

PE file contains sections with non-standard names

Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Static PE information: section name: .clam01
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Static PE information: section name: .clam02
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Static PE information: section name: .clam03
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Static PE information: section name: .clam04
Source: SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe	Static PE information: section name: .clam05

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .clam01

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: Amcache.hve.3.dr	Binary or memory string: VMware
Source: Amcache.hve.3.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.3.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.3.dr	Binary or memory string: VMware Virtual disk SCSI Disk Devicehbin
Source: Amcache.hve.3.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.3.dr	Binary or memory string: VMware7,1
Source: Amcache.hve.3.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.3.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.3.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.3.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.3.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.3.dr	Binary or memory string: VMware, Inc.me
Source: Amcache.hve.3.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: VMware-42 35 44 6e 75 85 11 47-bd a2 bb ed 21 43 9f 89
Source: Amcache.hve.3.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Process queried: DebugPort

Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Code function: 0_2_0048B8C3 LdrInitializeThunk,

0_2_0048B8C3

AV process strings found (often used to terminate AV products)

Source: Amcache.hve.3.dr

Binary or memory string: c:\program files\windows defender\msmpeng.exe

ID:	800788
Product:	CloudBasic
Start time:	19:54:38
Start date:	07.02.2023
Sample:	SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	d0adfd6a3ae38491118d11e6caacd186
SHA1:	6ebe1f86e07fb3fbc79e518bc6d8eb02913b11e1
SHA256:	1e7586126018ff22f443a86f027af1e94cb7746d0acdd4814c4970fe33d82b04
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
SecuriteInfo.com.Win32.Trojan.PSE.1G80G6X.7216.15072.exe