Source: SecuriteInfo.com.Heur.2006.25660.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://delphi.about.com |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://embarcadero.com |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://glenmoyes.blogspot.com |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://icofx.ro/buy.htmlU |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://icofx.ro/forum.htmlU |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://icofx.ro/help2/U |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://icofx.ro/imageobjects.htmlU |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://icofx.ro/tutorials2/U |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://icofx.ro/upgrade.htmlU |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://icofx.ro/v2_0/languages.htmlU |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://icofx.ro/version.htmlU |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://icofx.ro/version.txt |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://icofx.roU |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://imaginglib.sourceforge.net/ |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://www.eurekalog.com/ |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://www.eurekalog.com/help/eurekalog/internal_errors.phpEurekaLog |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://www.icofx.ro/ |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://www.jrsoftware.org |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://www.lmdinnovative.com/ |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: http://www.visibone.com/swatches/ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Memory allocated: 770B0000 page read and write |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Memory allocated: 77620000 page read and write |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Memory allocated: 778A0000 page read and write |
Jump to behavior |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Static PE information: Number of sections : 12 > 10 |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000002.2551588802.0000000003F52000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamecomctl32.DLL.MUIj% vs SecuriteInfo.com.Heur.2006.25660.exe |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: OriginalFilenameIcoFX2.exe, vs SecuriteInfo.com.Heur.2006.25660.exe |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000002.2549729948.00000000034C0000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamekernel32j% vs SecuriteInfo.com.Heur.2006.25660.exe |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Binary or memory string: OriginalFilenameIcoFX2.exe, vs SecuriteInfo.com.Heur.2006.25660.exe |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Static PE information: Section: .reloc IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Binary string: \Device\Video0 |
Source: classification engine |
Classification label: clean12.evad.winEXE@1/9@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
File created: C:\Users\user\AppData\Roaming\IcoFX2X |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Global\IcoFX2Setup |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Mutant created: \Sessions\1\BaseNamedObjects\IcoFX2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Mutant created: \Sessions\1\BaseNamedObjects\IcoFX2Setup |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
File created: C:\Users\user~1\AppData\Local\Temp\9297CC76798843F1A6BBDF4AC890583E.tmp |
Jump to behavior |
Source: Yara match |
File source: SecuriteInfo.com.Heur.2006.25660.exe, type: SAMPLE |
Source: Yara match |
File source: 00000006.00000000.1278021718.0000000000401000.00000020.00000001.01000000.00000004.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: '* Improved saving/loading of gif files |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
String found in binary or memory: + Save/Load selections |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: olepro32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: mscms.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: coloradapterclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: duser.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: atlthunk.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Window found: window name: TComboBox |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Automated click: OK |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Static file information: File size 20831352 > 1048576 |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x682600 |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x1cd600 |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Static PE information: Raw size of .debug is bigger than: 0x100000 < 0xb03b7c |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Static PE information: More than 200 imports for user32.dll |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Static PE information: section name: .didata |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Static PE information: section name: .debug |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Code function: 6_2_0069FEA9 push edi; iretd |
6_2_0069FEAA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Binary or memory string: SBIEDLL.DLL |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 |
Jump to behavior |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: (@Esysinfo@InternalTestVMWareGuard$qqrrui |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: @Esysinfo@GetTickCount64$qqrv @Esysinfo@GetOSTypePreCache$qqrv"@Esysinfo@GetOSUpdatePreCache$qqrv!@Esysinfo@GetOSBuildPreCache$qqrv,@Esysinfo@GetVirtualMachineTypePreCache$qqrvF@Esysinfo@BasicInitDoneErrorHandler$qqrxpqqrv$vx20System@UnicodeString |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Binary or memory string: VMWare GSX |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: '@Esysinfo@InternalTestVMWareSafe$qqrrui |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: GetVirtualMachineTypeInternal |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.00000000016D3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: @Icofx2@GetVideoCardStr$qqrv"@Icofx2@GetVirtualMachineType$qqrv%@Icofx2@GetVirtualMachineVersion$qqrv |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: GetMSHyperVisorVersion$@Esysinfo@GetVirtualMachineType$qqrv |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Binary or memory string: VMWare Workstation |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: GetVirtualMachineTypeInternal'@Esysinfo@GetVirtualMachineVersion$qqrv |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: $@Esysinfo@GetVirtualMachineType$qqrv |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.00000000016D3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: TVirtualMachineType |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: '@Esysinfo@GetVirtualMachineVersion$qqrv |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: @Esysinfo@SetVal$qqrrpvpxv#@Esysinfo@InternalTestVMWare$qqrrui(@Esysinfo@InternalTestVMWareGuard$qqrrui'@Esysinfo@InternalTestVMWareSafe$qqrrui |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: @Esysinfo@TestVMWare$qqrv |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: ,@Esysinfo@GetVirtualMachineTypePreCache$qqrv |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.00000000016D3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: "@Icofx2@GetVirtualMachineType$qqrv |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.00000000016D3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: vmVMWare |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Binary or memory string: VMWare ESX |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Binary or memory string: VMWareU |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.00000000016D3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: %@Icofx2@GetVirtualMachineVersion$qqrv |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Binary or memory string: vboxservice.exe |
Source: SecuriteInfo.com.Heur.2006.25660.exe |
Binary or memory string: VMWare Express |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: #@Esysinfo@InternalTestVMWare$qqrrui |
Source: SecuriteInfo.com.Heur.2006.25660.exe, 00000006.00000000.1279328080.0000000000CD3000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: VMWareCPUID |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Process information queried: ProcessInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.2006.25660.exe |
Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation |
Jump to behavior |