Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
ReversingLabs: Detection: 21% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_6E153670 CryptQueryObject,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,CryptMsgGetParam,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,LocalAlloc,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,CryptMsgGetParam,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose, |
0_2_6E153670 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_6E153470 lstrcmpA,CryptDecodeObject,CertFreeCertificateContext,LocalAlloc,CertFreeCertificateContext,CryptDecodeObject,CertFreeCertificateContext,CertFreeCertificateContext, |
0_2_6E153470 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_6E153499 lstrcmpA,CryptDecodeObject,CertFreeCertificateContext, |
0_2_6E153499 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\Users\Zortos\Documents\source\repos\CFUnzipper\CFUnzipper\obj\Release\ZortosUnzipper.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: |
Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: |
Binary string: /home/runner/work/sharpcompress/sharpcompress/src/SharpCompress/obj/Release/netstandard2.0/SharpCompress.pdbSHA256 source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: /home/runner/work/sharpcompress/sharpcompress/src/SharpCompress/obj/Release/netstandard2.0/SharpCompress.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: clrjit.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4436676433.0000000005160000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4438182838.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: costura.costura.pdb.compressed|||Costura.pdb|52414EC411DEA325110F0AD21378C8D101897989|2544 source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: |
Binary string: costura.costura.pdb.compressed source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: |
Binary string: C:\Dropbox\Dev\ag.v66\Libraries\MSILJitter\bin\RELEASE\win32\AgileDotNetRT.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
String found in binary or memory: http://s2.symcb.com0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
String found in binary or memory: http://sv.symcd.com0& |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/adamhathcock/sharpcompress |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/dotnet/runtime/issues/24271YFailed |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_0263DC2C |
0_2_0263DC2C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_0634A340 |
0_2_0634A340 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_078CEFC0 |
0_2_078CEFC0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_078C356C |
0_2_078C356C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_078C4A63 |
0_2_078C4A63 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_07912408 |
0_2_07912408 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_0796BD00 |
0_2_0796BD00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_07960040 |
0_2_07960040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_0796F259 |
0_2_0796F259 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_07A135D0 |
0_2_07A135D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_07A13592 |
0_2_07A13592 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_0833F943 |
0_2_0833F943 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmp |
Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameSharpCompress.dll< vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4429870159.00000000007AE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000000.1969906724.0000000000388000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameZortosUnzipper.exe6 vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameSharpCompress.dll< vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Binary or memory string: OriginalFilenameZortosUnzipper.exe6 vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe.37a2580.6.raw.unpack, AesDecoderStream.cs |
Cryptographic APIs: 'TransformBlock' |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe.37a2580.6.raw.unpack, AesDecoderStream.cs |
Cryptographic APIs: 'TransformBlock' |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe.37a2580.6.raw.unpack, WinzipAesCryptoStream.cs |
Cryptographic APIs: 'TransformFinalBlock', 'TransformBlock' |
Source: classification engine |
Classification label: mal51.troj.evad.winEXE@1/1@0/0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83% |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
ReversingLabs: Detection: 21% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: ieframe.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: dataexchange.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: dcomp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Automated click: Extract |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Static file information: File size 2181120 > 1048576 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1f4200 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: C:\Users\Zortos\Documents\source\repos\CFUnzipper\CFUnzipper\obj\Release\ZortosUnzipper.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: |
Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: |
Binary string: /home/runner/work/sharpcompress/sharpcompress/src/SharpCompress/obj/Release/netstandard2.0/SharpCompress.pdbSHA256 source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: /home/runner/work/sharpcompress/sharpcompress/src/SharpCompress/obj/Release/netstandard2.0/SharpCompress.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: clrjit.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4436676433.0000000005160000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4438182838.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: costura.costura.pdb.compressed|||Costura.pdb|52414EC411DEA325110F0AD21378C8D101897989|2544 source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: |
Binary string: costura.costura.pdb.compressed source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: |
Binary string: C:\Dropbox\Dev\ag.v66\Libraries\MSILJitter\bin\RELEASE\win32\AgileDotNetRT.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, AssemblyLoader.cs |
.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[]) |
Source: Yara match |
File source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe.190000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1969730710.0000000000192000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.4431341655.0000000002651000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe PID: 5460, type: MEMORYSTR |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Static PE information: 0xB266165F [Tue Nov 4 14:34:07 2064 UTC] |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_6E15A090 GetCurrentProcess,GetCurrentProcess,GetFileVersionInfoSizeW,GetProcessHeap,HeapAlloc,GetFileVersionInfoW,VerQueryValueA,LoadLibraryW,GetProcAddress,GetProcessHeap,HeapFree, |
0_2_6E15A090 |
Source: GunaUIDotNetRT.dll.0.dr |
Static PE information: section name: .didat |
Source: GunaUIDotNetRT.dll.0.dr |
Static PE information: section name: .00cfg |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_0263F0D2 push esp; iretd |
0_2_0263F0D9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_06346B6D pushad ; iretd |
0_2_06346B81 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_06346B82 pushad ; iretd |
0_2_06346B81 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_078672B3 push esp; iretd |
0_2_078672B9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_07869A3B push 400779DBh; retf |
0_2_07869A45 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_078AC7E2 push es; ret |
0_2_078AC7ED |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_078AB610 pushfd ; ret |
0_2_078AB61D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_078ABE33 pushad ; ret |
0_2_078ABE3D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_07A19FAA pushfd ; ret |
0_2_07A19FB1 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Static PE information: section name: .text entropy: 7.781616525832242 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
RDTSC instruction interceptor: First address: 6E151D36 second address: 6E152A87 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-10h], eax 0x00000005 mov dword ptr [ebp-0Ch], edx 0x00000008 mov eax, dword ptr [ebp-10h] 0x0000000b sub eax, dword ptr [ebp-08h] 0x0000000e mov edx, dword ptr [ebp-0Ch] 0x00000011 sbb edx, dword ptr [ebp-04h] 0x00000014 pop edi 0x00000015 pop esi 0x00000016 pop ebx 0x00000017 mov esp, ebp 0x00000019 pop ebp 0x0000001a ret 0x0000001b mov dword ptr [6E1653C0h], eax 0x00000020 mov dword ptr [6E1653C4h], edx 0x00000026 mov dword ptr [ebp-0Ch], 00000000h 0x0000002d jmp 00007FAB34C7041Bh 0x0000002f mov eax, dword ptr [ebp-0Ch] 0x00000032 cmp eax, dword ptr [ebp+08h] 0x00000035 jnl 00007FAB34C70456h 0x00000037 rdtsc |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Memory allocated: 25F0000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Memory allocated: 2650000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Memory allocated: 4650000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe TID: 3276 |
Thread sleep time: -182600s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe TID: 3276 |
Thread sleep time: -807600s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_6E15A090 GetCurrentProcess,GetCurrentProcess,GetFileVersionInfoSizeW,GetProcessHeap,HeapAlloc,GetFileVersionInfoW,VerQueryValueA,LoadLibraryW,GetProcAddress,GetProcessHeap,HeapFree, |
0_2_6E15A090 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_6E157AB0 GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapAlloc,VirtualProtect,VirtualProtect, |
0_2_6E157AB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Code function: 0_2_6E15B100 GetTempPathA,GetSystemTime,GetDateFormatA,GetTimeFormatA,CreateFileA,GetProcessHeap,HeapAlloc,InitializeCriticalSection, |
0_2_6E15B100 |