Windows Analysis Report
LameXP-Portable.exe

Overview

General Information

Sample name: LameXP-Portable.exe
Analysis ID: 1435796
MD5: 66af31a054dc0244ad7894557239bef8
SHA1: bcbbe1ab322bf043f71f38a79c5baa9dc8357606
SHA256: 4580bcb51bf0e37adb3cc98943e9c0e15bf55ac29758e2c9aea55307c26415b0
Infos:

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Detected unpacking (changes PE section rights)
Multi AV Scanner detection for dropped file
PE file has nameless sections
Tries to delay execution (extensive OutputDebugStringW loop)
Drops PE files
Found dropped PE file which has not been started or loaded
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_faad.exe Virustotal: Detection: 9% Perma Link
Source: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_mpcdec.exe Virustotal: Detection: 8% Perma Link
Source: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_mpg123.exe Virustotal: Detection: 8% Perma Link
Source: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_oggdec.exe Virustotal: Detection: 8% Perma Link
Source: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_opusdec.exe Virustotal: Detection: 10% Perma Link
Source: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_opusenc.exe Virustotal: Detection: 7% Perma Link
Source: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_refalac.exe Virustotal: Detection: 16% Perma Link
Source: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_shorten.exe Virustotal: Detection: 6% Perma Link
Source: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_speexdec.exe Virustotal: Detection: 7% Perma Link
Uses 32bit PE files
Source: LameXP-Portable.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: LameXP-Portable.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: Unknown exception\bLC\bfaad.exe-oError initializing AAC decoder. Tool 'faad.exe' is not registred!\[(\d+)%\]\s*decodingADTSMPEG-4AAC24mp4m4aaacAdvanced Audio CodingThis function must be re-implemented in sub-classes!valdec.exeError initializing Valib decoder. Tool 'valdec.exe' is not registred!-w\b\s*(\d+)\.(\d+)?%(\s+)FramesAC-3E-AC-3DTSWaveac3eac3wavdtswavAC-3 / ATSC A/52Digital Theater Systemsox.exe-V3Error initializing Vorbis decoder. Tool 'sox.exe' is not registred!-S--temp.-esigned-integerIn:(\d+)(\.\d+)*%WaveADPCMAIFFAUPCMADPCMwavaifaiffausndMicrosoft ADPCMApple/SGI AIFFSun/NeXT Aurefalac.exe--decodeError initializing ALAC decoder. Tool 'refalac.exe' is not registred!-o\[(\d+)\.(\d)%\]MPEG-4ALACmp4m4aApple Losslessavs2wav.exe\d+/\d+ \[(\d+)%\]Error initializing Avisynth decoder. Tool 'avs2wav.exe' is not registred!AvisynthavsAvisynth Scriptflac.exeError initializing FLAC decoder. Tool 'flac.exe' is not registred!-d-F-f-o\b(\d+)% completeFLACOGGflaflacFree Lossless Audio Codecmac.exe-dError initializing MAC decoder. Tool 'mac.exe' is not registred!Progress: (\d+).(\d+)%Monkey's AudioapeMonkey's Audiompg123.exe-vError initializing MPG123 decoder. Tool 'mpg123.exe' is not registred!--utf8-w[_=>]\s+(\d+)\+(\d+)\s+MPEG AudioWavemp3mpamp2mpamp1mpaMPEG Audio Layer IIIMPEG Audio Layer IIMPEG Audio Layer Impcdec.exe-vError initializing Musepack decoder. Tool 'mpcdec.exe' is not registred!Decoding progress: (\d+)\.(\d+)%Musepack SV8Musepack SV7mpcmppmp+Musepackopusdec.exe\((\d+)\.(\d+)%\)Error initializing Opus decoder. Tool 'opusdec.exe' is not registred!--rateOGGOpusopusoggOpus Audio Codecshorten.exeError initializing Shorten decoder. Tool 'shorten.exe' is not registred!-xShortenshnShortenspeexdec.exe-VError initializing Speex decoder. Tool 'speexdec.exe' is not registred!Working\.\.\. (.)SpeexOGGspxoggSpeextta.exeError initializing TTA decoder. Tool 'ttaenc.exe' is not registred!-dProgress: (\d+)%TTAttaThe True Audiooggdec.exeError initializing Vorbis decoder. Tool 'oggdec.exe' is not registred!-w\b(\d+)\.(\d)%\s+decoded.OGGVorbisoggogxogmOgg VorbisCopy file "%1" to "%2"File copied successfully.Failed to copy file!WavePCMwavWaveform Audio Filewvunpack.exe-yError initializing WavPack decoder. Tool 'wvunpack.exe' is not registred!-w\b(\d+)%\s+doneWavPackwvWavPack Hybrid Lossless Audiowma2wav.exeError initializing WMA decoder. Tool 'wma2wav.exe' is not registred!-i-o-f\[(\d+)\.(\d+)%\]Windows MediaWMA123ProLosslesswmaasfWindows Media Audiohttps://archive.org/details/nero-aaccodec-1.5.4https://www.youtube.com/watch?v=P5D6NtIFULA?autoplay=1enEnglishLoRd_MuldeRMuldeR2@GMX.dedeDeutschLoRd_MuldeRMuldeR2@GMX.deBodo ThevissenBodo@thevissen.deesEspa equals www.youtube.com (Youtube)
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://muldersoft.sourceforge.net/http://lamexp.osdn.io/http://slunkcrypt.osdn.io/http://x264-launcher.osdn.io/http://muldersoft.bitbucket.io/http://lordmulder.github.io/LameXP/http://repo.or.cz/LameXP.git/blob_plain/gh-pages:/http://www.tricksoft.de/http://muldersoft.chickenkiller.com/http://mulder.bplaced.net/http://muldersoft.com/http://muldersoft.lima-city.de/http://muldersoft.square7.ch/http://lamexp.sourceforge.net/http://www.muldersoft.keepfree.de/www.apache.orghelp.aol.comwww.adobe.comwww.apple.comwww.artlebedev.ruarchive.orgstatus.automattic.comweb.audacityteam.org0bin.nethttp://gitlab.com/lamexp/lamexp/raw/gh-pages/www.163.com1f0.dewww.ac3filter.netwww.7-zip.orgstatus.aws.amazon.comclbianco.altervista.orgwww.cam.ac.ukwww.buzzfeed.comhome.cernwww.ccc.dewww.cnet.comwww.citizeninsomniac.comwww.codeplex.comwww.cuhk.edu.hkonline.babylon.comwww.avidemux.orgbandcamp.comwww.baidu.comwww.berlios.dewww.bbc.co.ukwww.bucketheadpikes.comwww.bing.comfc2.comwww.farbrausch.dewww.ffmpeg.orgblog.fefe.dewww.fraunhofer.deblog.flickr.netwww.free-codecs.comwww.sit.fraunhofer.dewww.der-postillon.comwww.codeproject.comwww.dropbox.comforum.doom9.orgendeavouros.comwww.ebay.comwww.ethz.chwww.equation.comwww.gyan.devgo.comhaali.sucode.google.comwww.heise.dewww.harvard.eduwww.huffingtonpost.co.ukwww.helmholtz.degit-scm.comgetfedora.orgdocs.gitlab.comgist.github.comwww.gmx.netgleitz.infowww.gnu.orgnews.gnome.orgmirrors.kernel.orgkannmanumdieuhrzeitschonnbierchentrinken.delame.sourceforge.netkomisar.gin.bywww.libav.orgletsenhance.iowww.linuxmint.comblog.linkedin.comwww.iana.orgwww.hu-berlin.dewww.imgburn.comwww.imdb.comwww.iuj.ac.jpimgur.comwww.jisc.ac.ukwww.jd.comwww.mpg.deftp.mozilla.orgwww.msn.commplayerhq.huwww.nch.com.auwiki.multimedia.cxmirror.netcologne.deneocities.orgwww.livejournal.comwww.livedoor.comgo.mail.rulongplayer.orgwww.mediafire.commarknelson.uswww.mod-technologies.comweb.mit.eduwww.ox-fanzine.dewww.oxford.gov.ukpastebin.comwww.partha.comwww.portablefreeware.comportableapps.comprivatebin.netposteo.dewww.netflix.comoss.netfarm.itnetrenderer.demedia.netflix.comwww.nytimes.comwww.nonstop-network.comosdn.netwww.opera.comwww.sina.com.cnselfhtml.orghelp.sogou.comwww.sohu.comwww.spiegel.desourceforge.netstackoverflow.comwww.sputnikmusic.comwww.qq.comsupport.proboards.comwww.quakelive.comwww.qt.iowww.reddit.comrationalqm.uswww.seamonkey-project.orgwww.rwth-aachen.dewww.unibuc.roportal.uned.eswww.pantheonsorbonne.frwww.uniroma1.itwww.univie.ac.atwww.univer.kharkov.uawww.uva.nlwww.uol.com.brwww.t-online.dewww.stanford.edutdm-gcc.tdragon.netwww.tagesschau.detu-dresden.dewww.tdrsmusic.comwww.umeng.comwww.ubuntu.comstatus.wikimedia.orgweibo.comforum.wpde.orgwww.winamp.comxiph.orgx265.orgwww.youtube.comoverview.mail.yahoo.comwww.videohelp.comwww.uw.edu.plvirtualdub.orgwww.videolan.orgwww.vkgoeswild.comblog.virustotal.comwww.warr.orgvolksverschluesselung.deUpdate checker thread started!Required tools not initialized correctly!Unhandeled C++ exception error, applic
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://muldersoft.sourceforge.net/http://lamexp.osdn.io/http://slunkcrypt.osdn.io/http://x264-launcher.osdn.io/http://muldersoft.bitbucket.io/http://lordmulder.github.io/LameXP/http://repo.or.cz/LameXP.git/blob_plain/gh-pages:/http://www.tricksoft.de/http://muldersoft.chickenkiller.com/http://mulder.bplaced.net/http://muldersoft.com/http://muldersoft.lima-city.de/http://muldersoft.square7.ch/http://lamexp.sourceforge.net/http://www.muldersoft.keepfree.de/www.apache.orghelp.aol.comwww.adobe.comwww.apple.comwww.artlebedev.ruarchive.orgstatus.automattic.comweb.audacityteam.org0bin.nethttp://gitlab.com/lamexp/lamexp/raw/gh-pages/www.163.com1f0.dewww.ac3filter.netwww.7-zip.orgstatus.aws.amazon.comclbianco.altervista.orgwww.cam.ac.ukwww.buzzfeed.comhome.cernwww.ccc.dewww.cnet.comwww.citizeninsomniac.comwww.codeplex.comwww.cuhk.edu.hkonline.babylon.comwww.avidemux.orgbandcamp.comwww.baidu.comwww.berlios.dewww.bbc.co.ukwww.bucketheadpikes.comwww.bing.comfc2.comwww.farbrausch.dewww.ffmpeg.orgblog.fefe.dewww.fraunhofer.deblog.flickr.netwww.free-codecs.comwww.sit.fraunhofer.dewww.der-postillon.comwww.codeproject.comwww.dropbox.comforum.doom9.orgendeavouros.comwww.ebay.comwww.ethz.chwww.equation.comwww.gyan.devgo.comhaali.sucode.google.comwww.heise.dewww.harvard.eduwww.huffingtonpost.co.ukwww.helmholtz.degit-scm.comgetfedora.orgdocs.gitlab.comgist.github.comwww.gmx.netgleitz.infowww.gnu.orgnews.gnome.orgmirrors.kernel.orgkannmanumdieuhrzeitschonnbierchentrinken.delame.sourceforge.netkomisar.gin.bywww.libav.orgletsenhance.iowww.linuxmint.comblog.linkedin.comwww.iana.orgwww.hu-berlin.dewww.imgburn.comwww.imdb.comwww.iuj.ac.jpimgur.comwww.jisc.ac.ukwww.jd.comwww.mpg.deftp.mozilla.orgwww.msn.commplayerhq.huwww.nch.com.auwiki.multimedia.cxmirror.netcologne.deneocities.orgwww.livejournal.comwww.livedoor.comgo.mail.rulongplayer.orgwww.mediafire.commarknelson.uswww.mod-technologies.comweb.mit.eduwww.ox-fanzine.dewww.oxford.gov.ukpastebin.comwww.partha.comwww.portablefreeware.comportableapps.comprivatebin.netposteo.dewww.netflix.comoss.netfarm.itnetrenderer.demedia.netflix.comwww.nytimes.comwww.nonstop-network.comosdn.netwww.opera.comwww.sina.com.cnselfhtml.orghelp.sogou.comwww.sohu.comwww.spiegel.desourceforge.netstackoverflow.comwww.sputnikmusic.comwww.qq.comsupport.proboards.comwww.quakelive.comwww.qt.iowww.reddit.comrationalqm.uswww.seamonkey-project.orgwww.rwth-aachen.dewww.unibuc.roportal.uned.eswww.pantheonsorbonne.frwww.uniroma1.itwww.univie.ac.atwww.univer.kharkov.uawww.uva.nlwww.uol.com.brwww.t-online.dewww.stanford.edutdm-gcc.tdragon.netwww.tagesschau.detu-dresden.dewww.tdrsmusic.comwww.umeng.comwww.ubuntu.comstatus.wikimedia.orgweibo.comforum.wpde.orgwww.winamp.comxiph.orgx265.orgwww.youtube.comoverview.mail.yahoo.comwww.videohelp.comwww.uw.edu.plvirtualdub.orgwww.videolan.orgwww.vkgoeswild.comblog.virustotal.comwww.warr.orgvolksverschluesselung.deUpdate checker thread started!Required tools not initialized correctly!Unhandeled C++ exception error, applic
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://muldersoft.sourceforge.net/http://lamexp.osdn.io/http://slunkcrypt.osdn.io/http://x264-launcher.osdn.io/http://muldersoft.bitbucket.io/http://lordmulder.github.io/LameXP/http://repo.or.cz/LameXP.git/blob_plain/gh-pages:/http://www.tricksoft.de/http://muldersoft.chickenkiller.com/http://mulder.bplaced.net/http://muldersoft.com/http://muldersoft.lima-city.de/http://muldersoft.square7.ch/http://lamexp.sourceforge.net/http://www.muldersoft.keepfree.de/www.apache.orghelp.aol.comwww.adobe.comwww.apple.comwww.artlebedev.ruarchive.orgstatus.automattic.comweb.audacityteam.org0bin.nethttp://gitlab.com/lamexp/lamexp/raw/gh-pages/www.163.com1f0.dewww.ac3filter.netwww.7-zip.orgstatus.aws.amazon.comclbianco.altervista.orgwww.cam.ac.ukwww.buzzfeed.comhome.cernwww.ccc.dewww.cnet.comwww.citizeninsomniac.comwww.codeplex.comwww.cuhk.edu.hkonline.babylon.comwww.avidemux.orgbandcamp.comwww.baidu.comwww.berlios.dewww.bbc.co.ukwww.bucketheadpikes.comwww.bing.comfc2.comwww.farbrausch.dewww.ffmpeg.orgblog.fefe.dewww.fraunhofer.deblog.flickr.netwww.free-codecs.comwww.sit.fraunhofer.dewww.der-postillon.comwww.codeproject.comwww.dropbox.comforum.doom9.orgendeavouros.comwww.ebay.comwww.ethz.chwww.equation.comwww.gyan.devgo.comhaali.sucode.google.comwww.heise.dewww.harvard.eduwww.huffingtonpost.co.ukwww.helmholtz.degit-scm.comgetfedora.orgdocs.gitlab.comgist.github.comwww.gmx.netgleitz.infowww.gnu.orgnews.gnome.orgmirrors.kernel.orgkannmanumdieuhrzeitschonnbierchentrinken.delame.sourceforge.netkomisar.gin.bywww.libav.orgletsenhance.iowww.linuxmint.comblog.linkedin.comwww.iana.orgwww.hu-berlin.dewww.imgburn.comwww.imdb.comwww.iuj.ac.jpimgur.comwww.jisc.ac.ukwww.jd.comwww.mpg.deftp.mozilla.orgwww.msn.commplayerhq.huwww.nch.com.auwiki.multimedia.cxmirror.netcologne.deneocities.orgwww.livejournal.comwww.livedoor.comgo.mail.rulongplayer.orgwww.mediafire.commarknelson.uswww.mod-technologies.comweb.mit.eduwww.ox-fanzine.dewww.oxford.gov.ukpastebin.comwww.partha.comwww.portablefreeware.comportableapps.comprivatebin.netposteo.dewww.netflix.comoss.netfarm.itnetrenderer.demedia.netflix.comwww.nytimes.comwww.nonstop-network.comosdn.netwww.opera.comwww.sina.com.cnselfhtml.orghelp.sogou.comwww.sohu.comwww.spiegel.desourceforge.netstackoverflow.comwww.sputnikmusic.comwww.qq.comsupport.proboards.comwww.quakelive.comwww.qt.iowww.reddit.comrationalqm.uswww.seamonkey-project.orgwww.rwth-aachen.dewww.unibuc.roportal.uned.eswww.pantheonsorbonne.frwww.uniroma1.itwww.univie.ac.atwww.univer.kharkov.uawww.uva.nlwww.uol.com.brwww.t-online.dewww.stanford.edutdm-gcc.tdragon.netwww.tagesschau.detu-dresden.dewww.tdrsmusic.comwww.umeng.comwww.ubuntu.comstatus.wikimedia.orgweibo.comforum.wpde.orgwww.winamp.comxiph.orgx265.orgwww.youtube.comoverview.mail.yahoo.comwww.videohelp.comwww.uw.edu.plvirtualdub.orgwww.videolan.orgwww.vkgoeswild.comblog.virustotal.comwww.warr.orgvolksverschluesselung.deUpdate checker thread started!Required tools not initialized correctly!Unhandeled C++ exception error, applic
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.youtube.com/watch?v=P5D6NtIFULA?autoplay=1 equals www.youtube.com (Youtube)
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://aften.sourceforge.net/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://alac.macosforge.org/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://creativecommons.org/ns#
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://doc.qt.io/qt-4.8/linguist-translators.html
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://etree.org/shnutils/shorten/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://flac.sourceforge.net/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://forum.doom9.org/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://forum.doom9.org/images/smilies/thanks-t.gif
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://forum.doom9.org/showthread.php?t=140273
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://forum.doom9.org/showthread.php?t=157726
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://forum.doom9.org/showthread.php?t=70882
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://forum.gleitz.info/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://forum.gleitz.info/showthread.php?t=37956
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://forums.winamp.com/showthread.php?t=329990
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://github.com/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://gitlab.com/lamexp/lamexp/raw/gh-pages/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://i.imgur.com/FYeggvn.png
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://johnmacfarlane.net/pandoc/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://lame.sourceforge.net/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://lamexp.osdn.io/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp, LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://lamexp.sourceforge.net/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://lamexp.sourceforge.net/doc
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://lamexp.sourceforge.net/doc/FAQ.html#054010d9
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://lamexp.sourceforge.net/doc/Translate.html
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://lamexp.sourceforge.net/lamexp.png
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://lordmulder.github.io/LameXP/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://mediainfo.sourceforge.net/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://mulder.bplaced.net/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://muldersoft.bitbucket.io/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://muldersoft.chickenkiller.com/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp, LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://muldersoft.com/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://muldersoft.com/http://lamexp.sourceforge.net/http://forum.doom9.org/showthread.php?t=157726Ho
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://muldersoft.lima-city.de/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://muldersoft.sourceforge.net/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://muldersoft.sourceforge.net/http://lamexp.osdn.io/http://slunkcrypt.osdn.io/http://x264-launch
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://muldersoft.square7.ch/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sourceforge.net/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sourceforge.net/Inetc_plug-in
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sourceforge.net/LockedList_plug-in
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sourceforge.net/SelfDel_plug-in
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sourceforge.net/StdUtils_plug-in
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://osdn.net/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://repo.or.cz/LameXP.git/blob_plain/gh-pages:/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://savedonthe.net/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://slunkcrypt.osdn.io/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://sourceforge.net/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://sourceforge.net/p/lamexp/code/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://sourceforge.net/projects/lamexp/files/Miscellaneous/Qt%20Linguist/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://sox.sourceforge.net/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://tta.sourceforge.net/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://upx.sourceforge.net/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://wiki.hydrogenaud.io/index.php?title=Main_Page
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.7-zip.org/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.ac3filter.net/projects/tools
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.codecs.com/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.exactaudiocopy.de/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.famfamfam.com/lab/icons/silk/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp, LameXP-Portable.exe, 00000000.00000000.1171505048.00000000033BD000.00000008.00000001.01000000.00000003.sdmp, LameXP-Portable.exe, 00000010.00000002.2241900071.00000000033C3000.00000004.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.gnu.org/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.gnu.org/licenses/gpl-2.0.html
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.gpg4win.de/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.gpg4win.de/documentation.html
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.hydrogenaudio.org/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.loc.gov/standards/iso639-2/php/code_list.php
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.mediafire.com/folder/ygv9qoqv11kvk/Prerequisites
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.monkeysaudio.com/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.mpg123.de/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.muldersoft.keepfree.de/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.musepack.net/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.opus-codec.org/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.orangefreesounds.com/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.portablefreeware.com/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.qt.io/developers/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.rarewares.org/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.rarewares.org/ogg-oggdec.php
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.rarewares.org/ogg-oggenc.php
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.rarlab.com/download.htm
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.regular-expressions.info/quickstart.html
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.speex.org/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.tricksoft.de/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.videohelp.com/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.wavpack.com/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003242000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://x264-launcher.osdn.io/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://archive.org/details/nero-aaccodec-1.5.4
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://archive.org/details/nero-aaccodec-1.5.4https://www.youtube.com/watch?v=P5D6NtIFULA?autoplay=
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://bitbucket.org/muldersoft/codesign/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://bitbucket.org/muldersoft/lamexp
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://bitbucket.org/muldersoft/lamexp/src/master/etc/Translation
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://curl.haxx.se/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000002E41000.00000040.00000001.01000000.00000003.sdmp, lxp_curl.exe.0.dr String found in binary or memory: https://curl.se/P
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000002E41000.00000040.00000001.01000000.00000003.sdmp, lxp_curl.exe.0.dr String found in binary or memory: https://curl.se/docs/copyright.htmlD
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/jimpark/unsis/releases
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/lordmulder/LameXP
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/lordmulder/LameXP/issues
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/lordmulder/LameXP/issuesApplication
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/lordmulder/LameXP/tree/master/etc/Translation
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://gitlab.com/lamexp/lamexp
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://gitlab.com/patrakov/dcaenc
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000002E41000.00000040.00000001.01000000.00000003.sdmp, LameXP-Portable.exe, 00000000.00000003.1483149399.00000000066E4000.00000004.00000020.00020000.00000000.sdmp, LameXP-Portable.exe, 00000010.00000003.2166160858.000000000A4A1000.00000004.00000020.00020000.00000000.sdmp, LameXP-Portable.exe, 00000010.00000003.2164800492.000000000A491000.00000004.00000020.00020000.00000000.sdmp, lxp_curl.crt.16.dr String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/cert
Source: lxp_lame.exe.0.dr, lxp_lame.exe.16.dr String found in binary or memory: https://lame.sourceforge.ioB
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://osdn.net/projects/lamexp/scm/git/LameXP/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://repo.or.cz/w/LameXP.git
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://sourceforge.net/projects/faac/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://sourceforge.net/projects/lamexp/files/Miscellaneous/Prerequisites/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://vld.codeplex.com/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.assembla.com/spaces/lamexp/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.gnupg.org/documentation/manuals.html
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.gpg4win.de/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.qt.io/
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000000641000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.youtube.com/watch?v=P5D6NtIFULA?autoplay=1

System Summary
barindex
PE file has nameless sections
Source: LameXP-Portable.exe Static PE information: section name:
Source: LameXP-Portable.exe Static PE information: section name:
Sample file is different than original file name gathered from version info
Source: LameXP-Portable.exe, 00000000.00000002.1696549862.00000000033C3000.00000004.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameLameXP.exeb! vs LameXP-Portable.exe
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000002E41000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamecurl.exeH vs LameXP-Portable.exe
Source: LameXP-Portable.exe, 00000000.00000000.1171505048.00000000033BD000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameLameXP.exeb! vs LameXP-Portable.exe
Source: LameXP-Portable.exe, 00000010.00000002.2241900071.00000000033C3000.00000004.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameLameXP.exeb! vs LameXP-Portable.exe
Uses 32bit PE files
Source: LameXP-Portable.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: mal64.evad.winEXE@3/55@0/0
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\Desktop\LameXP-Portable.ini.Hp6932 Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe File read: C:\Users\user\Desktop\LameXP-Portable.ini Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: LameXP-Portable.exe String found in binary or memory: \<-Add
Source: unknown Process created: C:\Users\user\Desktop\LameXP-Portable.exe "C:\Users\user\Desktop\LameXP-Portable.exe"
Source: unknown Process created: C:\Users\user\Desktop\LameXP-Portable.exe "C:\Users\user\Desktop\LameXP-Portable.exe"
Source: unknown Process created: C:\Users\user\Desktop\LameXP-Portable.exe "C:\Users\user\Desktop\LameXP-Portable.exe"
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: sensapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: wintab32.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: wintab32.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: ksuser.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: avrt.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: audioses.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: midimap.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: sensapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: wintab32.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: sensapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: wintab32.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: wintab32.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe File written: C:\Users\user\Desktop\LameXP-Portable.ini Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: LameXP-Portable.exe Static file information: File size 39869440 > 1048576
Source: LameXP-Portable.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x25fe600
Source: LameXP-Portable.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\LameXP-Portable.exe Unpacked PE file: 0.2.LameXP-Portable.exe.640000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;.rsrc:W; vs Unknown_Section0:ER;Unknown_Section1:ER;.rsrc:W;
PE file contains sections with non-standard names
Source: LameXP-Portable.exe Static PE information: section name:
Source: LameXP-Portable.exe Static PE information: section name:
Source: lxp_mpcdec.exe.0.dr Static PE information: section name: UPX2
Source: lxp_shorten.exe.0.dr Static PE information: section name: UPX2
Source: lxp_mpcdec.exe.16.dr Static PE information: section name: UPX2
Source: lxp_shorten.exe.16.dr Static PE information: section name: UPX2
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\LameXP-Portable.exe Code function: 16_2_0330889C push eax; ret 16_2_0330889D
Source: C:\Users\user\Desktop\LameXP-Portable.exe Code function: 16_2_03308D7C push eax; ret 16_2_03308D7D
Source: C:\Users\user\Desktop\LameXP-Portable.exe Code function: 16_2_03308BE4 push eax; ret 16_2_03308BE5
Source: C:\Users\user\Desktop\LameXP-Portable.exe Code function: 16_2_03308AD4 push eax; ret 16_2_03308AD5
Source: C:\Users\user\Desktop\LameXP-Portable.exe Code function: 16_2_033089C4 push eax; ret 16_2_033089C5
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Drops PE files
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_mpg123.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_refalac.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_dcaenc.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_mpcdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_sox.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_oggdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_refalac.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_wvunpack.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_speexdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_curl.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_mediainfo.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_sox.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_curl.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_wupdate.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_valdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_avs2wav.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_opusenc.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_lame.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_aften.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_mpcdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_wupdate.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_avs2wav.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_tta.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_opusdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_aften.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_mac.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_faad.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_oggenc2.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_faad.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_wvunpack.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_oggdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_tta.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_valdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_flac.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_shorten.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_verify.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_dcaenc.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_speexdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_wma2wav.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_mediainfo.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_mac.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_verify.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_opusenc.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_flac.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_wma2wav.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_opusdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_mpg123.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_oggenc2.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_shorten.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe File created: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_lame.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Users\user\Desktop\LameXP-Portable.exe Section loaded: OutputDebugStringW count: 165
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_mpg123.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_refalac.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_dcaenc.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_sox.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_mpcdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_oggdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_refalac.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_wvunpack.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_speexdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_curl.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_sox.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_mediainfo.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_curl.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_wupdate.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_valdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_avs2wav.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_opusenc.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_lame.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_aften.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_mpcdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_wupdate.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_avs2wav.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_tta.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_opusdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_aften.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_mac.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_faad.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_oggenc2.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_wvunpack.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_faad.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_oggdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_tta.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_valdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_shorten.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_flac.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_verify.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_dcaenc.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_speexdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_wma2wav.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_mediainfo.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_verify.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_opusenc.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_mac.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_flac.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_wma2wav.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_opusdec.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_mpg123.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_oggenc2.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_shorten.exe Jump to dropped file
Source: C:\Users\user\Desktop\LameXP-Portable.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_lame.exe Jump to dropped file
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003307000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: .?AVQEmulationPaintEngine@@0
Source: LameXP-Portable.exe, 00000000.00000002.1569741323.0000000003307000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: .?AVQEmulationPaintEngine@@
Source: C:\Users\user\Desktop\LameXP-Portable.exe Process information queried: ProcessInformation Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\Desktop\LameXP-Portable.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_opusdec.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_flac.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_opusenc.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_oggenc2.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_aften.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_oggdec.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_lame.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_avs2wav.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_faad.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_mpcdec.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_curl.crt VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_mac.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_curl.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_dcaenc.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_shorten.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_refalac.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_mediainfo.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_mpg123.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_wma2wav.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_wupdate.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_verify.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_valdec.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_wvunpack.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_tta.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_sox.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\9a741a07a11b7a0c\lxp_speexdec.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\Desktop\LameXP-Portable.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\Desktop\LameXP-Portable.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_opusdec.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_avs2wav.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_oggdec.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_faad.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_aften.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_dcaenc.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_lame.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_flac.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_mpcdec.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_oggenc2.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_mpg123.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_shorten.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_mediainfo.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_sox.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_refalac.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_opusenc.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_curl.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_curl.crt VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_speexdec.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_mac.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_tta.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_wma2wav.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_wupdate.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_verify.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_wvunpack.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LameXP-Portable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\0ac792b2d205be3f\lxp_valdec.exe VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1435796 Sample: LameXP-Portable.exe Startdate: 03/05/2024 Architecture: WINDOWS Score: 64 29 Multi AV Scanner detection for dropped file 2->29 31 PE file has nameless sections 2->31 5 LameXP-Portable.exe 30 2->5         started        9 LameXP-Portable.exe 28 2->9         started        11 LameXP-Portable.exe 2->11         started        process3 file4 13 C:\Users\user\AppData\...\lxp_wvunpack.exe, PE32+ 5->13 dropped 15 C:\Users\user\AppData\...\lxp_wupdate.exe, PE32 5->15 dropped 17 C:\Users\user\AppData\...\lxp_wma2wav.exe, PE32 5->17 dropped 25 22 other malicious files 5->25 dropped 33 Detected unpacking (changes PE section rights) 5->33 35 Tries to delay execution (extensive OutputDebugStringW loop) 5->35 19 C:\Users\user\AppData\...\lxp_wvunpack.exe, PE32+ 9->19 dropped 21 C:\Users\user\AppData\...\lxp_wupdate.exe, PE32 9->21 dropped 23 C:\Users\user\AppData\...\lxp_wma2wav.exe, PE32 9->23 dropped 27 22 other files (7 malicious) 9->27 dropped signatures5
No contacted IP infos