Click to jump to signature section
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | ReversingLabs: Detection: 21% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_6E153670 CryptQueryObject,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,CryptMsgGetParam,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,LocalAlloc,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,CryptMsgGetParam,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose, | 0_2_6E153670 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_6E153470 lstrcmpA,CryptDecodeObject,CertFreeCertificateContext,LocalAlloc,CertFreeCertificateContext,CryptDecodeObject,CertFreeCertificateContext,CertFreeCertificateContext, | 0_2_6E153470 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_6E153499 lstrcmpA,CryptDecodeObject,CertFreeCertificateContext, | 0_2_6E153499 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: | Binary string: C:\Users\Zortos\Documents\source\repos\CFUnzipper\CFUnzipper\obj\Release\ZortosUnzipper.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: | Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: | Binary string: /home/runner/work/sharpcompress/sharpcompress/src/SharpCompress/obj/Release/netstandard2.0/SharpCompress.pdbSHA256 source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: /home/runner/work/sharpcompress/sharpcompress/src/SharpCompress/obj/Release/netstandard2.0/SharpCompress.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: clrjit.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4436676433.0000000005160000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4438182838.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: costura.costura.pdb.compressed|||Costura.pdb|52414EC411DEA325110F0AD21378C8D101897989|2544 source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: | Binary string: costura.costura.pdb.compressed source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: | Binary string: C:\Dropbox\Dev\ag.v66\Libraries\MSILJitter\bin\RELEASE\win32\AgileDotNetRT.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr | String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr | String found in binary or memory: http://ocsp.thawte.com0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr | String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr | String found in binary or memory: http://s2.symcb.com0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr | String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr | String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr | String found in binary or memory: http://sv.symcd.com0& |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr | String found in binary or memory: http://www.symauth.com/cps0( |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr | String found in binary or memory: http://www.symauth.com/rpa00 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr | String found in binary or memory: https://d.symcb.com/cps0% |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/adamhathcock/sharpcompress |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/dotnet/runtime/issues/24271YFailed |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_0263DC2C | 0_2_0263DC2C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_0634A340 | 0_2_0634A340 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_078CEFC0 | 0_2_078CEFC0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_078C356C | 0_2_078C356C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_078C4A63 | 0_2_078C4A63 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_07912408 | 0_2_07912408 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_0796BD00 | 0_2_0796BD00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_07960040 | 0_2_07960040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_0796F259 | 0_2_0796F259 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_07A135D0 | 0_2_07A135D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_07A13592 | 0_2_07A13592 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_0833F943 | 0_2_0833F943 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4440851880.000000006E169000.00000002.00000001.01000000.00000007.sdmp | Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameSharpCompress.dll< vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4429870159.00000000007AE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000000.1969906724.0000000000388000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameZortosUnzipper.exe6 vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameSharpCompress.dll< vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Binary or memory string: OriginalFilenameZortosUnzipper.exe6 vs SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe.37a2580.6.raw.unpack, AesDecoderStream.cs | Cryptographic APIs: 'TransformBlock' |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe.37a2580.6.raw.unpack, AesDecoderStream.cs | Cryptographic APIs: 'TransformBlock' |
Source: 0.2.SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe.37a2580.6.raw.unpack, WinzipAesCryptoStream.cs | Cryptographic APIs: 'TransformFinalBlock', 'TransformBlock' |
Source: classification engine | Classification label: mal51.troj.evad.winEXE@1/1@0/0 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83% |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | ReversingLabs: Detection: 21% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: ieframe.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: dwrite.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: dataexchange.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: d3d11.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: dcomp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Automated click: Extract |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Static file information: File size 2181120 > 1048576 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1f4200 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: | Binary string: C:\Users\Zortos\Documents\source\repos\CFUnzipper\CFUnzipper\obj\Release\ZortosUnzipper.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: | Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: | Binary string: /home/runner/work/sharpcompress/sharpcompress/src/SharpCompress/obj/Release/netstandard2.0/SharpCompress.pdbSHA256 source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: /home/runner/work/sharpcompress/sharpcompress/src/SharpCompress/obj/Release/netstandard2.0/SharpCompress.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.00000000037A2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: clrjit.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4436676433.0000000005160000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4438182838.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: costura.costura.pdb.compressed|||Costura.pdb|52414EC411DEA325110F0AD21378C8D101897989|2544 source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: | Binary string: costura.costura.pdb.compressed source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe |
Source: | Binary string: C:\Dropbox\Dev\ag.v66\Libraries\MSILJitter\bin\RELEASE\win32\AgileDotNetRT.pdb source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003651000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4440772522.000000006E163000.00000002.00000001.01000000.00000007.sdmp, SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, 00000000.00000002.4434321675.0000000003683000.00000004.00000800.00020000.00000000.sdmp, GunaUIDotNetRT.dll.0.dr |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, AssemblyLoader.cs | .Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[]) |
Source: Yara match | File source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe, type: SAMPLE |
Source: Yara match | File source: 0.0.SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe.190000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000000.1969730710.0000000000192000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.4431341655.0000000002651000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe PID: 5460, type: MEMORYSTR |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Static PE information: 0xB266165F [Tue Nov 4 14:34:07 2064 UTC] |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_6E15A090 GetCurrentProcess,GetCurrentProcess,GetFileVersionInfoSizeW,GetProcessHeap,HeapAlloc,GetFileVersionInfoW,VerQueryValueA,LoadLibraryW,GetProcAddress,GetProcessHeap,HeapFree, | 0_2_6E15A090 |
Source: GunaUIDotNetRT.dll.0.dr | Static PE information: section name: .didat |
Source: GunaUIDotNetRT.dll.0.dr | Static PE information: section name: .00cfg |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_0263F0D2 push esp; iretd | 0_2_0263F0D9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_06346B6D pushad ; iretd | 0_2_06346B81 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_06346B82 pushad ; iretd | 0_2_06346B81 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_078672B3 push esp; iretd | 0_2_078672B9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_07869A3B push 400779DBh; retf | 0_2_07869A45 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_078AC7E2 push es; ret | 0_2_078AC7ED |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_078AB610 pushfd ; ret | 0_2_078AB61D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_078ABE33 pushad ; ret | 0_2_078ABE3D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_07A19FAA pushfd ; ret | 0_2_07A19FB1 |
Source: SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Static PE information: section name: .text entropy: 7.781616525832242 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | RDTSC instruction interceptor: First address: 6E151D36 second address: 6E152A87 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-10h], eax 0x00000005 mov dword ptr [ebp-0Ch], edx 0x00000008 mov eax, dword ptr [ebp-10h] 0x0000000b sub eax, dword ptr [ebp-08h] 0x0000000e mov edx, dword ptr [ebp-0Ch] 0x00000011 sbb edx, dword ptr [ebp-04h] 0x00000014 pop edi 0x00000015 pop esi 0x00000016 pop ebx 0x00000017 mov esp, ebp 0x00000019 pop ebp 0x0000001a ret 0x0000001b mov dword ptr [6E1653C0h], eax 0x00000020 mov dword ptr [6E1653C4h], edx 0x00000026 mov dword ptr [ebp-0Ch], 00000000h 0x0000002d jmp 00007FAB34C7041Bh 0x0000002f mov eax, dword ptr [ebp-0Ch] 0x00000032 cmp eax, dword ptr [ebp+08h] 0x00000035 jnl 00007FAB34C70456h 0x00000037 rdtsc |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Memory allocated: 25F0000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Memory allocated: 2650000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Memory allocated: 4650000 memory reserve | memory write watch | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_6E15A090 GetCurrentProcess,GetCurrentProcess,GetFileVersionInfoSizeW,GetProcessHeap,HeapAlloc,GetFileVersionInfoW,VerQueryValueA,LoadLibraryW,GetProcAddress,GetProcessHeap,HeapFree, | 0_2_6E15A090 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_6E157AB0 GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapAlloc,VirtualProtect,VirtualProtect, | 0_2_6E157AB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72211100.17568.13083.exe | Code function: 0_2_6E15B100 GetTempPathA,GetSystemTime,GetDateFormatA,GetTimeFormatA,CreateFileA,GetProcessHeap,HeapAlloc,InitializeCriticalSection, | 0_2_6E15B100 |