Source: PI_20052024.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: PI_20052024.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Code function: 0_2_00406435 FindFirstFileA,FindClose, |
0_2_00406435 |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Code function: 0_2_00405889 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, |
0_2_00405889 |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Code function: 0_2_004027A1 FindFirstFileA, |
0_2_004027A1 |
Source: PI_20052024.exe, 00000000.00000002.1498884560.00000000004A8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://nsis.sf.ne |
Source: PI_20052024.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_Error |
Source: PI_20052024.exe, 00000000.00000003.1454163323.00000000004BF000.00000004.00000020.00020000.00000000.sdmp, PI_20052024.exe, 00000000.00000002.1498884560.00000000004A8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://nsis.sf.net/NSIS_Error( |
Source: PI_20052024.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Code function: 0_2_00405326 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_00405326 |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Code function: 0_2_00403312 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403312 |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Code function: 0_2_004067BE |
0_2_004067BE |
Source: PI_20052024.exe, 00000000.00000000.1453442898.000000000043B000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamekvldet altsaxofonisters.exeDVarFileInfo$ vs PI_20052024.exe |
Source: PI_20052024.exe |
Binary or memory string: OriginalFilenamekvldet altsaxofonisters.exeDVarFileInfo$ vs PI_20052024.exe |
Source: PI_20052024.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean4.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Code function: 0_2_00403312 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403312 |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Code function: 0_2_004045D7 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, |
0_2_004045D7 |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Code function: 0_2_0040216B CoCreateInstance,MultiByteToWideChar, |
0_2_0040216B |
Source: C:\Users\user\Desktop\PI_20052024.exe |
File created: C:\Users\user\AppData\Local\Temp\nsvCAFB.tmp |
Jump to behavior |
Source: PI_20052024.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\PI_20052024.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
File read: C:\Users\user\Desktop\PI_20052024.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 |
Jump to behavior |
Source: PI_20052024.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: PI_20052024.exe |
Static PE information: real checksum: 0x9af8f should be: 0x6fdac |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PI_20052024.exe |
API coverage: 8.2 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Code function: 0_2_00406435 FindFirstFileA,FindClose, |
0_2_00406435 |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Code function: 0_2_00405889 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, |
0_2_00405889 |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Code function: 0_2_004027A1 FindFirstFileA, |
0_2_004027A1 |
Source: PI_20052024.exe, 00000000.00000003.1454163323.00000000004BF000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: C:\Users\user\Desktop\PI_20052024.exe |
API call chain: ExitProcess graph end node |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\PI_20052024.exe |
Code function: 0_2_00403312 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403312 |