Click to jump to signature section
Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000000.1695371174.0000000000430000.00000008.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameSlideshow.exe$ vs SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe |
Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine | Classification label: sus21.evad.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | File read: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Section loaded: msvfw32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | Static file information: File size 19385625 > 1048576 |
Source: initial sample | Static PE information: section name: UPX0 |
Source: initial sample | Static PE information: section name: UPX1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | User Timer Set: Timeout: 500ms | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe | User Timer Set: Timeout: 500ms | Jump to behavior |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1697906370.0000000003A53000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1703299899.00000000034C9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: YarOWfFO]KTbOXfFO[BLVCMV:EM:FLEQWIUZEQVFPWJSZU[d`fqT]g?HSGO\S\iEN[BM[P\jIVdERa[gpettcqoO]\DQRGSWEPWKU_OXfMVfDK^AH\JQeMUfT]llu |
Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1752050366.0000000004ABB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1746442746.00000000034CA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: vopiab]^_[PQMIJGSTRSTSOOOTTTRRROOOJJJDDDAAA@@@>>>===<<<>>>@@@CCCEEEGGGAAA::::::<<<???<<<;;;:::999888777888888888888888888888777777777777777777333222222222222222222222222222222222222555555555555555555555555555555555555555555555555555555555444444555666777777777444444444444444444333333333333333333143/43/43/43/43/43/432762762762762762761651652763874984984983873874985:96;:6;:6;:6;:6;:6;:6;:6;:4983874986;:8=<9>=:?>7<;7<;7<;7<;7<;7<;7<;6;:6;:49849838757657356256245134023/78467356256245144032.31-52.52.740740851962:73:73;84<95=:6<:3=;3=;3><4><4><4@>6B@8=;3@>6DB:IG?TQK^^[cbajihponllkba`_^]cbahgfsrq |
Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1697906370.0000000003A53000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1703299899.00000000034C9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: fos[dh[dh[dhT]aS\`[dhenremraho`fnafnflrkrukstjrqksrjrrhorekp`em[`i\af_dfdijchi`ef_de`efchiejkdijchiejkjopdlnakmajmajnajnaipaiobjqemufmvekvflwipzr| |
Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1697906370.0000000003A53000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1703299899.00000000034C9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: l{~[imQ_cP\`Ycg]gk^hlbko`hl[dhYcgT^bNW[U_ccmqlvznx|jswakoYbfU^bV`dW`bNWWKUUU``\gg\ih]ji_ml_nm[kjevu]onTefVchUbhS`fS^dVah^indnrajm[cd^fgbhhahhcikU_bV^cX`c\cc\bbZ__NTTJPREOSAMTANWCT^LYbS^d\fkcmrenqdmpdmpcklgnojoohmldihchgbihcllhqrirsipqhpqjrsjqrfnocklemnfopfopnvwhpphqqfooennhqq`ii^ggZccYbbZcc[ddZccW^^X]^W\]Y^_\abchibgh_deafgafgbghbghchkahlbhmdjodjocinbhmdjodjodjoflqflqcindjnotutyzqvwinofkldijchidijejkfklejkchielmhrrisseoocmmgqqmwwisseoogqqkuulvvs}~r{~nw{jswgptgpthquenr\eiXaeXae[dh^gk^gk[cjZbiYah_gnX`gaipjryaip\dk^fm_gn[cjT]fW`nJSbEN]HP]OWd\dqgmzagsfkupt~kowgksmrziqy`hpYaiZbi`hodmt]fmZbiYbi\dlaiqajr_ho]em]emaiqdltclsaiqemu_go`hpaiq]em^fn\ckY_g\cj^elY`gT[bU\cX^f\bj^dl\cj[bi]bj_dhdgkehlcgkbflgkrcho[aiV^fV^hW_iT\hPYcR]dS^eKV]GRXOZaR]cOZaHSYHRYR]c\gm[emZdlalt[foOZcKU^Zdmoz |
Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1697384609.00000000034C1000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: ZpvMciCY_Kagaw|m |
Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1697906370.0000000003A53000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1703299899.00000000034C9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: mu|govbjqemuipyipyipyipygnwelueluhoxhoxhoxhoxhoxhoxgswgswgswhswhswjswlsxmsxnrwnrwpsxruztw{prsiklbdebdfors |
Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1728391419.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1709797347.00000000034C4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1722801024.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1711482168.0000000004AB7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: `en`en^cl]bk]bk\bi]cj]cj\bg[af[af[af\ag^bi^ai^ai_bj`ckadmcfndgoegqegqfhrhjtiktijtmoyrt~qs}gku^clafoagp^en]dm^en`hqemukqxntymsykpvhnsgmrbhndjoflqgmrhnsimsaejadjdfnhjrlnvopzvw |
Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1705106477.0000000004ABD000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: {tzpiqg`mc\mc\VMCi`Vvmcwnd{rh |
Source: SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1697906370.0000000003A53000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Sdum.19173.13564.exe, 00000000.00000003.1703299899.00000000034C9000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: dpz[gp^ls\jqXfk[im_nr\lrWjrYksXjqN^gGV_LZcVdl\ircnwfqzdnw`isdowdpwWbiP[cO[bOZaMX_CNUDPWFRYKV]NYaP[dGPaELcKPhRVlZ]qadtgjxaeoCJQ6?C?KLDRR?NO]hoV`iFPY<GP@KSALU?JS?JT@JS<FP8CL9CL8EO2DO2DO7IT8JU5GR8JU:LV9KU9KV8JU4FQ8IUCRdDQi8E_;Jb9K_8I[AQbEUaIVaJU]IRWIMRIMQEJMHNQLRWEKPCJOFOUGQX;FN9CM>HRCNXEP[KVcKXeLYgOZeLW_IRYIRVJPUGMSCLS=GQ8DN:GTAN[APXAOVAMTBNUJU\T^dZciX_eV[a[`gadmdhphmt`fngmulrzeks^ckbhoafn^ck]bj]ck`fmdiqemuenwdnvflsgmpkppmrqtyxhmnfjmiquhqxblt_ipblpclp_hl`imclp_hlW`dW`dV_cR[_MVZIRVHPWPX_^fmemtdls`ho]el[cjZbiX`g\dkbjq`gomoyooyklvhjuilvchrZak^gq\gpP\eZgpgw |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |