Source: Submited Sample |
Integrated Neural Analysis Model: Matched 95.1% probability |
Source: home21.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: unknown |
DNS query: name: winhomemodulo.ddns.net |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
DNS traffic detected: DNS query: winhomemodulo.ddns.net |
Source: global traffic |
DNS traffic detected: DNS query: google.com.br |
Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://digitalbush.com/projects/masked-input-plugin/#license) |
Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://fontawesome.io |
Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://fontawesome.io/license/ |
Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/ |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/ |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/http |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/wsdl/ |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/wsdl/http/ |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/wsdl/mime/ |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/ |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/# |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/SV |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2941079350.000000000A1E2000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/ |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/U |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://winhomemodulo.ddns.net/w2/openU |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2934863783.0000000007E50000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.borland.com/namespaces/Types |
Source: home21.exe, 00000000.00000003.2934863783.0000000007E50000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.borland.com/namespaces/Types-IWSDLPublish |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.borland.com/rootpart.xml |
Source: home21.exe, 00000000.00000003.2934863783.0000000007E50000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.indyproject.org/ |
Source: home21.exe, 00000000.00000003.2941079350.000000000D64E000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.mozilla.org/editor/midasdemo/securityprefs.html |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: Number of sections : 19 > 10 |
Source: home21.exe, 00000000.00000000.2019638393.0000000006E5E000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamegDChJuA4ADf2691f80VUfJn88R4aWE.exe` vs home21.exe |
Source: home21.exe, 00000000.00000003.2941079350.000000000DA80000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamegDChJuA4ADf2691f80VUfJn88R4aWE.exe` vs home21.exe |
Source: home21.exe, 00000000.00000003.2941079350.000000000DA80000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameDlp Loper< vs home21.exe |
Source: home21.exe |
Binary or memory string: OriginalFilenamegDChJuA4ADf2691f80VUfJn88R4aWE.exe` vs home21.exe |
Source: home21.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: home21.exe |
Static PE information: Section: ZLIB complexity 0.98944091796875 |
Source: home21.exe |
Static PE information: Section: ZLIB complexity 0.9931242028061225 |
Source: home21.exe |
Static PE information: Section: ZLIB complexity 0.9928385416666666 |
Source: home21.exe |
Static PE information: Section: ZLIB complexity 1.0045572916666667 |
Source: home21.exe |
Static PE information: Section: ZLIB complexity 0.9993225164654226 |
Source: home21.exe |
Static PE information: Section: .reloc ZLIB complexity 1.5 |
Source: classification engine |
Classification label: mal76.troj.evad.winEXE@1/0@4/0 |
Source: C:\Users\user\Desktop\home21.exe |
Mutant created: \Sessions\1\BaseNamedObjects\brkurschmogesk-fdsfsdfsd |
Source: Yara match |
File source: 00000000.00000003.2934182935.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\home21.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: oledlg.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: magnification.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: d3d9.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: security.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: colorui.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: mscms.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: coloradapterclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: compstui.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: inetres.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: thumbcache.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: olepro32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: idndl.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: dcomp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: home21.exe |
Static file information: File size 22286864 > 1048576 |
Source: home21.exe |
Static PE information: Raw size of is bigger than: 0x100000 < 0x4db400 |
Source: home21.exe |
Static PE information: Raw size of is bigger than: 0x100000 < 0x506200 |
Source: home21.exe |
Static PE information: Raw size of is bigger than: 0x100000 < 0x75ae00 |
Source: home21.exe |
Static PE information: Raw size of .boot is bigger than: 0x100000 < 0x372000 |
Source: initial sample |
Static PE information: section where entry point is pointing to: .boot |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: |
Source: home21.exe |
Static PE information: section name: .themida |
Source: home21.exe |
Static PE information: section name: .boot |
Source: home21.exe |
Static PE information: section name: entropy: 7.9097474746193965 |
Source: C:\Users\user\Desktop\home21.exe |
Window searched: window name: RegmonClass |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Window searched: window name: FilemonClass |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Window searched: window name: PROCMON_WINDOW_CLASS |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Window searched: window name: Regmonclass |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Window searched: window name: Filemonclass |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Window searched: window name: PROCMON_WINDOW_CLASS |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Last function: Thread delayed |
Source: home21.exe, 00000000.00000003.2954093591.000000000AFE0000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: @Idassignednumbers@IdPORT_vmnet |
Source: home21.exe, 00000000.00000003.2954093591.000000000AFE0000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: @Idassignednumbers@IdPORT_vmnet$@Idassignednumbers@IdPORT_genrad_mux |
Source: C:\Users\user\Desktop\home21.exe |
Open window title or class name: regmonclass |
Source: C:\Users\user\Desktop\home21.exe |
Open window title or class name: process monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\home21.exe |
Open window title or class name: registry monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\home21.exe |
Open window title or class name: procmon_window_class |
Source: C:\Users\user\Desktop\home21.exe |
Open window title or class name: filemonclass |
Source: C:\Users\user\Desktop\home21.exe |
Open window title or class name: file monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\home21.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Process queried: DebugObjectHandle |
Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe |
Memory protected: page read and write | page write copy | page execute read | page execute and read and write | page guard | page no cache | page write combine |
Jump to behavior |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: Shell_TrayWndSVW |
Source: home21.exe, 00000000.00000003.2954093591.000000000AFE0000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: @Winapi@Windows@DOF_PROGMAN |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: Shell_TrayWndU |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: ReBarWindow32Shell_TrayWndMSTaskSwWClassMSTaskListWClassU |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: Shell_TrayWndReBarWindow32MSTaskSwWClassToolbarWindow32SV |