Windows Analysis Report
SecuriteInfo.com.Heur.2006.25660.exe

ID:	1448260
Product:	CloudBasic
Start time:	06:36:17
Start date:	28.05.2024
Sample:	SecuriteInfo.com.Heur.2006.25660.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	b0011b427d71aa8b72dbc7bc4214e182
SHA1:	c5cfec66a33582c3923abbcbf2c6652d7eef6f66
SHA256:	8868242490983043f453363d131e781e46d084cbb7da038031cb13a9fd536db2
Filetype:	Win32 Executable (generic) a (10002005/4) 99.94%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\1AB1C4552B8A417E9DF8D213C19FC805.tmp	data	FD71477AE9C8563E970A091FDE624D0C	9E4896FA5B8CDB4275F9C89C1BBBE0FF4777FBC0	161DD91B061DE5C48A190EAEF315485B4135B1F1C781BA3E5E3A1C61F33AFE34
C:\Users\user\AppData\Local\Temp\40BA2DF777074432B15671331A28CC4A.tmp	data	F9BCA52DCF73C3DA6AEAE05AAC790586	28FDA200730F18641ECBD60A7BC59600A74AD027	0F2284B1925B5A422161807269BEE11A5D1B2118670D1442EE9BCF21EB7A6FE4
C:\Users\user\AppData\Local\Temp\5A2E53ABB00848E0BA298D1F876B72F6.tmp	data	024F023153FC75441D67E48E01411F4F	34D99DE28C31FA785EC428A208B202F0D866073C	F94812DB95FD9CFCBECC480DB3442DB698383E8F8D10FFD69E384E099A1F158A
C:\Users\user\AppData\Local\Temp\70A7C70B51A14B76834177352DC5EE4D.tmp	zlib compressed data	25191B8B85DD22EDDCC92A18AC7AC555	9223D5F238D330649EF32429C9875ED8D3A88A3B	EB14B872673ABADDB3A3EE8EB28387562B4CFC892BBBF9A3211025B599FC9D9C
C:\Users\user\AppData\Local\Temp\9297CC76798843F1A6BBDF4AC890583E.tmp	zlib compressed data	42B621AC05F46FC0412111D814C48DF6	1D2ADCA6DB90B5B61D5F9AB9FB1AA2D4C2D77C09	29FDFF8BA46CEBD3CB3EB7028140366AB673D72AF50C4D97C18AFD12C155CA11
C:\Users\user\AppData\Local\Temp\94A4EF46C4114E07BA9F827940D130CB.tmp	data	30989604BFDB88545C56657A842EF722	603241FFBD5FD415DD7FDC59C3E6C582785EE8B1	A5E49162CF5BF961B9AC63D3F19E68C8692E6BC384F0E48C8C9E8064955A3169
C:\Users\user\AppData\Local\Temp\9F32CA701966494A81A01CFB3609A9D9.tmp	data	FDDED45B0C8D1A5A1FB65B852F6C42D3	1C977309F2EF9B64FB2A2D97436CABF8ACCE314D	FF38B5BD629F70F20BC39925D64A971B9B4D6269510ED6EC233C13206278E959
C:\Users\user\AppData\Local\Temp\F9A82A5536A1473CAFDBAC1CC63AADAF.tmp	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	99B654E4AE243B02CE06BD6C81A5D179	ACBB1EFB7C4FE3BC72C18F8EBA8088D27AD2A1FA	4EB48D935137160723C08A9FDEA3435549032FC0D25DE56C3EDFCD9F9B1BC501
C:\Users\user\AppData\Roaming\IcoFX2X\Presets\Workspaces\Default\Default.wrk	XML 1.0 document, ASCII text, with CRLF line terminators	8C43A3F95B23D75CDC2D2EE71DE173FC	13F3E1F11205A3611EAC15861CF69F4A4ED0DAB7	A5798F4FA8F0175612ECB29E8579268EF1068CE79E0A9E6D5B74A5DCA6D2DF16

Compliance

Source: SecuriteInfo.com.Heur.2006.25660.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Networking

Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://delphi.about.com
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://embarcadero.com
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://glenmoyes.blogspot.com
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://icofx.ro/buy.htmlU
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://icofx.ro/forum.htmlU
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://icofx.ro/help2/U
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://icofx.ro/imageobjects.htmlU
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://icofx.ro/tutorials2/U
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://icofx.ro/upgrade.htmlU
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://icofx.ro/v2_0/languages.htmlU
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://icofx.ro/version.htmlU
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://icofx.ro/version.txt
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://icofx.roU
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://imaginglib.sourceforge.net/
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://www.eurekalog.com/
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://www.eurekalog.com/help/eurekalog/internal_errors.phpEurekaLog
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://www.icofx.ro/
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://www.jrsoftware.org
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://www.lmdinnovative.com/
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: http://www.visibone.com/swatches/

System Summary

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Memory allocated: 770B0000 page read and write			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Memory allocated: 77620000 page read and write			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Memory allocated: 778A0000 page read and write			Jump to behavior

Source: SecuriteInfo.com.Heur.2006.25660.exe

Static PE information: Number of sections : 12 > 10

Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000002.2551588802.0000000003F52000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamecomctl32.DLL.MUIj% vs SecuriteInfo.com.Heur.2006.25660.exe
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenameIcoFX2.exe, vs SecuriteInfo.com.Heur.2006.25660.exe
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000002.2549729948.00000000034C0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs SecuriteInfo.com.Heur.2006.25660.exe
Source: SecuriteInfo.com.Heur.2006.25660.exe	Binary or memory string: OriginalFilenameIcoFX2.exe, vs SecuriteInfo.com.Heur.2006.25660.exe

Source: SecuriteInfo.com.Heur.2006.25660.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: SecuriteInfo.com.Heur.2006.25660.exe

Static PE information: Section: .reloc IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: SecuriteInfo.com.Heur.2006.25660.exe

Binary string: \Device\Video0

Source: classification engine

Classification label: clean12.evad.winEXE@1/9@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe

File created: C:\Users\user\AppData\Roaming\IcoFX2X

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\IcoFX2Setup
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Mutant created: \Sessions\1\BaseNamedObjects\IcoFX2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Mutant created: \Sessions\1\BaseNamedObjects\IcoFX2Setup

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe

File created: C:\Users\user~1\AppData\Local\Temp\9297CC76798843F1A6BBDF4AC890583E.tmp

Jump to behavior

Source: Yara match	File source: SecuriteInfo.com.Heur.2006.25660.exe, type: SAMPLE
Source: Yara match	File source: 00000006.00000000.1278021718.0000000000401000.00000020.00000001.01000000.00000004.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: '* Improved saving/loading of gif files
Source: SecuriteInfo.com.Heur.2006.25660.exe	String found in binary or memory: + Save/Load selections

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: msimg32.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: oleacc.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: wtsapi32.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: winsta.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: powrprof.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: umpdc.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: olepro32.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: mscms.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: coloradapterclient.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: dwrite.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: windowscodecs.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: duser.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: xmllite.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: atlthunk.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Section loaded: dwmapi.dll			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe

Window found: window name: TComboBox

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SecuriteInfo.com.Heur.2006.25660.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.Heur.2006.25660.exe

Static file information: File size 20831352 > 1048576

Source: SecuriteInfo.com.Heur.2006.25660.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x682600
Source: SecuriteInfo.com.Heur.2006.25660.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x1cd600
Source: SecuriteInfo.com.Heur.2006.25660.exe	Static PE information: Raw size of .debug is bigger than: 0x100000 < 0xb03b7c

Source: SecuriteInfo.com.Heur.2006.25660.exe

Static PE information: More than 200 imports for user32.dll

Source: SecuriteInfo.com.Heur.2006.25660.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Data Obfuscation

Source: SecuriteInfo.com.Heur.2006.25660.exe	Static PE information: section name: .didata
Source: SecuriteInfo.com.Heur.2006.25660.exe	Static PE information: section name: .debug

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe

Code function: 6_2_0069FEA9 push edi; iretd

6_2_0069FEAA

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: SecuriteInfo.com.Heur.2006.25660.exe

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809			Jump to behavior

Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: (@Esysinfo@InternalTestVMWareGuard$qqrrui
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: @Esysinfo@GetTickCount64$qqrv @Esysinfo@GetOSTypePreCache$qqrv"@Esysinfo@GetOSUpdatePreCache$qqrv!@Esysinfo@GetOSBuildPreCache$qqrv,@Esysinfo@GetVirtualMachineTypePreCache$qqrvF@Esysinfo@BasicInitDoneErrorHandler$qqrxpqqrv$vx20System@UnicodeString
Source: SecuriteInfo.com.Heur.2006.25660.exe	Binary or memory string: VMWare GSX
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: '@Esysinfo@InternalTestVMWareSafe$qqrrui
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: GetVirtualMachineTypeInternal
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.00000000016D3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: @Icofx2@GetVideoCardStr$qqrv"@Icofx2@GetVirtualMachineType$qqrv%@Icofx2@GetVirtualMachineVersion$qqrv
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: GetMSHyperVisorVersion$@Esysinfo@GetVirtualMachineType$qqrv
Source: SecuriteInfo.com.Heur.2006.25660.exe	Binary or memory string: VMWare Workstation
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: GetVirtualMachineTypeInternal'@Esysinfo@GetVirtualMachineVersion$qqrv
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: $@Esysinfo@GetVirtualMachineType$qqrv
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.00000000016D3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: TVirtualMachineType
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: '@Esysinfo@GetVirtualMachineVersion$qqrv
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: @Esysinfo@SetVal$qqrrpvpxv#@Esysinfo@InternalTestVMWare$qqrrui(@Esysinfo@InternalTestVMWareGuard$qqrrui'@Esysinfo@InternalTestVMWareSafe$qqrrui
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: @Esysinfo@TestVMWare$qqrv
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: ,@Esysinfo@GetVirtualMachineTypePreCache$qqrv
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.00000000016D3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: "@Icofx2@GetVirtualMachineType$qqrv
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.00000000016D3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: vmVMWare
Source: SecuriteInfo.com.Heur.2006.25660.exe	Binary or memory string: VMWare ESX
Source: SecuriteInfo.com.Heur.2006.25660.exe	Binary or memory string: VMWareU
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.00000000016D3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: %@Icofx2@GetVirtualMachineVersion$qqrv
Source: SecuriteInfo.com.Heur.2006.25660.exe	Binary or memory string: vboxservice.exe
Source: SecuriteInfo.com.Heur.2006.25660.exe	Binary or memory string: VMWare Express
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: #@Esysinfo@InternalTestVMWare$qqrrui
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: VMWareCPUID

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe

Process information queried: ProcessInformation

Jump to behavior

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation			Jump to behavior