Source: R.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Source: C:\Users\user\Desktop\R.exe |
Code function: 4x nop then sub rsp, 58h |
0_2_00007FF78E664AF0 |
Source: R.exe |
String found in binary or memory: https://bugs.R-project.org |
Source: R.exe |
String found in binary or memory: https://www.r-project.orgD |
Source: C:\Users\user\Desktop\R.exe |
Code function: 0_2_00007FF78E662000 |
0_2_00007FF78E662000 |
Source: R.exe |
Static PE information: Number of sections : 11 > 10 |
Source: classification engine |
Classification label: clean4.winEXE@4/0@0/0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6612:120:WilError_03 |
Source: R.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\R.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: R.exe |
String found in binary or memory: Options: -h, --helpprint short help message and exit |
Source: R.exe |
String found in binary or memory: Options: -h, --helpprint short help message and exit |
Source: R.exe |
String found in binary or memory: --help |
Source: R.exe |
String found in binary or memory: --help |
Source: R.exe |
String found in binary or memory: %s --arch %s --help |
Source: R.exe |
String found in binary or memory: %s --arch %s --help |
Source: R.exe |
String found in binary or memory: command --help |
Source: R.exe |
String found in binary or memory: command --help |
Source: R.exe |
String found in binary or memory: "%s/%s/Rterm.exe" --help |
Source: R.exe |
String found in binary or memory: "%s/%s/Rterm.exe" --help |
Source: R.exe |
String found in binary or memory: %s --arch %s --help |
Source: R.exe |
String found in binary or memory: %s --arch %s --help |
Source: R.exe |
String found in binary or memory: command --help |
Source: R.exe |
String found in binary or memory: command --help |
Source: R.exe |
String found in binary or memory: Options: -h, --helpprint short help message and exit |
Source: R.exe |
String found in binary or memory: Options: -h, --helpprint short help message and exit |
Source: R.exe |
String found in binary or memory: %s --arch %s --help |
Source: R.exe |
String found in binary or memory: %s --arch %s --help |
Source: R.exe |
String found in binary or memory: --help |
Source: R.exe |
String found in binary or memory: --help |
Source: R.exe |
String found in binary or memory: command --help |
Source: R.exe |
String found in binary or memory: command --help |
Source: R.exe |
String found in binary or memory: "%s/%s/Rterm.exe" --help |
Source: R.exe |
String found in binary or memory: "%s/%s/Rterm.exe" --help |
Source: R.exe |
String found in binary or memory: -h, --helpprint short help message and exit |
Source: R.exe |
String found in binary or memory: -h, --helpprint short help message and exit |
Source: R.exe |
String found in binary or memory: %s%s%s any other arguments listed by %s --arch %s --help |
Source: R.exe |
String found in binary or memory: %s%s%s any other arguments listed by %s --arch %s --help |
Source: R.exe |
String found in binary or memory: --help--arch3264i386x64valid values for --arch are i386, x64, 32, 64 |
Source: R.exe |
String found in binary or memory: --help--arch3264i386x64valid values for --arch are i386, x64, 32, 64 |
Source: R.exe |
String found in binary or memory: --help"%s/%s/Rterm.exe" --helpbin/x64 |
Source: R.exe |
String found in binary or memory: --help"%s/%s/Rterm.exe" --helpbin/x64 |
Source: unknown |
Process created: C:\Users\user\Desktop\R.exe "C:\Users\user\Desktop\R.exe" |
|
Source: C:\Users\user\Desktop\R.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\R.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\bin\x64\R.exe"" |
|
Source: C:\Users\user\Desktop\R.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\bin\x64\R.exe"" |
Jump to behavior |
Source: C:\Users\user\Desktop\R.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\R.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: R.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: R.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Source: R.exe |
Static PE information: section name: .xdata |
Source: C:\Users\user\Desktop\R.exe |
Code function: 0_2_00007FF78E66CDA8 push rax; iretd |
0_2_00007FF78E66CDB6 |
Source: C:\Users\user\Desktop\R.exe |
API coverage: 5.1 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\R.exe |
Code function: 0_2_00007FF78E661180 Sleep,Sleep,SetUnhandledExceptionFilter,_set_invalid_parameter_handler,malloc,strlen,malloc,memcpy,_initterm,exit, |
0_2_00007FF78E661180 |
Source: C:\Users\user\Desktop\R.exe |
Code function: 0_2_00007FF78E665BE1 SetUnhandledExceptionFilter, |
0_2_00007FF78E665BE1 |
Source: C:\Users\user\Desktop\R.exe |
Code function: 0_2_00007FF78E691500 SetUnhandledExceptionFilter, |
0_2_00007FF78E691500 |
Source: C:\Users\user\Desktop\R.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\bin\x64\R.exe"" |
Jump to behavior |