Windows Analysis Report
sj-pulse-ui.exe

Overview

General Information

Sample name: sj-pulse-ui.exe
Analysis ID: 1448093
MD5: 7c31efbc0efc3eff68a757d54b79eabe
SHA1: dce503c7c1bc3d4d68962d7e3ade1843bf6a31c6
SHA256: edbaee073e27719fee3e7efb521feeb1902c02e8add6d85804dcdb794ada3521
Infos:

Detection

Score: 3
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Detected potential crypto function
Found potential string decryption / allocating functions
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Source: sj-pulse-ui.exe Static PE information: certificate valid
Source: sj-pulse-ui.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\cmakebuild\Release\bin\sj-pulse-ui.pdb source: sj-pulse-ui.exe
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFDFF588 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,CloseHandle,CloseHandle,abort, 0_2_00007FF7DFDFF588
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFDFF514 FindClose,abort,FindFirstFileExW,GetLastError, 0_2_00007FF7DFDFF514
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD94E90 WSARecv,#111, 0_2_00007FF7DFD94E90
Source: sj-pulse-ui.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: sj-pulse-ui.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: sj-pulse-ui.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: sj-pulse-ui.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: sj-pulse-ui.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: sj-pulse-ui.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: sj-pulse-ui.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: sj-pulse-ui.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: sj-pulse-ui.exe String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: sj-pulse-ui.exe String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: sj-pulse-ui.exe String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: sj-pulse-ui.exe String found in binary or memory: http://ocsp.digicert.com0
Source: sj-pulse-ui.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: sj-pulse-ui.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: sj-pulse-ui.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: sj-pulse-ui.exe String found in binary or memory: http://pixelspread.comThis
Source: sj-pulse-ui.exe String found in binary or memory: http://scripts.sil.org/OFLhttp://sc
Source: sj-pulse-ui.exe String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLOpen
Source: sj-pulse-ui.exe String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayThinRalewayRomanWeightExtraLight
Source: sj-pulse-ui.exe String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayThinRalewayRomanWeightExtraLightLightMedi
Source: sj-pulse-ui.exe String found in binary or memory: http://theleagueofmoveabletype.comhttp://pixelspread.comThis
Source: sj-pulse-ui.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: sj-pulse-ui.exe String found in binary or memory: http://www.gimp.org/xmp/
Source: sj-pulse-ui.exe String found in binary or memory: https://github.com/rsms/inter)InterRegular3.019;RSMS;Inter-RegularInter
Source: sj-pulse-ui.exe String found in binary or memory: https://rsms.me/This
Detected potential crypto function
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD920E0 0_2_00007FF7DFD920E0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD6F0C0 0_2_00007FF7DFD6F0C0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD83070 0_2_00007FF7DFD83070
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD78070 0_2_00007FF7DFD78070
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD75040 0_2_00007FF7DFD75040
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD5EFA0 0_2_00007FF7DFD5EFA0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD9DE83 0_2_00007FF7DFD9DE83
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD94E90 0_2_00007FF7DFD94E90
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD4AE90 0_2_00007FF7DFD4AE90
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFDBDDA0 0_2_00007FF7DFDBDDA0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD99D90 0_2_00007FF7DFD99D90
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD5ECE0 0_2_00007FF7DFD5ECE0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD7DCE0 0_2_00007FF7DFD7DCE0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD4BCF0 0_2_00007FF7DFD4BCF0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD91CB0 0_2_00007FF7DFD91CB0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD5DB50 0_2_00007FF7DFD5DB50
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD979C0 0_2_00007FF7DFD979C0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFDD69D0 0_2_00007FF7DFDD69D0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD4B9D0 0_2_00007FF7DFD4B9D0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD86860 0_2_00007FF7DFD86860
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD587E0 0_2_00007FF7DFD587E0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD6F790 0_2_00007FF7DFD6F790
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD41740 0_2_00007FF7DFD41740
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFDC6730 0_2_00007FF7DFDC6730
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD63730 0_2_00007FF7DFD63730
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD73710 0_2_00007FF7DFD73710
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD91630 0_2_00007FF7DFD91630
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFDD6630 0_2_00007FF7DFDD6630
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD6F600 0_2_00007FF7DFD6F600
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD925C0 0_2_00007FF7DFD925C0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD835A0 0_2_00007FF7DFD835A0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFDFF588 0_2_00007FF7DFDFF588
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFDA5530 0_2_00007FF7DFDA5530
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD8F530 0_2_00007FF7DFD8F530
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD4C4F0 0_2_00007FF7DFD4C4F0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD744F0 0_2_00007FF7DFD744F0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFDCE460 0_2_00007FF7DFDCE460
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFDB6450 0_2_00007FF7DFDB6450
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD4A450 0_2_00007FF7DFD4A450
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD78450 0_2_00007FF7DFD78450
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD6F450 0_2_00007FF7DFD6F450
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD7B400 0_2_00007FF7DFD7B400
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD553E0 0_2_00007FF7DFD553E0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD90320 0_2_00007FF7DFD90320
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD43220 0_2_00007FF7DFD43220
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFDC21D0 0_2_00007FF7DFDC21D0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD801D0 0_2_00007FF7DFD801D0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD6C1D0 0_2_00007FF7DFD6C1D0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD671A0 0_2_00007FF7DFD671A0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD87166 0_2_00007FF7DFD87166
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD4D140 0_2_00007FF7DFD4D140
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: String function: 00007FF7DFD44990 appears 91 times
Sample file is different than original file name gathered from version info
Source: sj-pulse-ui.exe Binary or memory string: OriginalFilename vs sj-pulse-ui.exe
Source: classification engine Classification label: clean3.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFDCE460 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,#2,#6,CoSetProxyBlanket,#6,#6,#8,#2,#8,#12,#2,#9,#6,#9,#2,#8,#12,#2,#9,#6,#9,#9,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,CoUninitialize, 0_2_00007FF7DFDCE460
Source: sj-pulse-ui.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: sj-pulse-ui.exe String found in binary or memory: Accept-Additions
Source: sj-pulse-ui.exe String found in binary or memory: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v6.ipp
Source: sj-pulse-ui.exe String found in binary or memory: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v4.ipp
Source: sj-pulse-ui.exe String found in binary or memory: Originator-Return-Address
Source: sj-pulse-ui.exe String found in binary or memory: MMHS-Exempted-Address
Source: sj-pulse-ui.exe String found in binary or memory: List-Help
Source: sj-pulse-ui.exe String found in binary or memory: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v4.ipp
Source: sj-pulse-ui.exe String found in binary or memory: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/detail/reactive_socket_send_op.hpp255.255.255.255to_stringC:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v4.ipp
Source: sj-pulse-ui.exe String found in binary or memory: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v6.ipp
Source: sj-pulse-ui.exe String found in binary or memory: bad address castC:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v6.ipp`c
Source: sj-pulse-ui.exe String found in binary or memory: Accept-Additions
Source: sj-pulse-ui.exe String found in binary or memory: List-Help
Source: sj-pulse-ui.exe String found in binary or memory: MMHS-Exempted-Address
Source: sj-pulse-ui.exe String found in binary or memory: Originator-Return-Address
Source: sj-pulse-ui.exe String found in binary or memory: <unknown-field>A-IMAcceptAccept-AdditionsAccept-CharsetAccept-DatetimeAccept-EncodingAccept-FeaturesAccept-LanguageAccept-PatchAccept-PostAccept-RangesAccess-ControlAccess-Control-Allow-CredentialsAccess-Control-Allow-HeadersAccess-Control-Allow-MethodsAccess-Control-Allow-OriginAccess-Control-Expose-HeadersAccess-Control-Max-AgeAccess-Control-Request-HeadersAccess-Control-Request-MethodAgeAllowALPNAlso-ControlAlt-SvcAlt-UsedAlternate-RecipientAlternatesApparently-ToApply-To-Redirect-RefApprovedArchiveArchived-AtArticle-NamesArticle-UpdatesAuthentication-ControlAuthentication-InfoAuthentication-ResultsAuthorizationAuto-SubmittedAutoforwardedAutosubmittedBaseBccBodyC-ExtC-ManC-OptC-PEPC-PEP-InfoCache-ControlCalDAV-TimezonesCancel-KeyCancel-LockCcCloseCommentsComplianceConnectionContent-AlternativeContent-BaseContent-DescriptionContent-DispositionContent-DurationContent-EncodingContent-featuresContent-IDContent-IdentifierContent-LanguageContent-LengthContent-LocationContent-MD5Content-RangeContent-ReturnContent-Script-TypeContent-Style-TypeContent-Transfer-EncodingContent-TypeContent-VersionControlConversionConversion-With-LossCookieCookie2CostDASLDateDate-ReceivedDAVDefault-StyleDeferred-DeliveryDelivery-DateDelta-BaseDepthDerived-FromDestinationDifferential-IDDigestDiscarded-X400-IPMS-ExtensionsDiscarded-X400-MTS-ExtensionsDisclose-RecipientsDisposition-Notification-OptionsDisposition-Notification-ToDistributionDKIM-SignatureDL-Expansion-HistoryDowngraded-BccDowngraded-CcDowngraded-Disposition-Notification-ToDowngraded-Final-RecipientDowngraded-FromDowngraded-In-Reply-ToDowngraded-Mail-FromDowngraded-Message-IdDowngraded-Original-RecipientDowngraded-Rcpt-ToDowngraded-ReferencesDowngraded-Reply-ToDowngraded-Resent-BccDowngraded-Resent-CcDowngraded-Resent-FromDowngraded-Resent-Reply-ToDowngraded-Resent-SenderDowngraded-Resent-ToDowngraded-Return-PathDowngraded-SenderDowngraded-ToEDIINT-FeaturesEesst-VersionEncodingEncryptedErrors-ToETagExpectExpiresExpiry-DateExtFollowup-ToForwardedFromGenerate-Delivery-ReportGetProfileHobaregHostHTTP2-SettingsIfIf-MatchIf-Modified-SinceIf-None-MatchIf-RangeIf-Schedule-Tag-MatchIf-Unmodified-SinceIMImportanceIn-Reply-ToIncomplete-CopyInjection-DateInjection-InfoJabber-IDKeep-AliveKeywordsLabelLanguageLast-ModifiedLatest-Delivery-TimeLinesLinkList-ArchiveList-HelpList-IDList-OwnerList-PostList-SubscribeList-UnsubscribeList-Unsubscribe-PostLocationLock-TokenManMax-ForwardsMemento-DatetimeMessage-ContextMessage-IDMessage-TypeMeterMethod-CheckMethod-Check-ExpiresMIME-VersionMMHS-Acp127-Message-IdentifierMMHS-Authorizing-UsersMMHS-Codress-Message-IndicatorMMHS-Copy-PrecedenceMMHS-Exempted-AddressMMHS-Extended-Authorisation-InfoMMHS-Handling-InstructionsMMHS-Message-InstructionsMMHS-Message-TypeMMHS-Originator-PLADMMHS-Originator-ReferenceMMHS-Other-Recipients-Indicator-CCMMHS-Other-Recipients-Indicator-ToMMHS-Primary-PrecedenceMMHS-Subject-Indicator-CodesMT-PriorityNegotiateNewsgroupsNNTP-Posting-DateNNTP-Posting-HostNo
Source: sj-pulse-ui.exe String found in binary or memory: <unknown-field>A-IMAcceptAccept-AdditionsAccept-CharsetAccept-DatetimeAccept-EncodingAccept-FeaturesAccept-LanguageAccept-PatchAccept-PostAccept-RangesAccess-ControlAccess-Control-Allow-CredentialsAccess-Control-Allow-HeadersAccess-Control-Allow-MethodsAccess-Control-Allow-OriginAccess-Control-Expose-HeadersAccess-Control-Max-AgeAccess-Control-Request-HeadersAccess-Control-Request-MethodAgeAllowALPNAlso-ControlAlt-SvcAlt-UsedAlternate-RecipientAlternatesApparently-ToApply-To-Redirect-RefApprovedArchiveArchived-AtArticle-NamesArticle-UpdatesAuthentication-ControlAuthentication-InfoAuthentication-ResultsAuthorizationAuto-SubmittedAutoforwardedAutosubmittedBaseBccBodyC-ExtC-ManC-OptC-PEPC-PEP-InfoCache-ControlCalDAV-TimezonesCancel-KeyCancel-LockCcCloseCommentsComplianceConnectionContent-AlternativeContent-BaseContent-DescriptionContent-DispositionContent-DurationContent-EncodingContent-featuresContent-IDContent-IdentifierContent-LanguageContent-LengthContent-LocationContent-MD5Content-RangeContent-ReturnContent-Script-TypeContent-Style-TypeContent-Transfer-EncodingContent-TypeContent-VersionControlConversionConversion-With-LossCookieCookie2CostDASLDateDate-ReceivedDAVDefault-StyleDeferred-DeliveryDelivery-DateDelta-BaseDepthDerived-FromDestinationDifferential-IDDigestDiscarded-X400-IPMS-ExtensionsDiscarded-X400-MTS-ExtensionsDisclose-RecipientsDisposition-Notification-OptionsDisposition-Notification-ToDistributionDKIM-SignatureDL-Expansion-HistoryDowngraded-BccDowngraded-CcDowngraded-Disposition-Notification-ToDowngraded-Final-RecipientDowngraded-FromDowngraded-In-Reply-ToDowngraded-Mail-FromDowngraded-Message-IdDowngraded-Original-RecipientDowngraded-Rcpt-ToDowngraded-ReferencesDowngraded-Reply-ToDowngraded-Resent-BccDowngraded-Resent-CcDowngraded-Resent-FromDowngraded-Resent-Reply-ToDowngraded-Resent-SenderDowngraded-Resent-ToDowngraded-Return-PathDowngraded-SenderDowngraded-ToEDIINT-FeaturesEesst-VersionEncodingEncryptedErrors-ToETagExpectExpiresExpiry-DateExtFollowup-ToForwardedFromGenerate-Delivery-ReportGetProfileHobaregHostHTTP2-SettingsIfIf-MatchIf-Modified-SinceIf-None-MatchIf-RangeIf-Schedule-Tag-MatchIf-Unmodified-SinceIMImportanceIn-Reply-ToIncomplete-CopyInjection-DateInjection-InfoJabber-IDKeep-AliveKeywordsLabelLanguageLast-ModifiedLatest-Delivery-TimeLinesLinkList-ArchiveList-HelpList-IDList-OwnerList-PostList-SubscribeList-UnsubscribeList-Unsubscribe-PostLocationLock-TokenManMax-ForwardsMemento-DatetimeMessage-ContextMessage-IDMessage-TypeMeterMethod-CheckMethod-Check-ExpiresMIME-VersionMMHS-Acp127-Message-IdentifierMMHS-Authorizing-UsersMMHS-Codress-Message-IndicatorMMHS-Copy-PrecedenceMMHS-Exempted-AddressMMHS-Extended-Authorisation-InfoMMHS-Handling-InstructionsMMHS-Message-InstructionsMMHS-Message-TypeMMHS-Originator-PLADMMHS-Originator-ReferenceMMHS-Other-Recipients-Indicator-CCMMHS-Other-Recipients-Indicator-ToMMHS-Primary-PrecedenceMMHS-Subject-Indicator-CodesMT-PriorityNegotiateNewsgroupsNNTP-Posting-DateNNTP-Posting-HostNo
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: wxmsw32u_core_vc_custom.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: boost_iostreams-vc143-mt-x64-1_83.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: libssl-3-x64.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: libcrypto-3-x64.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: spdlog.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: fmt.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: brotlienc.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: brotlidec.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: wxbase32u_vc_custom.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: msvcp140_atomic_wait.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Section loaded: vcruntime140.dll Jump to behavior
Source: sj-pulse-ui.exe Static PE information: certificate valid
Source: sj-pulse-ui.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: sj-pulse-ui.exe Static file information: File size 1975672 > 1048576
Source: sj-pulse-ui.exe Static PE information: More than 200 imports for wxmsw32u_core_vc_custom.dll
Source: sj-pulse-ui.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: sj-pulse-ui.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: sj-pulse-ui.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: sj-pulse-ui.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: sj-pulse-ui.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: sj-pulse-ui.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: sj-pulse-ui.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: sj-pulse-ui.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\cmakebuild\Release\bin\sj-pulse-ui.pdb source: sj-pulse-ui.exe
Source: sj-pulse-ui.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: sj-pulse-ui.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: sj-pulse-ui.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: sj-pulse-ui.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: sj-pulse-ui.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD5FF77 push rbp; retf 0_2_00007FF7DFD5FF78
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFDFF588 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,CloseHandle,CloseHandle,abort, 0_2_00007FF7DFDFF588
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFDFF514 FindClose,abort,FindFirstFileExW,GetLastError, 0_2_00007FF7DFDFF514
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFE00F38 memset,GetLastError,IsDebuggerPresent,OutputDebugStringW, 0_2_00007FF7DFE00F38
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFE00F38 memset,GetLastError,IsDebuggerPresent,OutputDebugStringW, 0_2_00007FF7DFE00F38
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFE009B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF7DFE009B0
Source: sj-pulse-ui.exe Binary or memory string: Shell_TrayWnd
Source: sj-pulse-ui.exe Binary or memory string: BINARYFailed to load font data from resource.Failed to add loaded fonts to the system resource.RALEWAY_FONTINTER_FONTSoftware\Microsoft\Windows\CurrentVersion\ThemesCurrentThemedark.themeShell_TrayWnd
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: GetLocaleInfoEx,FormatMessageA, 0_2_00007FF7DFDFF0D8
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFE00DB4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_00007FF7DFE00DB4
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD5B110 ?wxEVT_BUTTON@@3V?$wxEventTypeTag@VwxCommandEvent@@@@B,?wxPanelNameStr@@3QBDB,?FromAscii@wxString@@SA?AV1@PEBD@Z,??0wxWindow@@QEAA@PEAV0@HAEBVwxPoint@@AEBVwxSize@@JAEBVwxString@@@Z,??1wxString@@QEAA@XZ,?wxEVT_PAINT@@3V?$wxEventTypeTag@VwxPaintEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,?wxEVT_LEFT_UP@@3V?$wxEventTypeTag@VwxMouseEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,?wxEVT_LEAVE_WINDOW@@3V?$wxEventTypeTag@VwxMouseEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,?wxEVT_ENTER_WINDOW@@3V?$wxEventTypeTag@VwxMouseEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z, 0_2_00007FF7DFD5B110
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD59D80 ?wxPanelNameStr@@3QBDB,?FromAscii@wxString@@SA?AV1@PEBD@Z,??0wxWindow@@QEAA@PEAV0@HAEBVwxPoint@@AEBVwxSize@@JAEBVwxString@@@Z,??1wxString@@QEAA@XZ,??0wxString@@QEAA@AEBV0@@Z,??0wxColour@@QEAA@$$QEAV0@@Z,??0wxColour@@QEAA@$$QEAV0@@Z,??0wxFont@@QEAA@XZ,?GetFont@wxWindowBase@@QEBA?AVwxFont@@XZ,?Ref@wxObject@@QEAAXAEBV1@@Z,??1wxFont@@UEAA@XZ,?MakeBold@wxFont@@QEAAAEAV1@XZ,?wxEVT_PAINT@@3V?$wxEventTypeTag@VwxPaintEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,?wxEVT_LEFT_DOWN@@3V?$wxEventTypeTag@VwxMouseEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,?wxEVT_LEFT_UP@@3V?$wxEventTypeTag@VwxMouseEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,?wxEVT_LEAVE_WINDOW@@3V?$wxEventTypeTag@VwxMouseEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,?wxEVT_ENTER_WINDOW@@3V?$wxEventTypeTag@VwxMouseEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,??1wxColour@@UEAA@XZ,??1wxColour@@UEAA@XZ, 0_2_00007FF7DFD59D80
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD5ACB0 ?wxPanelNameStr@@3QBDB,?FromAscii@wxString@@SA?AV1@PEBD@Z,??0wxPanel@@QEAA@PEAVwxWindow@@HAEBVwxPoint@@AEBVwxSize@@JAEBVwxString@@@Z,??1wxString@@QEAA@XZ,?wxEVT_PAINT@@3V?$wxEventTypeTag@VwxPaintEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,?wxEVT_LEFT_DOWN@@3V?$wxEventTypeTag@VwxMouseEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,?wxEVT_LEFT_UP@@3V?$wxEventTypeTag@VwxMouseEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,?wxEVT_MOTION@@3V?$wxEventTypeTag@VwxMouseEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,?SetMinSize@wxWindowBase@@UEAAXAEBVwxSize@@@Z,?GetSize@wxWindowBase@@QEBA?AVwxSize@@XZ,?wxEVT_BUTTON@@3V?$wxEventTypeTag@VwxCommandEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,?GetSize@wxWindowBase@@QEBA?AVwxSize@@XZ,?wxEVT_BUTTON@@3V?$wxEventTypeTag@VwxCommandEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z, 0_2_00007FF7DFD5ACB0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD587E0 _Thrd_id,_Thrd_join,?_Throw_Cpp_error@std@@YAXH@Z,?_Throw_Cpp_error@std@@YAXH@Z,?wxGetUserId@@YA?AVwxString@@XZ,??0wxFormatString@@QEAA@PEBD@Z,??0?$wxArgNormalizerWchar@AEBVwxString@@@@QEAA@AEBVwxString@@PEBVwxFormatString@@I@Z,?get@?$wxArgNormalizerWchar@AEBVwxString@@@@QEBAPEB_WXZ,?AsWChar@wxFormatString@@AEAAPEB_WXZ,?DoFormatWchar@wxString@@CA?AV1@PEB_WZZ,??1wxString@@QEAA@XZ,??1wxFormatString@@QEAA@XZ,__std_fs_code_page,__std_fs_convert_narrow_to_wide,__std_fs_convert_narrow_to_wide,_invalid_parameter_noinfo_noreturn,?OnInit@wxAppConsoleBase@@UEAA_NXZ,?wxSleep@@YAXH@Z,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,??0wxPNGHandler@@QEAA@XZ,?AddHandler@wxImage@@SAXPEAVwxImageHandler@@@Z,memset,?wxEVT_TIMER@@3V?$wxEventTypeTag@VwxTimerEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,_beginthreadex,_invalid_parameter_noinfo_noreturn,terminate,_invalid_parameter_noinfo_noreturn,??1wxString@@QEAA@XZ,?_Throw_Cpp_error@std@@YAXH@Z, 0_2_00007FF7DFD587E0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD5A6D0 ?wxPanelNameStr@@3QBDB,?FromAscii@wxString@@SA?AV1@PEBD@Z,??0wxPanel@@QEAA@PEAVwxWindow@@HAEBVwxPoint@@AEBVwxSize@@JAEBVwxString@@@Z,??1wxString@@QEAA@XZ,??0wxColour@@QEAA@AEBV0@@Z,??0wxColour@@QEAA@AEBV0@@Z,?GetFont@wxWindowBase@@QEBA?AVwxFont@@XZ,?SetPixelSize@wxFont@@UEAAXAEBVwxSize@@@Z,?SetFont@wxWindow@@UEAA_NAEBVwxFont@@@Z,?wxEVT_PAINT@@3V?$wxEventTypeTag@VwxPaintEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,??1wxFont@@UEAA@XZ, 0_2_00007FF7DFD5A6D0
Source: C:\Users\user\Desktop\sj-pulse-ui.exe Code function: 0_2_00007FF7DFD51560 ??0wxString@@QEAA@PEBD@Z,??0wxIcon@@QEAA@AEBVwxString@@W4wxBitmapType@@HH@Z,?SetIcon@wxTopLevelWindowBase@@QEAAXAEBVwxIcon@@@Z,??1wxIcon@@UEAA@XZ,??1wxString@@QEAA@XZ,??0wxString@@QEAA@XZ,??4wxString@@QEAAAEAV0@AEBV0@@Z,??0wxFont@@QEAA@AEBVwxFontInfo@@@Z,??1wxFont@@UEAA@XZ,??1wxString@@QEAA@XZ,?wxPanelNameStr@@3QBDB,?FromAscii@wxString@@SA?AV1@PEBD@Z,?wxDefaultSize@@3VwxSize@@B,?wxDefaultPosition@@3VwxPoint@@B,??0wxPanel@@QEAA@PEAVwxWindow@@HAEBVwxPoint@@AEBVwxSize@@JAEBVwxString@@@Z,??1wxString@@QEAA@XZ,?GetClientSize@wxWindowBase@@QEBA?AVwxSize@@XZ,?SetSize@wxWindowBase@@QEAAXAEBVwxSize@@@Z,?GetSize@wxWindowBase@@QEBA?AVwxSize@@XZ,memset,?wxEVT_BUTTON@@3V?$wxEventTypeTag@VwxCommandEvent@@@@B,??0wxEventFunctor@@QEAA@XZ,?DoBind@wxEvtHandler@@AEAAXHHHPEAVwxEventFunctor@@PEAVwxObject@@@Z,?wxStaticTextNameStr@@3QBDB,?FromAscii@wxString@@SA?AV1@PEBD@Z,?wxDefaultSize@@3VwxSize@@B,??0wxStaticText@@QEAA@PEAVwxWindow@@HAEBVwxString@@AEBVwxPoint@@AEBVwxSize@@J1@Z,??1wxString@@QEAA@XZ,??0wxString@@QEAA@XZ,??4wxString@@QEAAAEAV0@AEBV0@@Z,??0wxString@@QEAA@AEBV0@@Z,??1wxString@@QEAA@XZ,??0wxFont@@QEAA@AEBVwxFontInfo@@@Z,??1wxFont@@UEAA@XZ,?wxStaticTextNameStr@@3QBDB,?FromAscii@wxString@@SA?AV1@PEBD@Z,?wxDefaultSize@@3VwxSize@@B,??0wxStaticText@@QEAA@PEAVwxWindow@@HAEBVwxString@@AEBVwxPoint@@AEBVwxSize@@J1@Z,??1wxString@@QEAA@XZ,?GetFont@wxWindowBase@@QEBA?AVwxFont@@XZ,?SetPixelSize@wxFont@@UEAAXAEBVwxSize@@@Z,??0wxColour@@QEAA@AEBV0@@Z,??0wxColour@@QEAA@AEBV0@@Z,??0wxString@@QEAA@PEB_W@Z,??1wxString@@QEAA@XZ,??0wxColour@@QEAA@AEBV0@@Z,??0wxColour@@QEAA@AEBV0@@Z,??0wxString@@QEAA@PEB_W@Z,??1wxString@@QEAA@XZ,?wxStaticLineNameStr@@3QBDB,?FromAscii@wxString@@SA?AV1@PEBD@Z,??0wxStaticLine@@QEAA@PEAVwxWindow@@HAEBVwxPoint@@AEBVwxSize@@JAEBVwxString@@@Z,??1wxString@@QEAA@XZ,??0wxString@@QEAA@XZ,??4wxString@@QEAAAEAV0@AEBV0@@Z,??0wxFont@@QEAA@AEBVwxFontInfo@@@Z,??1wxString@@QEAA@XZ,?wxHyperlinkCtrlNameStr@@3QBDB,?FromAscii@wxString@@SA?AV1@PEBD@Z,??0wxString@@QEAA@PEB_W@Z,??0wxGenericHyperlinkCtrl@@QEAA@PEAVwxWindow@@HAEBVwxString@@1AEBVwxPoint@@AEBVwxSize@@J1@Z,??1wxString@@QEAA@XZ,??1wxString@@QEAA@XZ,??0wxFormatString@@QEAA@PEBD@Z,??1wxFormatString@@QEAA@XZ,?wxStaticTextNameStr@@3QBDB,?FromAscii@wxString@@SA?AV1@PEBD@Z,?wxDefaultSize@@3VwxSize@@B,??0wxStaticText@@QEAA@PEAVwxWindow@@HAEBVwxString@@AEBVwxPoint@@AEBVwxSize@@J1@Z,??1wxString@@QEAA@XZ,??1wxColour@@UEAA@XZ,?Centre@wxWindowBase@@QEAAXH@Z,memset,??1wxString@@QEAA@XZ,??1wxFont@@UEAA@XZ,??1wxFont@@UEAA@XZ,??1wxString@@QEAA@XZ, 0_2_00007FF7DFD51560
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1448093 Sample: sj-pulse-ui.exe Startdate: 27/05/2024 Architecture: WINDOWS Score: 3 4 sj-pulse-ui.exe 2->4         started       
No contacted IP infos