Windows Analysis Report
microPHAZIR_5.4.0.135-windows-installer.exe

Overview

General Information

Sample name: microPHAZIR_5.4.0.135-windows-installer.exe
Analysis ID: 1447782
MD5: fca4f3c56e1762703d00881bc8c4b6ce
SHA1: 1f123ffd0e807ed6b26838e6baffb06c57c3f582
SHA256: 12a114e8f0f20fdf0c4924f3539ed6f9a88aad4758b4511662c10e90cbbf37b8
Infos:

Detection

Score: 36
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Signatures

Antivirus detection for URL or domain
Contains functionality for read data from the clipboard
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: http://www.google.com URL Reputation: Label: malware
Uses 32bit PE files
Source: microPHAZIR_5.4.0.135-windows-installer.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File created: C:\Users\user\AppData\Local\Temp\installbuilder_installer.log Jump to behavior
Source: microPHAZIR_5.4.0.135-windows-installer.exe Static PE information: certificate valid
Source: microPHAZIR_5.4.0.135-windows-installer.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH
Source: Binary string: Agent/work/bd24ebda5aee1e55/WebserviceHandler/bin/Release/WebserviceHandlerDLL.pdbFR,mO6 source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699853882.00000000047C5000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004D8E1C FindFirstFileW,FindClose,wcslen,FindFirstFileA,FindClose,GetFileAttributesA,GetFileAttributesA, 0_2_004D8E1C
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File opened: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File opened: C:\Users\user\AppData\Local\Temp\.installbuilder Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File opened: C:\Users\user\AppData\Local\Temp Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_0047433C SendMessageA,recv,SendMessageA,WSAGetLastError, 0_2_0047433C
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1701140434.000000000418B000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000002.2948175140.000000000416E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://blogs.msdn.com/oldnewthing/archive/2003/08/21/54675.aspx
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000002.2948175140.000000000416E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3037154
Source: BR2817.tmp.0.dr String found in binary or memory: http://gcc.gnu.org/bugs.html):
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0H
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0I
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0O
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1701986821.0000000004762000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://tcl.sf.net
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000002.2948615170.000000000425D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://timestamp.apple.com/ts01
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000002.2948462230.000000000421B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.google.com
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1702209513.0000000003FFE000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1701287991.0000000003FFD000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000002.2947923259.0000000003FF8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.inria.fr/koala/colas/mouse-wheel-scroll/
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1702301106.0000000002BAB000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676763557.0000000002BA2000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000002.2943438473.0000000002B79000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002B97000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699823022.0000000002BAA000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1670620147.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1676432287.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699657096.0000000002BA5000.00000004.00000020.00020000.00000000.sdmp, microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699582696.0000000002BA3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00394D28 GetClipboardOwner,OpenClipboard,EmptyClipboard,CloseClipboard, 0_2_00394D28
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003E4BC4 GetSystemMetrics,GetAsyncKeyState,TrackPopupMenu,GetCursorPos,GetAsyncKeyState, 0_2_003E4BC4
Detected potential crypto function
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003A0060 0_2_003A0060
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003BC178 0_2_003BC178
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_0042047C 0_2_0042047C
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00538784 0_2_00538784
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004C8910 0_2_004C8910
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004B4928 0_2_004B4928
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004C0A84 0_2_004C0A84
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004E8BB0 0_2_004E8BB0
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004B8E60 0_2_004B8E60
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00418E98 0_2_00418E98
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004BD178 0_2_004BD178
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003E5164 0_2_003E5164
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00496CC5 0_2_00496CC5
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003C5458 0_2_003C5458
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00531518 0_2_00531518
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004C163C 0_2_004C163C
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00485720 0_2_00485720
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_0053573C 0_2_0053573C
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004C973C 0_2_004C973C
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004F17E4 0_2_004F17E4
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00449874 0_2_00449874
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00539AC4 0_2_00539AC4
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00421A98 0_2_00421A98
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00409B74 0_2_00409B74
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004C9CAC 0_2_004C9CAC
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004CDD3C 0_2_004CDD3C
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00531DCC 0_2_00531DCC
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00535E48 0_2_00535E48
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: String function: 00468DF4 appears 130 times
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: String function: 004417B8 appears 150 times
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: String function: 0053A3E0 appears 67 times
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: String function: 003F2E2C appears 34 times
PE file contains more sections than normal
Source: BR2817.tmp.0.dr Static PE information: Number of sections : 11 > 10
Source: microPHAZIR_5.4.0.135-windows-installer.exe Static PE information: Number of sections : 11 > 10
Sample file is different than original file name gathered from version info
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000000.1670308404.00000000005F4000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamesetup.exeT vs microPHAZIR_5.4.0.135-windows-installer.exe
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000002.2948615170.000000000425D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: windowsResourceOriginalFilename vs microPHAZIR_5.4.0.135-windows-installer.exe
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1701706477.0000000004551000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ::maui::changeExecutableResources::windowsResourceOriginalFilename vs microPHAZIR_5.4.0.135-windows-installer.exe
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1701706477.0000000004551000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C::maui::changeExecutableResources::windowsResourceOriginalFilename8 vs microPHAZIR_5.4.0.135-windows-installer.exe
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1701706477.0000000004551000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: changeExecutableResources::windowsResourceOriginalFilename vs microPHAZIR_5.4.0.135-windows-installer.exe
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1701706477.0000000004551000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: maui::changeExecutableResources::windowsResourceOriginalFilename vs microPHAZIR_5.4.0.135-windows-installer.exe
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: windowsResourceOriginalFilename vs microPHAZIR_5.4.0.135-windows-installer.exe
Source: microPHAZIR_5.4.0.135-windows-installer.exe Binary or memory string: OriginalFilenamesetup.exeT vs microPHAZIR_5.4.0.135-windows-installer.exe
Uses 32bit PE files
Source: microPHAZIR_5.4.0.135-windows-installer.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED
Source: classification engine Classification label: sus36.winEXE@1/29@0/0
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003CDAAC CreateBitmap,GetDC,CreateDIBSection,ReleaseDC,GetLastError,FormatMessageA,MessageBoxA,LocalFree, 0_2_003CDAAC
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File created: C:\Users\user\AppData\Local\Temp\BRL00001dd8 Jump to behavior
Source: microPHAZIR_5.4.0.135-windows-installer.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: microPHAZIR_5.4.0.135-windows-installer.exe String found in binary or memory: -start
Source: microPHAZIR_5.4.0.135-windows-installer.exe String found in binary or memory: -startline must be less than or equal to -endline
Source: microPHAZIR_5.4.0.135-windows-installer.exe String found in binary or memory: -startline
Source: microPHAZIR_5.4.0.135-windows-installer.exe String found in binary or memory: full-stop
Source: microPHAZIR_5.4.0.135-windows-installer.exe String found in binary or memory: -startline must be less than or equal to -endline
Source: microPHAZIR_5.4.0.135-windows-installer.exe String found in binary or memory: E-activebackgroundactiveBackgroundForegroundSystemButtonFaceBlack-activereliefactiveReliefReliefraised-backgroundbackgroundBackgroundWhite-bdborderWidth-bg-borderwidthBorderWidth0-commandcommandCommand-cursorcursorCursor-elementborderwidthelementBorderWidth-1-highlightbackgroundhighlightBackgroundHighlightBackground-highlightcolorhighlightColorHighlightColorSystemWindowFrame-highlightthicknesshighlightThicknessHighlightThickness-jumpjumpJump-orientorientOrientvertical-reliefreliefsunken-repeatdelayrepeatDelayRepeatDelay300-repeatintervalrepeatIntervalRepeatInterval100-takefocustakeFocusTakeFocus-troughcolortroughColorSystemScrollbar-widthwidthWidth100Reached end of text in a matchTextFetchSelection couldn't find end of rangeseeinsertmarksetdeleteModified currenttexttagontagoffimagewindowSelectionoption ?arg arg ...?optionindex1 ?index2 ...?index chars ?tagList chars tagList ...?" is not at a positive distancetab stop "tab alignment-startline must be less than or equal to -endline
Source: microPHAZIR_5.4.0.135-windows-installer.exe String found in binary or memory: -startline
Source: microPHAZIR_5.4.0.135-windows-installer.exe String found in binary or memory: aFbyteindexforwbytesbackbytes %d-autoseparatorsautoSeparatorsAutoSeparators1-backgroundbackgroundBackgroundSystemWindowWhite-bd-borderwidth-bg-blockcursorblockCursorBlockCursorborderWidthBorderWidth-cursorcursorCursorxterm-endline-exportselectionexportSelectionExportSelection-fgforeground-foreground-fontfontFontTkFixedFontForegroundSystemWindowText-heightheightHeight24-highlightbackgroundhighlightBackgroundHighlightBackgroundSystemButtonFace-highlightcolorhighlightColorHighlightColorSystemWindowFrame-highlightthicknesshighlightThicknessHighlightThickness-inactiveselectbackgroundinactiveSelectBackgroundBlack-insertbackgroundinsertBackground-insertborderwidthinsertBorderWidth-insertofftimeinsertOffTimeOffTime300-insertontimeinsertOnTimeOnTime600-insertwidthinsertWidthInsertWidth2-maxundomaxUndoMaxUndo-padxpadXPad-padypadY-reliefreliefReliefsunken-selectbackgroundselectBackgroundSystemHighlight-selectborderwidthselectBorderWidth-selectforegroundselectForegroundSystemHighlightText-setgridsetGridSetGrid-spacing1spacing1Spacing-spacing2spacing2-spacing3spacing3-startline-statestateStatenormal-tabstabsTabs-tabstyletabStyleTabStyletabular-takefocustakeFocusTakeFocus-undoundoUndo-widthwidthWidth80-wrapwrapWrapchar-xscrollcommandxScrollCommandScrollCommand-yscrollcommandyScrollCommand
Source: microPHAZIR_5.4.0.135-windows-installer.exe String found in binary or memory: -start
Source: microPHAZIR_5.4.0.135-windows-installer.exe String found in binary or memory: -activedash-activefill-activeoutline-activeoutlinestipple-activestipple-activewidth0.0-dash-dashoffset0-disableddash-disabledfill-disabledoutline-disabledoutlinestipple-disabledstipple-disabledwidth-extent90-fill-offset0,0-outlineblack-outlineoffset-outlinestipple-start-state-stipple-style-tags-width1.0
Source: microPHAZIR_5.4.0.135-windows-installer.exe String found in binary or memory: b-all-ascii-decreasing-dictionary-exact-glob-increasing-index-inline-integer-nocase-not-real-regexp-sorted-start-subindices-command-indices-unique
Source: microPHAZIR_5.4.0.135-windows-installer.exe String found in binary or memory: ("%.*s%s" arm line %d)-all-about-indices-inline-expanded-line-linestop-lineanchor-start---encodingbytelengthcompareequalfirstindexislastlengthmapmatchrangerepeatreplacereversetolowertouppertotitletrimtrimlefttrimrightwordendwordstart
Source: microPHAZIR_5.4.0.135-windows-installer.exe String found in binary or memory: full-stop
Source: microPHAZIR_5.4.0.135-windows-installer.exe String found in binary or memory: X[:digit:][:space:][:alnum:]_[[:digit:]][^[:digit:]][[:space:]][^[:space:]][[:alnum:]_][^[:alnum:]_]alertESCSOHSTXETXEOTENQACKBELalertBSbackspaceHTtabLFnewlineVTvertical-tabFFform-feedCRcarriage-returnSOSIDLEDC1DC2DC3DC4NAKSYNETBCANEMSUBESCIS4FSIS3GSIS2RSIS1USspaceexclamation-markquotation-marknumber-signdollar-signpercent-signampersandapostropheleft-parenthesisright-parenthesisasteriskplus-signcommahyphenhyphen-minusperiodfull-stopslashsoliduszeroonetwothreefourfivesixseveneightninecolonsemicolonless-than-signequals-signgreater-than-signquestion-markcommercial-atleft-square-bracketbackslashreverse-solidusright-square-bracketcircumflexcircumflex-accentunderscorelow-linegrave-accentleft-braceleft-curly-bracketvertical-lineright-braceright-curly-brackettildeDEL|
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File read: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: pdh.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: wintab32.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: microPHAZIR_5.4.0.135-windows-installer.exe Static PE information: certificate valid
Source: microPHAZIR_5.4.0.135-windows-installer.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: microPHAZIR_5.4.0.135-windows-installer.exe Static file information: File size 29187584 > 1048576
Source: microPHAZIR_5.4.0.135-windows-installer.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1e1e00
Source: microPHAZIR_5.4.0.135-windows-installer.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH
Source: Binary string: Agent/work/bd24ebda5aee1e55/WebserviceHandler/bin/Release/WebserviceHandlerDLL.pdbFR,mO6 source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699853882.00000000047C5000.00000004.00000020.00020000.00000000.sdmp
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003789E4 SHGetFileInfo,SetLayeredWindowAttributes,LoadCursorA,LoadIconA,LoadLibraryA,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,FreeLibrary, 0_2_003789E4
PE file contains sections with non-standard names
Source: microPHAZIR_5.4.0.135-windows-installer.exe Static PE information: section name: .eh_fram
Source: BR2817.tmp.0.dr Static PE information: section name: .qtmetad
Source: BR2817.tmp.0.dr Static PE information: section name: .eh_fram
Source: BR1D20.tmp.0.dr Static PE information: section name: .eh_fram
Source: BR1DCE.tmp.0.dr Static PE information: section name: .eh_fram
Source: BR1E2C.tmp.0.dr Static PE information: section name: .eh_fram
Source: BR1E4D.tmp.0.dr Static PE information: section name: .eh_fram
Source: BR1E9D.tmp.0.dr Static PE information: section name: /4
Source: BR24D9.tmp.0.dr Static PE information: section name: .eh_fram
Source: BR24E9.tmp.0.dr Static PE information: section name: .eh_fram
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_0046CAD0 push eax; mov dword ptr [esp], ebp 0_2_0046CC83
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_0046CCA0 push eax; mov dword ptr [esp], edi 0_2_0046CDBA
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00458DDC push ecx; mov dword ptr [esp], 00000000h 0_2_00458E02
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00458DDC push edx; mov dword ptr [esp], eax 0_2_00458E0F
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004D73EC push ebp; mov dword ptr [esp], 00000002h 0_2_004D77C2
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003C8068 push ecx; mov dword ptr [esp], esi 0_2_003C83D7
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003E41AC push ecx; mov dword ptr [esp], edi 0_2_003E4372
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004D83A8 push eax; mov dword ptr [esp], ebx 0_2_004D84C1
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_0052842C push ecx; mov dword ptr [esp], eax 0_2_00528431
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_0046C844 push ecx; mov dword ptr [esp], 005EC084h 0_2_0046C88B
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003DC800 push ebx; mov dword ptr [esp], esi 0_2_003DC854
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00474C44 push eax; mov dword ptr [esp], 00585694h 0_2_00474CB5
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004DD194 push eax; mov dword ptr [esp], 005EC9C0h 0_2_004DD22C
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004DD26C push eax; mov dword ptr [esp], 005EC9C0h 0_2_004DD2A8
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003DD460 push ebx; mov dword ptr [esp], esi 0_2_003DD658
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003DD460 push ebx; mov dword ptr [esp], esi 0_2_003DD9DD
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003795A4 push eax; mov dword ptr [esp], ebx 0_2_00379B88
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003D17E0 push edi; mov dword ptr [esp], ebx 0_2_003D1C87
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00475EBC push eax; mov dword ptr [esp], 005EC364h 0_2_00475F76
Drops PE files
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File created: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1E4D.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File created: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR24E9.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File created: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR2817.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File created: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1DCE.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File created: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR24D9.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File created: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1E8C.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File created: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1D20.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File created: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1D5F.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File created: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1E2C.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File created: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1E9D.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File created: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1FE6.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004D83A8 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,strchr,FreeLibrary,FreeLibrary,GetPrivateProfileStringA,GetWindowsDirectoryW,GetWindowsDirectoryA,lstrlenW, 0_2_004D83A8
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File created: C:\Users\user\AppData\Local\Temp\installbuilder_installer.log Jump to behavior
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00378408 IsIconic,IsZoomed,AdjustWindowRectEx,SendMessageA,SendMessageA,GetSystemMetrics,MoveWindow,GetWindowRect,GetClientRect,MoveWindow,DrawMenuBar, 0_2_00378408
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1E4D.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR24E9.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR2817.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1DCE.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR24D9.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1E8C.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1D5F.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1D20.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1E2C.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1E9D.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001dd8\BR1FE6.tmp Jump to dropped file
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_004D8E1C FindFirstFileW,FindClose,wcslen,FindFirstFileA,FindClose,GetFileAttributesA,GetFileAttributesA, 0_2_004D8E1C
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_0049EC00 GetSystemInfo,VirtualQuery, 0_2_0049EC00
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File opened: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File opened: C:\Users\user\AppData\Local\Temp\.installbuilder Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File opened: C:\Users\user\AppData\Local\Temp Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000002.2944521181.0000000003522000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware InstallBuilder ?
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Loodud VMware InstallBuilderi avatud l
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ]Luotu VMware InstallBuilderin kokeiluversiollaecifique un directorior.
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000002.2944521181.0000000003522000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware InstallBuilder
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: qErstellt mit einer Testversion des VMware InstallBuilders\nn
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ico VMware InstallBuilderjazli
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Creato con una licenza Open Source di VMware InstallBuilder per %1$s
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699675503.000000000412C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware InstallBuilder for Qt - Windows
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Erstellt mit einer Testversion des VMware InstallBuilder
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: a Open Source do VMware InstallBuilder para %1$sSelection.Select=Selecione o Java(tm) Runtime a usar
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: a Open Source do VMware InstallBuilder para %1$s
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1701986821.0000000004762000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: lappend Btvxo /Library/Java/JavaVirtualMachines/*/Home/bin/java /Library/Java/JavaVirtualMachines/*/*/Home/bin/java
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: wersji demonstracyjnej programu VMware InstallBuilder
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: licencji Open Source programu VMware InstallBuilder dla %1$s
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000002.2948615170.000000000425D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: tip {Only available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files}
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000002.2943194039.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: o do programa VMware InstallBuilder
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Installer.OpenSourceVersion.Text=Loodud VMware InstallBuilderi avatud l
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ico VMware InstallBuilderjaeden za
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: rderingsversion av VMware InstallBuilder
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Creato con una versione di valutazione di VMware InstallBuilder
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Created with an evaluation version of VMware InstallBuilder
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Erstellt mit einer Open Source Lizenz von VMware InstallBuilder f
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1701905774.00000000051A4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: if {[string match *BITROCKOEM* [$licenseInfo cget -organization]] || [string match *VMWAREOEM* [$licenseInfo cget -organization]]} {
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: wCreated with an evaluation version of VMware InstallBuilder
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: rderingsversion av VMware InstallBuilderenden f
Source: BR2817.tmp.0.dr Binary or memory string: 21QEmulationPaintEngine
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ico VMware InstallBuilderja
Source: microPHAZIR_5.4.0.135-windows-installer.exe, 00000000.00000003.1699767126.00000000058B9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Luotu VMware InstallBuilderin kokeiluversiolla
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003789E4 SHGetFileInfo,SetLayeredWindowAttributes,LoadCursorA,LoadIconA,LoadLibraryA,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,FreeLibrary, 0_2_003789E4
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00470168 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree, 0_2_00470168
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00361000 SetUnhandledExceptionFilter,__getmainargs,_iob,_setmode,_setmode,_setmode,__p__fmode,__p__environ,_cexit,ExitProcess,signal,signal,signal,signal,signal,signal, 0_2_00361000
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: InitCommonControlsEx,RegisterClassA,GetKeyboardLayout,GetLocaleInfoA,TranslateCharsetInfo, 0_2_00394390
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\wmImage.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\wmImage.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\logoImage.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\logoImage.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\leftImage.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\leftImage.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\splashImage.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\splashImage.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\open_directory-16px.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Users\user\AppData\Local\Temp\.installbuilder\.tmp_7640_9228136\open_directory-16px.png VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Queries time zone information
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation Bias Jump to behavior
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_0046C2C0 getenv,strspn,GetTimeZoneInformation, 0_2_0046C2C0
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_003D4198 _strnicmp,_stricmp,GetSysColor,GetVersion, 0_2_003D4198
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\microPHAZIR_5.4.0.135-windows-installer.exe Code function: 0_2_00474644 socket,SetHandleInformation,bind,connect,ioctlsocket,SendMessageA,WSAGetLastError,closesocket,ioctlsocket,bind,listen,WSAGetLastError, 0_2_00474644
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1447782 Sample: microPHAZIR_5.4.0.135-windo... Startdate: 27/05/2024 Architecture: WINDOWS Score: 36 16 Antivirus detection for URL or domain 2->16 5 microPHAZIR_5.4.0.135-windows-installer.exe 1 33 2->5         started        process3 file4 8 C:\Users\user\AppData\Local\...\BR2817.tmp, PE32 5->8 dropped 10 C:\Users\user\AppData\Local\...\BR24E9.tmp, PE32 5->10 dropped 12 C:\Users\user\AppData\Local\...\BR24D9.tmp, PE32 5->12 dropped 14 8 other files (none is malicious) 5->14 dropped
No contacted IP infos