Source: http://47.110.247.171/chdyz/chdyz.dll |
Avira URL Cloud: Label: malware |
Source: http://47.110.247.171/chdyz/chdyz.exe |
Avira URL Cloud: Label: malware |
Source: http://47.110.247.171/chdyz/chdyz.7z.tmpSuper-EC |
Virustotal: Detection: 9% |
Perma Link |
Source: http://47.110.247.171/chdyz/chdyz.7z |
Virustotal: Detection: 11% |
Perma Link |
Source: http://47.110.247.171/login/verup.php |
Virustotal: Detection: 9% |
Perma Link |
Source: http://47.110.247.171/login/login.php |
Virustotal: Detection: 9% |
Perma Link |
Source: http://47.110.247.171/chdyz/chdyz.dll |
Virustotal: Detection: 14% |
Perma Link |
Source: http://47.110.247.171/ |
Virustotal: Detection: 9% |
Perma Link |
Source: http://47.110.247.171/chdyz/chdyz.exe |
Virustotal: Detection: 15% |
Perma Link |
Source: uCLkYbZQoA.exe |
ReversingLabs: Detection: 58% |
Source: uCLkYbZQoA.exe |
Virustotal: Detection: 65% |
Perma Link |
Source: Submited Sample |
Integrated Neural Analysis Model: Matched 77.5% probability |
Source: uCLkYbZQoA.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004234C0 FindNextFileA,FindClose,FindFirstFileA,FindClose, |
0_2_004234C0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0042B8A0 FindFirstFileA,FindClose, |
0_2_0042B8A0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004B60FD __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA, |
0_2_004B60FD |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00419130 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA, |
0_2_00419130 |
Source: Joe Sandbox View |
IP Address: 47.110.247.171 47.110.247.171 |
Source: global traffic |
HTTP traffic detected: POST /login/verup.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: text/html, application/xhtml+xml, */*Accept-Encoding: gbk, GB2312Accept-Language: zh-cnUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)Content-Length: 26Host: 47.110.247.171 |
Source: global traffic |
HTTP traffic detected: POST /login/login.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: text/html, application/xhtml+xml, */*Accept-Encoding: gbk, GB2312Accept-Language: zh-cnUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)Content-Length: 12Host: 47.110.247.171 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00436A20 ioctlsocket,recvfrom, |
0_2_00436A20 |
Source: unknown |
HTTP traffic detected: POST /login/verup.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: text/html, application/xhtml+xml, */*Accept-Encoding: gbk, GB2312Accept-Language: zh-cnUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)Content-Length: 26Host: 47.110.247.171 |
Source: uCLkYbZQoA.exe, 00000000.00000003.1699111246.00000000005BB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://47.110.247.171/ |
Source: uCLkYbZQoA.exe |
String found in binary or memory: http://47.110.247.171/chdyz/chdyz.7z |
Source: uCLkYbZQoA.exe |
String found in binary or memory: http://47.110.247.171/chdyz/chdyz.7z.tmpSuper-EC |
Source: uCLkYbZQoA.exe |
String found in binary or memory: http://47.110.247.171/chdyz/chdyz.dll |
Source: uCLkYbZQoA.exe |
String found in binary or memory: http://47.110.247.171/chdyz/chdyz.exe |
Source: uCLkYbZQoA.exe |
String found in binary or memory: http://47.110.247.171/login/login.php |
Source: uCLkYbZQoA.exe, 00000000.00000003.1699111246.00000000005D3000.00000004.00000020.00020000.00000000.sdmp, uCLkYbZQoA.exe, 00000000.00000003.1699235413.00000000005D5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://47.110.247.171/login/login.phpl_ |
Source: uCLkYbZQoA.exe |
String found in binary or memory: http://47.110.247.171/login/verup.php |
Source: uCLkYbZQoA.exe |
String found in binary or memory: http://47.110.247.171/login/verup.php0-1 |
Source: uCLkYbZQoA.exe, 00000000.00000003.1699111246.00000000005BB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://47.110.247.171/wR |
Source: uCLkYbZQoA.exe |
String found in binary or memory: http://www.eyuyan.com)DVarFileInfo$ |
Source: uCLkYbZQoA.exe, 00000000.00000003.1699053207.0000000000600000.00000004.00000020.00020000.00000000.sdmp, uCLkYbZQoA.exe, 00000000.00000003.2300427638.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, uCLkYbZQoA.exe, 00000000.00000003.1699280374.0000000000601000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://pan.baidu.com/s/1D28osmCWE-A_Oote3X5wsg?pwd=985d |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0043FAE0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard, |
0_2_0043FAE0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0043FAE0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard, |
0_2_0043FAE0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0043FC40 OpenClipboard,GetClipboardData,CloseClipboard,GlobalSize,GlobalLock,GlobalUnlock,CloseClipboard, |
0_2_0043FC40 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004782B0 GetWindowRect,GetWindowDC,CreateCompatibleDC,SetBkMode,CreateCompatibleBitmap,SelectObject,BitBlt, |
0_2_004782B0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004BA7D4 GetKeyState,GetKeyState,GetKeyState,GetKeyState, |
0_2_004BA7D4 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0042BA50 GetKeyState,GetKeyState,GetKeyState,GetKeyState, |
0_2_0042BA50 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00421760 |
0_2_00421760 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004B7F51 |
0_2_004B7F51 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0045E149 |
0_2_0045E149 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0042C110 |
0_2_0042C110 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00452120 |
0_2_00452120 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004481C0 |
0_2_004481C0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0045024D |
0_2_0045024D |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0044A2C0 |
0_2_0044A2C0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00460290 |
0_2_00460290 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0045E606 |
0_2_0045E606 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0043A740 |
0_2_0043A740 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0045A780 |
0_2_0045A780 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004507B2 |
0_2_004507B2 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0046E8E0 |
0_2_0046E8E0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0045E8F1 |
0_2_0045E8F1 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0046A9D0 |
0_2_0046A9D0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00470A30 |
0_2_00470A30 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0045EAA4 |
0_2_0045EAA4 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0046CBF0 |
0_2_0046CBF0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0045ACC0 |
0_2_0045ACC0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00464D4E |
0_2_00464D4E |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00450D10 |
0_2_00450D10 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0045ED1E |
0_2_0045ED1E |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00456DB0 |
0_2_00456DB0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0046EE60 |
0_2_0046EE60 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00424FC0 |
0_2_00424FC0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00464F9E |
0_2_00464F9E |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004570C0 |
0_2_004570C0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0045F150 |
0_2_0045F150 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004AD276 |
0_2_004AD276 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0045D3F0 |
0_2_0045D3F0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0046B470 |
0_2_0046B470 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004574F0 |
0_2_004574F0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0045F620 |
0_2_0045F620 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004B163D |
0_2_004B163D |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0044D7F0 |
0_2_0044D7F0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0045F850 |
0_2_0045F850 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00423AD0 |
0_2_00423AD0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0044DB20 |
0_2_0044DB20 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0045DC30 |
0_2_0045DC30 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0045BF70 |
0_2_0045BF70 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0042DF30 |
0_2_0042DF30 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: String function: 004567F0 appears 73 times |
|
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: String function: 00456570 appears 37 times |
|
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: String function: 004563E0 appears 73 times |
|
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: String function: 004A7C38 appears 70 times |
|
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: String function: 004B7011 appears 44 times |
|
Source: uCLkYbZQoA.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal72.winEXE@1/0@0/1 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00470ED0 CreateToolhelp32Snapshot,Process32First,Process32Next,FindCloseChangeNotification, |
0_2_00470ED0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0040F400 LoadTypeLib,GetUserDefaultLCID,LHashValOfNameSys,RegisterTypeLib,CoCreateInstance,CoCreateInstance,CoCreateInstance,OleRun,CoCreateInstance,CoCreateInstance, |
0_2_0040F400 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004B6785 __EH_prolog,FindResourceA,LoadResource,LockResource,IsWindowEnabled,EnableWindow,EnableWindow,GetActiveWindow,SetActiveWindow, |
0_2_004B6785 |
Source: uCLkYbZQoA.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: uCLkYbZQoA.exe |
ReversingLabs: Detection: 58% |
Source: uCLkYbZQoA.exe |
Virustotal: Detection: 65% |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: vbscript.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32 |
Jump to behavior |
Source: uCLkYbZQoA.exe |
Static file information: File size 1056768 > 1048576 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00422D50 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary, |
0_2_00422D50 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004A5030 push eax; ret |
0_2_004A505E |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004A7C38 push eax; ret |
0_2_004A7C56 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00421760 IsWindow,IsIconic,SetActiveWindow,IsWindow,IsWindow,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,KiUserCallbackDispatcher,SetWindowPos,IsWindow,SendMessageA,SendMessageA,DestroyAcceleratorTable,IsWindow,IsWindow,IsWindow,IsWindow,IsWindow,GetParent,GetFocus,IsWindow,SendMessageA,IsWindow,GetFocus,SetFocus, |
0_2_00421760 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00426B30 DestroyIcon,IsWindowVisible,IsIconic,IsZoomed,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMenu,DeleteMenu,GetSystemMenu, |
0_2_00426B30 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0042AF20 IsIconic,IsZoomed,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,SystemParametersInfoA,IsWindow,ShowWindow, |
0_2_0042AF20 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004A356F MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect, |
0_2_004A356F |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
API coverage: 8.7 % |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe TID: 7292 |
Thread sleep time: -60000s >= -30000s |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004234C0 FindNextFileA,FindClose,FindFirstFileA,FindClose, |
0_2_004234C0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_0042B8A0 FindFirstFileA,FindClose, |
0_2_0042B8A0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004B60FD __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA, |
0_2_004B60FD |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00419130 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA, |
0_2_00419130 |
Source: uCLkYbZQoA.exe, 00000000.00000002.2893370678.00000000005A0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWph^%SystemRoot%\system32\mswsock.dllkt |
Source: uCLkYbZQoA.exe, 00000000.00000003.1699235413.00000000005D9000.00000004.00000020.00020000.00000000.sdmp, uCLkYbZQoA.exe, 00000000.00000003.2300396487.00000000005D9000.00000004.00000020.00020000.00000000.sdmp, uCLkYbZQoA.exe, 00000000.00000002.2893579159.00000000005E3000.00000004.00000020.00020000.00000000.sdmp, uCLkYbZQoA.exe, 00000000.00000003.2300427638.00000000005E2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Process information queried: ProcessInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00422D50 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary, |
0_2_00422D50 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_00449020 GetProcessHeap,OleInitialize,GetModuleFileNameA,SetCurrentDirectoryA,LoadCursorA,GetStockObject,GetCurrentThreadId, |
0_2_00449020 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004A65E0 GetLocalTime,GetSystemTime,GetTimeZoneInformation, |
0_2_004A65E0 |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004B005F GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte, |
0_2_004B005F |
Source: C:\Users\user\Desktop\uCLkYbZQoA.exe |
Code function: 0_2_004B7F51 __EH_prolog,GetVersion, |
0_2_004B7F51 |