Windows
Analysis Report
SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe
Overview
General Information
Detection
Score: | 21 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64
SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe (PID: 908 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. BScope.Tro jan.Downlo ad.7332.18 301.exe" MD5: C1367EAF2157E6A88432C899FC995104)
- cleanup
Click to jump to signature section
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | User Timer Set: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Virtualization/Sandbox Evasion | OS Credential Dumping | 11 Virtualization/Sandbox Evasion | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1446233 |
Start date and time: | 2024-05-23 01:30:16 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 34s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe |
Detection: | SUS |
Classification: | sus21.evad.winEXE@1/0@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtEnumerateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe
File type: | |
Entropy (8bit): | 6.658242850154929 |
TrID: |
|
File name: | SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe |
File size: | 960'512 bytes |
MD5: | c1367eaf2157e6a88432c899fc995104 |
SHA1: | 7fac3e298b902d04213a5bf39a7db6848d34d099 |
SHA256: | 50c87c9e9d89f20e6540b2f198244c1dc300026306c1b574d032c357f3f9e2af |
SHA512: | 7c99fff15b0550302cc22076bf0d39842b63285c91ec26612fad34128f50d514abebc26300c4ebe378107dd7ca50f68f20f12dc3fb22fe46e6ede23e78d7bbe4 |
SSDEEP: | 12288:ExxOzpB0WY2W3AgPHNQ4mD3+Ovqqt2lzbEOr21eL/LXPPnu5J6UnAG3n05RT2:QaAWY2W3AgPt23+Ov78zbEOieDLOf9n |
TLSH: | 40159E32F2815837D1672A7D4C1BA2E56929BF543A286D8B3FFC1D4C5F396813C25293 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 82cc72230ddd2285 |
Entrypoint: | 0x4c9be8 |
Entrypoint Section: | .itext |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x46C7D1BA [Sun Aug 19 05:14:34 2007 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | a97bda7fc8829c5ad2627d7e2cfa446c |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
mov eax, 004C81ACh |
call 00007F4360A62F31h |
mov eax, dword ptr [004CD2C8h] |
mov eax, dword ptr [eax] |
call 00007F4360AC95F5h |
mov eax, dword ptr [004CD2C8h] |
mov eax, dword ptr [eax] |
mov edx, 004C9C48h |
call 00007F4360AC909Ch |
mov ecx, dword ptr [004CD1D0h] |
mov eax, dword ptr [004CD2C8h] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [004C77D4h] |
call 00007F4360AC95E4h |
mov eax, dword ptr [004CD2C8h] |
mov eax, dword ptr [eax] |
call 00007F4360AC972Ch |
call 00007F4360A60CEFh |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xd4000 | 0x2f06 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xe6000 | 0xf200 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xd9000 | 0xc61c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xd8000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xd489c | 0x748 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xc73e4 | 0xc7400 | 7d8263a399e214f1211fb6a5d0c52b74 | False | 0.5125593044228356 | data | 6.546497020523588 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0xc9000 | 0xc60 | 0xe00 | d20cb3ad8d4a660d3a709ee558bdc991 | False | 0.556640625 | data | 5.9342846493895935 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0xca000 | 0x34a0 | 0x3600 | 45ab7352a460aae2e8b825663a11aee2 | False | 0.42180266203703703 | data | 4.314718184995612 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0xce000 | 0x52a8 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0xd4000 | 0x2f06 | 0x3000 | 25ab783736c827f85d747af5c83d5deb | False | 0.3085123697916667 | data | 5.008321998953415 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0xd7000 | 0x34 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0xd8000 | 0x18 | 0x200 | 4f0002177f85010cef45bf48736e0778 | False | 0.05078125 | data | 0.2108262677871819 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xd9000 | 0xc61c | 0xc800 | bb7716916f3eb2b78a752599543a96d8 | False | 0.57623046875 | data | 6.6562768419321 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0xe6000 | 0xf200 | 0xf200 | 253fa09c7edadca0bc8478630312ed93 | False | 0.471042097107438 | data | 6.172107733720928 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0xe6f58 | 0x134 | data | 0.38636363636363635 | ||
RT_CURSOR | 0xe708c | 0x134 | data | English | United States | 0.4642857142857143 |
RT_CURSOR | 0xe71c0 | 0x134 | data | English | United States | 0.4805194805194805 |
RT_CURSOR | 0xe72f4 | 0x134 | data | English | United States | 0.38311688311688313 |
RT_CURSOR | 0xe7428 | 0x134 | data | English | United States | 0.36038961038961037 |
RT_CURSOR | 0xe755c | 0x134 | data | English | United States | 0.4090909090909091 |
RT_CURSOR | 0xe7690 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4967532467532468 |
RT_CURSOR | 0xe77c4 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_BITMAP | 0xe78f8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
RT_BITMAP | 0xe7ac8 | 0x1e4 | Device independent bitmap graphic, 36 x 19 x 4, image size 380 | English | United States | 0.46487603305785125 |
RT_BITMAP | 0xe7cac | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
RT_BITMAP | 0xe7e7c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39870689655172414 |
RT_BITMAP | 0xe804c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.4245689655172414 |
RT_BITMAP | 0xe821c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5021551724137931 |
RT_BITMAP | 0xe83ec | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5064655172413793 |
RT_BITMAP | 0xe85bc | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
RT_BITMAP | 0xe878c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5344827586206896 |
RT_BITMAP | 0xe895c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
RT_BITMAP | 0xe8b2c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.28061224489795916 | ||
RT_BITMAP | 0xe8cb4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | Catalan | Spain | 0.30357142857142855 |
RT_BITMAP | 0xe8e3c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.29081632653061223 | ||
RT_BITMAP | 0xe8fc4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.3163265306122449 | ||
RT_BITMAP | 0xe914c | 0x110 | Device independent bitmap graphic, 24 x 14 x 4, image size 168 | 0.40808823529411764 | ||
RT_BITMAP | 0xe925c | 0x110 | Device independent bitmap graphic, 24 x 14 x 4, image size 168 | 0.4117647058823529 | ||
RT_BITMAP | 0xe936c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.2857142857142857 | ||
RT_BITMAP | 0xe94f4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.5255102040816326 | ||
RT_ICON | 0xe967c | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.3588709677419355 |
RT_ICON | 0xe9964 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | United States | 0.581081081081081 |
RT_STRING | 0xe9a8c | 0xa8 | data | 0.5833333333333334 | ||
RT_STRING | 0xe9b34 | 0xc0 | data | 0.3229166666666667 | ||
RT_STRING | 0xe9bf4 | 0x164 | data | 0.46629213483146065 | ||
RT_STRING | 0xe9d58 | 0x1dc | data | 0.35714285714285715 | ||
RT_STRING | 0xe9f34 | 0x274 | data | 0.37420382165605093 | ||
RT_STRING | 0xea1a8 | 0x2a4 | data | 0.47633136094674555 | ||
RT_STRING | 0xea44c | 0x338 | data | 0.4211165048543689 | ||
RT_STRING | 0xea784 | 0x248 | data | 0.4965753424657534 | ||
RT_STRING | 0xea9cc | 0x248 | data | 0.4777397260273973 | ||
RT_STRING | 0xeac14 | 0x1ac | data | 0.5654205607476636 | ||
RT_STRING | 0xeadc0 | 0xcc | data | 0.6764705882352942 | ||
RT_STRING | 0xeae8c | 0x114 | data | 0.6086956521739131 | ||
RT_STRING | 0xeafa0 | 0x358 | data | 0.433411214953271 | ||
RT_STRING | 0xeb2f8 | 0x3bc | data | 0.3891213389121339 | ||
RT_STRING | 0xeb6b4 | 0x374 | data | 0.3914027149321267 | ||
RT_STRING | 0xeba28 | 0x360 | data | 0.36342592592592593 | ||
RT_STRING | 0xebd88 | 0x354 | data | 0.41784037558685444 | ||
RT_STRING | 0xec0dc | 0xc0 | data | 0.625 | ||
RT_STRING | 0xec19c | 0x9c | data | 0.6282051282051282 | ||
RT_STRING | 0xec238 | 0x348 | data | 0.42142857142857143 | ||
RT_STRING | 0xec580 | 0x3e4 | data | 0.3614457831325301 | ||
RT_STRING | 0xec964 | 0x2ec | data | 0.37566844919786097 | ||
RT_STRING | 0xecc50 | 0x304 | data | 0.3432642487046632 | ||
RT_RCDATA | 0xecf54 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0xecf64 | 0x300 | data | 0.7278645833333334 | ||
RT_RCDATA | 0xed264 | 0x5ca | Delphi compiled form 'TfrmCpuUtilization' | 0.4406207827260459 | ||
RT_RCDATA | 0xed830 | 0x6faf | Delphi compiled form 'TfrmGraph' | 0.6544367108530657 | ||
RT_RCDATA | 0xf47e0 | 0x72b | Delphi compiled form 'TfrmLaunchExternalProgram' | 0.5155313351498637 | ||
RT_GROUP_CURSOR | 0xf4f0c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
RT_GROUP_CURSOR | 0xf4f20 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xf4f34 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0xf4f48 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xf4f5c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xf4f70 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xf4f84 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0xf4f98 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0xf4fac | 0x22 | data | English | United States | 1.0 |
RT_VERSION | 0xf4fd0 | 0x140 | MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79 | English | United States | 0.565625 |
DLL | Import |
---|---|
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
user32.dll | GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA |
kernel32.dll | GetACP, Sleep, VirtualFree, VirtualAlloc, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringA, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA |
user32.dll | CreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout |
gdi32.dll | WidenPath, UnrealizeObject, TextOutA, StrokePath, StrokeAndFillPath, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextCharacterExtra, SetTextColor, SetTextAlign, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetArcDirection, SelectPalette, SelectObject, SelectClipRgn, SelectClipPath, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32W, GetTextExtentPoint32A, GetTextCharacterExtra, GetTextAlign, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBkMode, GetBkColor, GetBitmapBits, GdiFlush, ExtTextOutA, ExtSelectClipRgn, ExtCreatePen, ExcludeClipRect, EndPath, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRoundRectRgn, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateEllipticRgnIndirect, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt, BeginPath, ArcTo, Arc |
version.dll | VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA |
kernel32.dll | lstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, SystemTimeToFileTime, SizeofResource, SetThreadPriority, SetThreadLocale, SetProcessAffinityMask, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, QueryPerformanceFrequency, QueryPerformanceCounter, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStdHandle, GetProcessAffinityMask, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA, GetExitCodeThread, GetExitCodeProcess, GetEnvironmentVariableA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateProcessA, CreateFileA, CreateEventA, CompareStringA, CloseHandle |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey |
ole32.dll | CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance |
kernel32.dll | Sleep |
ole32.dll | CLSIDFromString |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit |
comctl32.dll | _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create |
comdlg32.dll | GetSaveFileNameA, GetOpenFileNameA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Catalan | Spain |
Target ID: | 0 |
Start time: | 19:31:37 |
Start date: | 22/05/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Download.7332.18301.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 960'512 bytes |
MD5 hash: | C1367EAF2157E6A88432C899FC995104 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
Has exited: | false |