Source: NtpService.exe |
ReversingLabs: Detection: 47% |
Source: NtpService.exe |
Virustotal: Detection: 66% |
Perma Link |
Source: NtpService.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Source: C:\Users\user\Desktop\NtpService.exe |
Code function: 0_2_00007FF639C31000 |
0_2_00007FF639C31000 |
Source: C:\Users\user\Desktop\NtpService.exe |
Code function: 0_2_00007FF639C31610 |
0_2_00007FF639C31610 |
Source: C:\Users\user\Desktop\NtpService.exe |
Code function: 0_2_00007FF639C31DD0 |
0_2_00007FF639C31DD0 |
Source: C:\Users\user\Desktop\NtpService.exe |
Code function: 0_2_00007FF639C31FC0 |
0_2_00007FF639C31FC0 |
Source: C:\Users\user\Desktop\NtpService.exe |
Code function: 0_2_00007FF639C31C70 |
0_2_00007FF639C31C70 |
Source: NtpService.exe, 00000000.00000002.2101678888.00007FF639C38000.00000008.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameExample Deep Security Agent.exeX vs NtpService.exe |
Source: NtpService.exe, 00000000.00000000.2050404823.00007FF639C37000.00000008.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameExample Deep Security Agent.exeX vs NtpService.exe |
Source: NtpService.exe |
Binary or memory string: OriginalFilenameExample Deep Security Agent.exeX vs NtpService.exe |
Source: classification engine |
Classification label: mal56.winEXE@1/0@0/0 |
Source: NtpService.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\NtpService.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: NtpService.exe |
ReversingLabs: Detection: 47% |
Source: NtpService.exe |
Virustotal: Detection: 66% |
Source: C:\Users\user\Desktop\NtpService.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NtpService.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NtpService.exe |
Section loaded: napinsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NtpService.exe |
Section loaded: pnrpnsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NtpService.exe |
Section loaded: wshbth.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NtpService.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NtpService.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NtpService.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NtpService.exe |
Section loaded: winrnr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NtpService.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\NtpService.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: NtpService.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: NtpService.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Source: NtpService.exe |
Static PE information: section name: .xdata |
Source: C:\Users\user\Desktop\NtpService.exe |
Code function: 0_2_00007FF639C36060 push 01130063h; retf |
0_2_00007FF639C3606A |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: NtpService.exe, 00000000.00000002.2101259149.00000210D2FDC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\NtpService.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\NtpService.exe |
API call chain: ExitProcess graph end node |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |