Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
ReversingLabs: Detection: 21% |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Virustotal: Detection: 31% |
Perma Link |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, |
1_2_00478B6C |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose, |
1_2_00490094 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, |
1_2_00476A70 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0046F16C FindFirstFileA,FindNextFileA,FindClose, |
1_2_0046F16C |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004511DC FindFirstFileA,GetLastError, |
1_2_004511DC |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, |
1_2_0045F3A4 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, |
1_2_0045F820 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose, |
1_2_0045DE20 |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe, 00000000.00000003.1665732024.0000000002101000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe, 00000000.00000002.2922256093.00000000020F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe, 00000000.00000003.1664682629.0000000002360000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe, 00000000.00000002.2922277470.0000000002101000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp, 00000001.00000003.1668682583.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp, 00000001.00000003.1669698962.00000000021A6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp, 00000001.00000002.2922656836.00000000021A4000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://cyworld.nate.com/nuclear_mine |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe, 00000000.00000003.1665732024.0000000002101000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe, 00000000.00000003.1664682629.0000000002360000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe, 00000000.00000002.2922277470.0000000002101000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp, 00000001.00000003.1668682583.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp, 00000001.00000003.1669698962.00000000021A6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp, 00000001.00000002.2922656836.00000000021A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp, 00000001.00000002.2922580890.0000000002195000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://ispp.sourceforge.net/ |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp, 00000001.00000002.2922580890.0000000002195000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://ispp.sourceforge.net/Des |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp, 00000001.00000002.2922051073.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp.0.dr |
String found in binary or memory: http://www.innosetup.com/ |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe, 00000000.00000003.1666089570.0000000002360000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe, 00000000.00000003.1666996465.0000000002108000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp, 00000001.00000002.2922051073.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp.0.dr |
String found in binary or memory: http://www.remobjects.com/?ps |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe, 00000000.00000003.1666089570.0000000002360000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe, 00000000.00000003.1666996465.0000000002108000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp, 00000001.00000002.2922051073.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp.0.dr |
String found in binary or memory: http://www.remobjects.com/?psU |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00423B2C NtdllDefWindowProc_A, |
1_2_00423B2C |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004722D4 NtdllDefWindowProc_A, |
1_2_004722D4 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00412580 NtdllDefWindowProc_A, |
1_2_00412580 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0042ED38 NtdllDefWindowProc_A, |
1_2_0042ED38 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004551F4 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A, |
1_2_004551F4 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0042E6CC: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError, |
1_2_0042E6CC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
0_2_004092A0 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
1_2_00453AF8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_004082E8 |
0_2_004082E8 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00462994 |
1_2_00462994 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004797C1 |
1_2_004797C1 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00485FE0 |
1_2_00485FE0 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004800E8 |
1_2_004800E8 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0044416C |
1_2_0044416C |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004305D0 |
1_2_004305D0 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00444864 |
1_2_00444864 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004588EC |
1_2_004588EC |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0046498C |
1_2_0046498C |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00434A2C |
1_2_00434A2C |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00444C70 |
1_2_00444C70 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0046AC90 |
1_2_0046AC90 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0047F238 |
1_2_0047F238 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0043D44C |
1_2_0043D44C |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0045B694 |
1_2_0045B694 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0042FB74 |
1_2_0042FB74 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00443BC4 |
1_2_00443BC4 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00433D28 |
1_2_00433D28 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: String function: 00405964 appears 100 times |
|
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: String function: 00406A2C appears 38 times |
|
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: String function: 00403400 appears 59 times |
|
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: String function: 004454D0 appears 45 times |
|
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: String function: 00407894 appears 40 times |
|
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: String function: 00433C40 appears 32 times |
|
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: String function: 00455970 appears 95 times |
|
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: String function: 00451AC0 appears 72 times |
|
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: String function: 00403494 appears 83 times |
|
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: String function: 00455B70 appears 65 times |
|
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: String function: 004457A0 appears 59 times |
|
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: String function: 00403684 appears 204 times |
|
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: String function: 00408BAC appears 44 times |
|
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Static PE information: Resource name: RT_VERSION type: COM executable for DOS |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp.0.dr |
Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp.0.dr |
Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp.0.dr |
Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp.0.dr |
Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp.0.dr |
Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe, 00000000.00000003.1666089570.0000000002360000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe, 00000000.00000003.1666996465.0000000002108000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: _RegDLL.tmp.1.dr |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: classification engine |
Classification label: mal48.winEXE@3/4@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_004092A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
0_2_004092A0 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00453AF8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
1_2_00453AF8 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00454320 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceA, |
1_2_00454320 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_00409A04 FindResourceA,SizeofResource,LoadResource,LockResource, |
0_2_00409A04 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
File created: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization |
Jump to behavior |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
ReversingLabs: Detection: 21% |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Virustotal: Detection: 31% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
File read: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe "C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe" |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Process created: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp "C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp" /SL5="$1043A,2318969,53248,C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe" |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Process created: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp "C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp" /SL5="$1043A,2318969,53248,C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Window found: window name: TMainForm |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Static file information: File size 2596914 > 1048576 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0044AD34 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
1_2_0044AD34 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_00406518 push 00406555h; ret |
0_2_0040654D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_004040B5 push eax; ret |
0_2_004040F1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_00404185 push 00404391h; ret |
0_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_00404206 push 00404391h; ret |
0_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_0040C218 push eax; ret |
0_2_0040C219 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_004042E8 push 00404391h; ret |
0_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_00404283 push 00404391h; ret |
0_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_00408D90 push 00408DC3h; ret |
0_2_00408DBB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_00407FE0 push ecx; mov dword ptr [esp], eax |
0_2_00407FE5 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004098EC push 00409929h; ret |
1_2_00409921 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004062CC push ecx; mov dword ptr [esp], eax |
1_2_004062CD |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004305D0 push ecx; mov dword ptr [esp], eax |
1_2_004305D5 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00410678 push ecx; mov dword ptr [esp], edx |
1_2_0041067D |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004128D0 push 00412933h; ret |
1_2_0041292B |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0047C88C push 0047C96Ah; ret |
1_2_0047C962 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00450A78 push 00450AABh; ret |
1_2_00450AA3 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00442B3C push ecx; mov dword ptr [esp], ecx |
1_2_00442B40 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0040CFD0 push ecx; mov dword ptr [esp], edx |
1_2_0040CFD2 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004573DC push 00457420h; ret |
1_2_00457418 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0045B38C push ecx; mov dword ptr [esp], eax |
1_2_0045B391 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0040546D push eax; ret |
1_2_004054A9 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0040F530 push ecx; mov dword ptr [esp], edx |
1_2_0040F532 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0040553D push 00405749h; ret |
1_2_00405741 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004715E8 push ecx; mov dword ptr [esp], edx |
1_2_004715E9 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004055BE push 00405749h; ret |
1_2_00405741 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0040563B push 00405749h; ret |
1_2_00405741 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004056A0 push 00405749h; ret |
1_2_00405741 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00419BD0 push ecx; mov dword ptr [esp], ecx |
1_2_00419BD5 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00455C0C push 00455C44h; ret |
1_2_00455C3C |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0047DEE0 push ecx; mov dword ptr [esp], ecx |
1_2_0047DEE5 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00409FE7 push ds; ret |
1_2_00409FE8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
File created: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
File created: C:\Users\user\AppData\Local\Temp\is-V44NQ.tmp\_isetup\_RegDLL.tmp |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
File created: C:\Users\user\AppData\Local\Temp\is-V44NQ.tmp\_isetup\_shfoldr.dll |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
File created: C:\Users\user\AppData\Local\Temp\is-V44NQ.tmp\_isetup\_setup64.tmp |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00422804 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow, |
1_2_00422804 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, |
1_2_00423BB4 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00423BB4 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, |
1_2_00423BB4 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0042413C IsIconic,SetActiveWindow, |
1_2_0042413C |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00424184 IsIconic,SetActiveWindow,SetFocus, |
1_2_00424184 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0047C25C IsIconic,GetWindowLongA,ShowWindow,ShowWindow, |
1_2_0047C25C |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0041832C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient, |
1_2_0041832C |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00417540 IsIconic,GetCapture, |
1_2_00417540 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00417C76 IsIconic,SetWindowPos, |
1_2_00417C76 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00417C78 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement, |
1_2_00417C78 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0044AD34 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
1_2_0044AD34 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-V44NQ.tmp\_isetup\_RegDLL.tmp |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-V44NQ.tmp\_isetup\_shfoldr.dll |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-V44NQ.tmp\_isetup\_setup64.tmp |
Jump to dropped file |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Evasive API call chain: GetSystemTime,DecisionNodes |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Check user administrative privileges: GetTokenInformation,DecisionNodes |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00478B6C FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, |
1_2_00478B6C |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00490094 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose, |
1_2_00490094 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00476A70 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose, |
1_2_00476A70 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0046F16C FindFirstFileA,FindNextFileA,FindClose, |
1_2_0046F16C |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004511DC FindFirstFileA,GetLastError, |
1_2_004511DC |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0045F3A4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, |
1_2_0045F3A4 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0045F820 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, |
1_2_0045F820 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0045DE20 FindFirstFileA,FindNextFileA,FindClose, |
1_2_0045DE20 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_00409948 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery, |
0_2_00409948 |
Source: SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp, 00000001.00000002.2922275657.00000000005CF000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0044AD34 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
1_2_0044AD34 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00471D70 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle, |
1_2_00471D70 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_0045A0E8 GetVersion,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,AllocateAndInitializeSid,GetLastError,LocalFree, |
1_2_0045A0E8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: GetLocaleInfoA, |
0_2_0040515C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: GetLocaleInfoA, |
0_2_004051A8 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: GetLocaleInfoA, |
1_2_00408508 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: GetLocaleInfoA, |
1_2_00408554 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_004566B8 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle, |
1_2_004566B8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_004026C4 GetSystemTime, |
0_2_004026C4 |
Source: C:\Users\user\AppData\Local\Temp\is-K0O4V.tmp\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.tmp |
Code function: 1_2_00453AB0 GetUserNameA, |
1_2_00453AB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BackDoor.CmjSpy.326.14545.25032.exe |
Code function: 0_2_00405C44 GetVersionExA, |
0_2_00405C44 |