Source: PI_230524.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: PI_230524.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\PI_230524.exe |
Code function: 0_2_00402765 FindFirstFileA, |
0_2_00402765 |
Source: C:\Users\user\Desktop\PI_230524.exe |
Code function: 0_2_004062F0 FindFirstFileA,FindClose, |
0_2_004062F0 |
Source: C:\Users\user\Desktop\PI_230524.exe |
Code function: 0_2_004057B5 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, |
0_2_004057B5 |
Source: PI_230524.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_Error |
Source: PI_230524.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: PI_230524.exe, 00000000.00000003.1471681218.0000000000A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://nsis.sf.net/NSIS_Errors |
Source: C:\Users\user\Desktop\PI_230524.exe |
Code function: 0_2_00405252 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_00405252 |
Source: C:\Users\user\Desktop\PI_230524.exe |
Code function: 0_2_00403248 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403248 |
Source: PI_230524.exe, 00000000.00000000.1470807486.00000000007CC000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamesemirelief.exeP vs PI_230524.exe |
Source: PI_230524.exe |
Binary or memory string: OriginalFilenamesemirelief.exeP vs PI_230524.exe |
Source: PI_230524.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean3.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\PI_230524.exe |
Code function: 0_2_00403248 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403248 |
Source: C:\Users\user\Desktop\PI_230524.exe |
Code function: 0_2_0040450D GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, |
0_2_0040450D |
Source: C:\Users\user\Desktop\PI_230524.exe |
Code function: 0_2_00402138 CoCreateInstance,MultiByteToWideChar, |
0_2_00402138 |
Source: C:\Users\user\Desktop\PI_230524.exe |
File created: C:\Users\user\AppData\Local\Temp\nsr7BEF.tmp |
Jump to behavior |
Source: PI_230524.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\PI_230524.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
File read: C:\Users\user\Desktop\PI_230524.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 |
Jump to behavior |
Source: PI_230524.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: PI_230524.exe |
Static PE information: real checksum: 0x878b3 should be: 0x8fe0e |
Source: C:\Users\user\Desktop\PI_230524.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_230524.exe |
API coverage: 9.4 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\PI_230524.exe |
Code function: 0_2_00402765 FindFirstFileA, |
0_2_00402765 |
Source: C:\Users\user\Desktop\PI_230524.exe |
Code function: 0_2_004062F0 FindFirstFileA,FindClose, |
0_2_004062F0 |
Source: C:\Users\user\Desktop\PI_230524.exe |
Code function: 0_2_004057B5 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, |
0_2_004057B5 |
Source: C:\Users\user\Desktop\PI_230524.exe |
API call chain: ExitProcess graph end node |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\PI_230524.exe |
Code function: 0_2_00403248 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403248 |