Windows Analysis Report
3GNEyUm2j4.exe

Overview

General Information

Sample name: 3GNEyUm2j4.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name: 416ed19e022360adc33e72f89538dbff240a37cfc153fa6499ec4316b63546a1
Analysis ID: 1447774
MD5: 2689116ca367a1eb71a4b6b1b84a990b
SHA1: 05d12a0a9de6220703bc7d2ec68c6bf869d5bf91
SHA256: 416ed19e022360adc33e72f89538dbff240a37cfc153fa6499ec4316b63546a1

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Detected potential crypto function
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Program does not show much activity (idle)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: 3GNEyUm2j4.exe Virustotal: Detection: 9% Perma Link
Source: 3GNEyUm2j4.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\4shawty\Desktop\Alcatraz-master\x64\Release\Alcatraz-gui.pdbR source: 3GNEyUm2j4.exe
Source: Binary string: : genericsystem: "", "existsfile_sizeSymInitialize failed!.pdbNo linked pdb file.Couldn't find linked pdb file.SymLoadModuleEx failed!unexpected error during pdbparser setupcouldn't enum symbolsinvalid string positioniostreambad castbad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setbinary path doesn't exist!couldn't open input binary!input binary isn't a valid pe file!Alcatraz doesn't support 32bit binaries!section name can't be longer than 8 characters!couldn't open output binary!couldn't write output binary! source: 3GNEyUm2j4.exe
Source: Binary string: C:\Users\4shawty\Desktop\Alcatraz-master\x64\Release\Alcatraz-gui.pdb source: 3GNEyUm2j4.exe
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CCC1EC GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle, 0_2_00007FF7F0CCC1EC
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CAAB40 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard, 0_2_00007FF7F0CAAB40
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CAACA0 OpenClipboard,MultiByteToWideChar,GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,CloseClipboard, 0_2_00007FF7F0CAACA0
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CAAB40 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard, 0_2_00007FF7F0CAAB40
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CBDE10 GetClientRect,QueryPerformanceCounter,GetForegroundWindow,ClientToScreen,SetCursorPos,GetCursorPos,ScreenToClient,GetKeyState,GetKeyState,GetKeyState,GetKeyState, 0_2_00007FF7F0CBDE10
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CBE757 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState, 0_2_00007FF7F0CBE757
Detected potential crypto function
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C991F0 0_2_00007FF7F0C991F0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CCC1EC 0_2_00007FF7F0CCC1EC
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CA9210 0_2_00007FF7F0CA9210
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C841A0 0_2_00007FF7F0C841A0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CE99CC 0_2_00007FF7F0CE99CC
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CA21C0 0_2_00007FF7F0CA21C0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CA7170 0_2_00007FF7F0CA7170
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CCA170 0_2_00007FF7F0CCA170
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C81960 0_2_00007FF7F0C81960
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C89180 0_2_00007FF7F0C89180
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CAE920 0_2_00007FF7F0CAE920
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C84120 0_2_00007FF7F0C84120
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CE393C 0_2_00007FF7F0CE393C
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CAFB10 0_2_00007FF7F0CAFB10
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CED308 0_2_00007FF7F0CED308
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C9130E 0_2_00007FF7F0C9130E
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C9EAD0 0_2_00007FF7F0C9EAD0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CDBAC4 0_2_00007FF7F0CDBAC4
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CB3270 0_2_00007FF7F0CB3270
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CCA260 0_2_00007FF7F0CCA260
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CF4260 0_2_00007FF7F0CF4260
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CAD290 0_2_00007FF7F0CAD290
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CC4A20 0_2_00007FF7F0CC4A20
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CA8A40 0_2_00007FF7F0CA8A40
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CA7B90 0_2_00007FF7F0CA7B90
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CBC390 0_2_00007FF7F0CBC390
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C84B40 0_2_00007FF7F0C84B40
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CDE4EC 0_2_00007FF7F0CDE4EC
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CDFCF8 0_2_00007FF7F0CDFCF8
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CC8CA0 0_2_00007FF7F0CC8CA0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C8245E 0_2_00007FF7F0C8245E
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CB2480 0_2_00007FF7F0CB2480
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C99610 0_2_00007FF7F0C99610
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CBDE10 0_2_00007FF7F0CBDE10
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CDADD0 0_2_00007FF7F0CDADD0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C9B5C0 0_2_00007FF7F0C9B5C0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CBC580 0_2_00007FF7F0CBC580
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CC2520 0_2_00007FF7F0CC2520
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CB2D20 0_2_00007FF7F0CB2D20
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CBAD40 0_2_00007FF7F0CBAD40
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CB9D40 0_2_00007FF7F0CB9D40
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CC76E0 0_2_00007FF7F0CC76E0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CB1F10 0_2_00007FF7F0CB1F10
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C986B0 0_2_00007FF7F0C986B0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C90EB0 0_2_00007FF7F0C90EB0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CC6EB0 0_2_00007FF7F0CC6EB0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C8AED0 0_2_00007FF7F0C8AED0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CDDED0 0_2_00007FF7F0CDDED0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CA3690 0_2_00007FF7F0CA3690
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CA2E30 0_2_00007FF7F0CA2E30
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CBCFF0 0_2_00007FF7F0CBCFF0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CC8010 0_2_00007FF7F0CC8010
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CB4810 0_2_00007FF7F0CB4810
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CE4804 0_2_00007FF7F0CE4804
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CB7FB0 0_2_00007FF7F0CB7FB0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CCAFB0 0_2_00007FF7F0CCAFB0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CD17B0 0_2_00007FF7F0CD17B0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CB2FD0 0_2_00007FF7F0CB2FD0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CBD7C0 0_2_00007FF7F0CBD7C0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CDBFBC 0_2_00007FF7F0CDBFBC
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CBE757 0_2_00007FF7F0CBE757
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C84F80 0_2_00007FF7F0C84F80
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CC1F30 0_2_00007FF7F0CC1F30
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C9D080 0_2_00007FF7F0C9D080
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0C8E030 0_2_00007FF7F0C8E030
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CB1830 0_2_00007FF7F0CB1830
Source: classification engine Classification label: mal48.winEXE@1/0@0/0
Source: 3GNEyUm2j4.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: 3GNEyUm2j4.exe Virustotal: Detection: 9%
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Section loaded: zydis.dll Jump to behavior
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Section loaded: d3dcompiler_47.dll Jump to behavior
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Section loaded: asmjit.dll Jump to behavior
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Section loaded: dxgi.dll Jump to behavior
Source: 3GNEyUm2j4.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: 3GNEyUm2j4.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 3GNEyUm2j4.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 3GNEyUm2j4.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 3GNEyUm2j4.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 3GNEyUm2j4.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 3GNEyUm2j4.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: 3GNEyUm2j4.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: 3GNEyUm2j4.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\4shawty\Desktop\Alcatraz-master\x64\Release\Alcatraz-gui.pdbR source: 3GNEyUm2j4.exe
Source: Binary string: : genericsystem: "", "existsfile_sizeSymInitialize failed!.pdbNo linked pdb file.Couldn't find linked pdb file.SymLoadModuleEx failed!unexpected error during pdbparser setupcouldn't enum symbolsinvalid string positioniostreambad castbad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setbinary path doesn't exist!couldn't open input binary!input binary isn't a valid pe file!Alcatraz doesn't support 32bit binaries!section name can't be longer than 8 characters!couldn't open output binary!couldn't write output binary! source: 3GNEyUm2j4.exe
Source: Binary string: C:\Users\4shawty\Desktop\Alcatraz-master\x64\Release\Alcatraz-gui.pdb source: 3GNEyUm2j4.exe
Source: 3GNEyUm2j4.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 3GNEyUm2j4.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 3GNEyUm2j4.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 3GNEyUm2j4.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 3GNEyUm2j4.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CCAFB0 GetModuleHandleW,RegisterClassExW,CreateWindowExW,D3D11CreateDeviceAndSwapChain,UnregisterClassW,ShowWindow,ShowWindow,UpdateWindow,QueryPerformanceFrequency,QueryPerformanceCounter,LoadLibraryA,GetProcAddress,GetProcAddress,PeekMessageW,TranslateMessage,DispatchMessageW,PeekMessageW,FreeLibrary,DestroyWindow,UnregisterClassW, 0_2_00007FF7F0CCAFB0
PE file contains sections with non-standard names
Source: 3GNEyUm2j4.exe Static PE information: section name: _RDATA
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CCC1EC GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle, 0_2_00007FF7F0CCC1EC
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CCE424 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7F0CCE424
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CCAFB0 GetModuleHandleW,RegisterClassExW,CreateWindowExW,D3D11CreateDeviceAndSwapChain,UnregisterClassW,ShowWindow,ShowWindow,UpdateWindow,QueryPerformanceFrequency,QueryPerformanceCounter,LoadLibraryA,GetProcAddress,GetProcAddress,PeekMessageW,TranslateMessage,DispatchMessageW,PeekMessageW,FreeLibrary,DestroyWindow,UnregisterClassW, 0_2_00007FF7F0CCAFB0
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CCD9A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF7F0CCD9A0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CCE424 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7F0CCE424
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CCE608 SetUnhandledExceptionFilter, 0_2_00007FF7F0CCE608
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CD40B4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7F0CD40B4
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 0_2_00007FF7F0CF22AC
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: EnumSystemLocalesW, 0_2_00007FF7F0CF1BC4
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: GetLocaleInfoW, 0_2_00007FF7F0CE8B90
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: EnumSystemLocalesW, 0_2_00007FF7F0CF1C94
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: GetLocaleInfoEx,FormatMessageA, 0_2_00007FF7F0CCBEF0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: EnumSystemLocalesW, 0_2_00007FF7F0CE87A0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 0_2_00007FF7F0CF20D0
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, 0_2_00007FF7F0CF1878
Source: C:\Users\user\Desktop\3GNEyUm2j4.exe Code function: 0_2_00007FF7F0CDF450 GetSystemTimeAsFileTime, 0_2_00007FF7F0CDF450
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1447774 Sample: 3GNEyUm2j4 Startdate: 27/05/2024 Architecture: WINDOWS Score: 48 7 Multi AV Scanner detection for submitted file 2->7 5 3GNEyUm2j4.exe 2->5         started        process3
No contacted IP infos