Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
ReversingLabs: Detection: 68% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00425784 __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z,__EH_prolog3_GS,CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, |
0_2_00425784 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00425835 CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,CloseHandle,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptDestroyHash,ReadFile,CryptHashData,ReadFile,CryptDestroyHash,CryptReleaseContext,CloseHandle,CloseHandle,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptDestroyHash,CryptReleaseContext, |
0_2_00425835 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00425B69 __EH_prolog3_GS,CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptDestroyHash,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext, |
0_2_00425B69 |
Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00426865 GetLogicalDriveStringsW,lstrlenW,QueryDosDeviceW,GetFullPathNameW,GetFullPathNameW,GetFullPathNameW,GetLongPathNameW,GetLongPathNameW,GetLongPathNameW, |
0_2_00426865 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00436131 __EH_prolog3,HttpOpenRequestW,GetLastError,HttpSendRequestW,GetLastError,InternetCloseHandle,InternetQueryOptionW,HttpQueryInfoA,WaitForSingleObject,HttpQueryInfoW,GetLastError,WriteFile,GetLastError,WaitForSingleObject,InternetReadFile,GetLastError,InternetCloseHandle, |
0_2_00436131 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00418031 |
0_2_00418031 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_004120E0 |
0_2_004120E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_0043C238 |
0_2_0043C238 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_004222C3 |
0_2_004222C3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00420301 |
0_2_00420301 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00444440 |
0_2_00444440 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_0043B409 |
0_2_0043B409 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00421481 |
0_2_00421481 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_0043259A |
0_2_0043259A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_0040F730 |
0_2_0040F730 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_0042B78D |
0_2_0042B78D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00420845 |
0_2_00420845 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00426865 |
0_2_00426865 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_0041D86A |
0_2_0041D86A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_0042EADB |
0_2_0042EADB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_0042CD5C |
0_2_0042CD5C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00420D89 |
0_2_00420D89 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00415E6E |
0_2_00415E6E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00430E1A |
0_2_00430E1A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00437E3B |
0_2_00437E3B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: String function: 00401916 appears 96 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: String function: 00410F30 appears 43 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: String function: 004126DD appears 87 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: String function: 00412746 appears 39 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: String function: 00415730 appears 45 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: String function: 004018B3 appears 58 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: String function: 00403C93 appears 48 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 488 |
Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Binary string: kernel32.dllIsWow64Process\device\mupShell32.dllSHGetKnownFolderPath\Downloads\User Pinned\TaskBar\Microsoft\Internet Explorer\Quick LaunchProgramFilesDirSOFTWARE\Microsoft\Windows\CurrentVersion\cmd.exeComSpec" exit" & if not exist " & for /l %x in (1,1,60) do ping 127.0.0.1 -n 2 -w 500 & del /q /f "" /c taskkill /f /pid 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789abcdef0123456789abcdefhlPxjHRu9UWCOtTORdZ51F7RYWUCWy731OtU3OaRC1xO5rErBozbP4G2hNm67mUHhghf659f453e18e0508fd502a51ca0138091b7e80eSELECT * FROM WQLtruefalse |
Source: classification engine |
Classification label: mal56.evad.winEXE@2/5@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00423319 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges, |
0_2_00423319 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00438D35 GetLogicalDriveStringsW,GetDriveTypeW,GetDiskFreeSpaceExW, |
0_2_00438D35 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00426FD8 CreateToolhelp32Snapshot,_memset,Process32FirstW,GetLastError,CloseHandle,OpenProcess,GetProcessTimes,GetProcessImageFileNameW,CharLowerW,CloseHandle,CharLowerW,Process32NextW,GetLastError,CloseHandle, |
0_2_00426FD8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00426181 CoInitializeEx,CoCreateInstance,CoSetProxyBlanket,VariantClear, |
0_2_00426181 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3076 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Command line argument: :tmp |
0_2_004351F9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Command line argument: .tmp |
0_2_004351F9 |
Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
ReversingLabs: Detection: 68% |
Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
String found in binary or memory: /launch_install?error= |
Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
String found in binary or memory: /launch_install?name= |
Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
String found in binary or memory: /launch_info |
Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
String found in binary or memory: /launch_error?text= |
Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
String found in binary or memory: ,products=closed/close_install?checks2,unchecked=products2=unchecked2=/unchecked_install?products=/unchecked_install?products2=/launch_infoinstaller not founderror opening file installer file #error getting length of installer binary fileerror reading installer binary filereaded 0 bytes from installer binary file:Zone.Identifierwatchstartparent= |
Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
String found in binary or memory: /launch_error?text=&launch=&?launch=": url error in "torrentwhsciconSTATICIconopenBUTTON |
Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
String found in binary or memory: $__HASHHASH$__MIXinstall=&hash=/touch_install?name=) (error=&md5=/launch_install?error=can't install success=/launch_install?name=&check=delay time=/delay?time=Wrong PE fileWrong PE signatureNot normal PE formaterror allocating virtual memoryerror creating executable heaperror allocating executable memoryunknown relocationcan't create thread |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe" |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 488 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Static PE information: real checksum: 0x60c79 should be: 0x60a47 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00415775 push ecx; ret |
0_2_00415788 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_004127B5 push ecx; ret |
0_2_004127C8 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: GetCommandLineW,ExitProcess,GetCursorPos,GetCursorPos,Sleep,GetCursorPos,_memset,CreatePipe,WriteFile,WriteFile,WriteFile,GetStdHandle,GetStdHandle,GetStdHandle,CreateProcessW,CloseHandle,CloseHandle,CloseHandle,CloseHandle,_memset,GetStdHandle,GetStdHandle,GetStdHandle,CreateProcessW,CloseHandle,CloseHandle,CloseHandle, |
0_2_0043545F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00426865 GetLogicalDriveStringsW,lstrlenW,QueryDosDeviceW,GetFullPathNameW,GetFullPathNameW,GetFullPathNameW,GetLongPathNameW,GetLongPathNameW,GetLongPathNameW, |
0_2_00426865 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00438BF9 __ehhandler$?_Initialize@SchedulerPolicy@Concurrency@@AAEXIPAPAD@Z,__EH_prolog3,GetSystemInfo,CallNtPowerInformation, |
0_2_00438BF9 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.4.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.4.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.4.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.4.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.4.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.4.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.syshbin` |
Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Binary or memory string: vmware |
Source: Amcache.hve.4.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware-42 27 ae 88 8c 2b 21 02-a5 86 22 5b 84 51 ac f0 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.4.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.4.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Binary or memory string: nsystemFSOSantivirusantispywarefirewallbrowsersvideoregistryregistryFilegetLineisFileisDirisRegistryfileTimeisInstalledmemoryharddiskprocessorisAdminis64bitVMmanufacturerbaseBoarddiskDrivesfileAssocdisplayvirtDisplayNET:.win;sp;suite:;product:AntivirusProductAntiSpywareProductFirewallProducthttpSoftware\Clients\StartMenuInternetSoftware\Clients\StartMenuInternet\\shell\open\command |nameWin32_VideoControllerROOT\CIMv2\/*\1SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallDisplayName\modelvirtualboxvmwareparallelsqemuwinevirtualWin32_ComputerSystemproductWin32_BaseBoardcaptionWin32_DiskDriveopenxSOFTWARE\Microsoft\NET Framework Setup\NDPVersionSOFTWARE\Microsoft\NET Framework Setup\NDP\error getting versionInstallversion not installedSPsp\Full\Clientmap/set<T> too longvector<T> too longinvalid map/set<T> iterator |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.4.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.4.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00411360 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00411360 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00428340 mov eax, dword ptr fs:[00000030h] |
0_2_00428340 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00428340 mov eax, dword ptr fs:[00000030h] |
0_2_00428340 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00429751 mov eax, dword ptr fs:[00000030h] |
0_2_00429751 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00429751 mov eax, dword ptr fs:[00000030h] |
0_2_00429751 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00429751 mov eax, dword ptr fs:[00000030h] |
0_2_00429751 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_0042C16E __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z,__EH_prolog3,SetErrorMode,SetUnhandledExceptionFilter,GetStdHandle,ReadFile,ReadFile, |
0_2_0042C16E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00417277 SetUnhandledExceptionFilter, |
0_2_00417277 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00411360 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00411360 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_0043259A GetTickCount,SetErrorMode,SetUnhandledExceptionFilter,InitializeCriticalSection,InitializeCriticalSection,InitializeCriticalSection,CoInitializeEx,CreateEventW,CreateEventW,CreateEventW,CreateEventW,GdiplusStartup,IsUserAnAdmin,GetModuleHandleW,EnumResourceNamesW,GetFileSizeEx,CreateThread,InitCommonControlsEx,GetTickCount,MessageBoxW,WaitForSingleObject,ResetEvent,CreateThread,WaitForSingleObject,CloseHandle,GdiplusShutdown,EnterCriticalSection,EnterCriticalSection,SetEvent,LeaveCriticalSection,CloseHandle,GetCurrentThreadId,CreateThread,EnterCriticalSection,CreateThread,LeaveCriticalSection,GetTickCount,EnterCriticalSection,LeaveCriticalSection,GetTickCount,EnterCriticalSection,CreateThread,LeaveCriticalSection,SetEvent,CloseHandle,CloseHandle,KillTimer,KillTimer,KillTimer,WaitForMultipleObjects,WaitForSingleObject,CloseHandle,GdiplusShutdown, |
0_2_0043259A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00429737 SetUnhandledExceptionFilter,ExitProcess, |
0_2_00429737 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_004127E7 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_004127E7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_00410F21 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00410F21 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_004177B1 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, |
0_2_004177B1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.LoadMoney.1085.10205.7276.exe |
Code function: 0_2_0043902A __EH_prolog3_GS,_memset,GetVersionExW, |
0_2_0043902A |
Source: Amcache.hve.4.dr |
Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe |
Source: Amcache.hve.4.dr |
Binary or memory string: msmpeng.exe |
Source: Amcache.hve.4.dr |
Binary or memory string: c:\program files\windows defender\msmpeng.exe |
Source: Amcache.hve.4.dr |
Binary or memory string: MsMpEng.exe |