| Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000000.1695371174.0000000000430000.00000008.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameSlideshow.exe$ vs SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
| Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| Source: classification engine |
Classification label: sus21.evad.winEXE@1/0@0/0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
File read: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Section loaded: msvfw32.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Section loaded: winmm.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Section loaded: textshaping.dll |
Jump to behavior |
| Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Static file information: File size 19385625 > 1048576 |
| Source: initial sample |
Static PE information: section name: UPX0 |
| Source: initial sample |
Static PE information: section name: UPX1 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
User Timer Set: Timeout: 500ms |
Jump to behavior |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
User Timer Set: Timeout: 500ms |
Jump to behavior |
| Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
| Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1697906370.0000000003A53000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1703299899.00000000034C9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: YarOWfFO]KTbOXfFO[BLVCMV:EM:FLEQWIUZEQVFPWJSZU[d`fqT]g?HSGO\S\iEN[BM[P\jIVdERa[gpettcqoO]\DQRGSWEPWKU_OXfMVfDK^AH\JQeMUfT]llu |
| Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1752050366.0000000004ABB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1746442746.00000000034CA000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: vopiab]^_[PQMIJGSTRSTSOOOTTTRRROOOJJJDDDAAA@@@>>>===<<<>>>@@@CCCEEEGGGAAA::::::<<<???<<<;;;:::999888777888888888888888888888777777777777777777333222222222222222222222222222222222222555555555555555555555555555555555555555555555555555555555444444555666777777777444444444444444444333333333333333333143/43/43/43/43/43/432762762762762762761651652763874984984983873874985:96;:6;:6;:6;:6;:6;:6;:6;:4983874986;:8=<9>=:?>7<;7<;7<;7<;7<;7<;7<;6;:6;:49849838757657356256245134023/78467356256245144032.31-52.52.740740851962:73:73;84<95=:6<:3=;3=;3><4><4><4@>6B@8=;3@>6DB:IG?TQK^^[cbajihponllkba`_^]cbahgfsrq |
| Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1697906370.0000000003A53000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1703299899.00000000034C9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: fos[dh[dh[dhT]aS\`[dhenremraho`fnafnflrkrukstjrqksrjrrhorekp`em[`i\af_dfdijchi`ef_de`efchiejkdijchiejkjopdlnakmajmajnajnaipaiobjqemufmvekvflwipzr| |
| Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1697906370.0000000003A53000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1703299899.00000000034C9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: l{~[imQ_cP\`Ycg]gk^hlbko`hl[dhYcgT^bNW[U_ccmqlvznx|jswakoYbfU^bV`dW`bNWWKUUU``\gg\ih]ji_ml_nm[kjevu]onTefVchUbhS`fS^dVah^indnrajm[cd^fgbhhahhcikU_bV^cX`c\cc\bbZ__NTTJPREOSAMTANWCT^LYbS^d\fkcmrenqdmpdmpcklgnojoohmldihchgbihcllhqrirsipqhpqjrsjqrfnocklemnfopfopnvwhpphqqfooennhqq`ii^ggZccYbbZcc[ddZccW^^X]^W\]Y^_\abchibgh_deafgafgbghbghchkahlbhmdjodjocinbhmdjodjodjoflqflqcindjnotutyzqvwinofkldijchidijejkfklejkchielmhrrisseoocmmgqqmwwisseoogqqkuulvvs}~r{~nw{jswgptgpthquenr\eiXaeXae[dh^gk^gk[cjZbiYah_gnX`gaipjryaip\dk^fm_gn[cjT]fW`nJSbEN]HP]OWd\dqgmzagsfkupt~kowgksmrziqy`hpYaiZbi`hodmt]fmZbiYbi\dlaiqajr_ho]em]emaiqdltclsaiqemu_go`hpaiq]em^fn\ckY_g\cj^elY`gT[bU\cX^f\bj^dl\cj[bi]bj_dhdgkehlcgkbflgkrcho[aiV^fV^hW_iT\hPYcR]dS^eKV]GRXOZaR]cOZaHSYHRYR]c\gm[emZdlalt[foOZcKU^Zdmoz |
| Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1697384609.00000000034C1000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ZpvMciCY_Kagaw|m |
| Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1697906370.0000000003A53000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1703299899.00000000034C9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: mu|govbjqemuipyipyipyipygnwelueluhoxhoxhoxhoxhoxhoxgswgswgswhswhswjswlsxmsxnrwnrwpsxruztw{prsiklbdebdfors |
| Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1728391419.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1709797347.00000000034C4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1722801024.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1711482168.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: `en`en^cl]bk]bk\bi]cj]cj\bg[af[af[af\ag^bi^ai^ai_bj`ckadmcfndgoegqegqfhrhjtiktijtmoyrt~qs}gku^clafoagp^en]dm^en`hqemukqxntymsykpvhnsgmrbhndjoflqgmrhnsimsaejadjdfnhjrlnvopzvw |
| Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1705106477.0000000004ABD000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: {tzpiqg`mc\mc\VMCi`Vvmcwnd{rh |
| Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1697906370.0000000003A53000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1703299899.00000000034C9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: dpz[gp^ls\jqXfk[im_nr\lrWjrYksXjqN^gGV_LZcVdl\ircnwfqzdnw`isdowdpwWbiP[cO[bOZaMX_CNUDPWFRYKV]NYaP[dGPaELcKPhRVlZ]qadtgjxaeoCJQ6?C?KLDRR?NO]hoV`iFPY<GP@KSALU?JS?JT@JS<FP8CL9CL8EO2DO2DO7IT8JU5GR8JU:LV9KU9KV8JU4FQ8IUCRdDQi8E_;Jb9K_8I[AQbEUaIVaJU]IRWIMRIMQEJMHNQLRWEKPCJOFOUGQX;FN9CM>HRCNXEP[KVcKXeLYgOZeLW_IRYIRVJPUGMSCLS=GQ8DN:GTAN[APXAOVAMTBNUJU\T^dZciX_eV[a[`gadmdhphmt`fngmulrzeks^ckbhoafn^ck]bj]ck`fmdiqemuenwdnvflsgmpkppmrqtyxhmnfjmiquhqxblt_ipblpclp_hl`imclp_hlW`dW`dV_cR[_MVZIRVHPWPX_^fmemtdls`ho]el[cjZbiX`g\dkbjq`gomoyooyklvhjuilvchrZak^gq\gpP\eZgpgw |
| Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet