Click to jump to signature section
Source: Submited Sample | Integrated Neural Analysis Model: Matched 95.1% probability |
Source: home21.exe | Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: unknown | DNS query: name: winhomemodulo.ddns.net |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic | DNS traffic detected: DNS query: winhomemodulo.ddns.net |
Source: global traffic | DNS traffic detected: DNS query: google.com.br |
Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://digitalbush.com/projects/masked-input-plugin/#license) |
Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://fontawesome.io |
Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://fontawesome.io/license/ |
Source: home21.exe, 00000000.00000003.2941079350.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/ |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/ |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/soap/http |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/wsdl/ |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/wsdl/http/ |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/wsdl/mime/ |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/ |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/# |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/SV |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2941079350.000000000A1E2000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://tempuri.org/ |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://tempuri.org/U |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://winhomemodulo.ddns.net/w2/openU |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp, home21.exe, 00000000.00000003.2934863783.0000000007E50000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://www.borland.com/namespaces/Types |
Source: home21.exe, 00000000.00000003.2934863783.0000000007E50000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://www.borland.com/namespaces/Types-IWSDLPublish |
Source: home21.exe, 00000000.00000003.2934182935.000000000A5FB000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://www.borland.com/rootpart.xml |
Source: home21.exe, 00000000.00000003.2934863783.0000000007E50000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://www.indyproject.org/ |
Source: home21.exe, 00000000.00000003.2941079350.000000000D64E000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://www.mozilla.org/editor/midasdemo/securityprefs.html |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: Number of sections : 19 > 10 |
Source: home21.exe, 00000000.00000000.2019638393.0000000006E5E000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenamegDChJuA4ADf2691f80VUfJn88R4aWE.exe` vs home21.exe |
Source: home21.exe, 00000000.00000003.2941079350.000000000DA80000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamegDChJuA4ADf2691f80VUfJn88R4aWE.exe` vs home21.exe |
Source: home21.exe, 00000000.00000003.2941079350.000000000DA80000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameDlp Loper< vs home21.exe |
Source: home21.exe | Binary or memory string: OriginalFilenamegDChJuA4ADf2691f80VUfJn88R4aWE.exe` vs home21.exe |
Source: home21.exe | Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: home21.exe | Static PE information: Section: ZLIB complexity 0.98944091796875 |
Source: home21.exe | Static PE information: Section: ZLIB complexity 0.9931242028061225 |
Source: home21.exe | Static PE information: Section: ZLIB complexity 0.9928385416666666 |
Source: home21.exe | Static PE information: Section: ZLIB complexity 1.0045572916666667 |
Source: home21.exe | Static PE information: Section: ZLIB complexity 0.9993225164654226 |
Source: home21.exe | Static PE information: Section: .reloc ZLIB complexity 1.5 |
Source: classification engine | Classification label: mal76.troj.evad.winEXE@1/0@4/0 |
Source: C:\Users\user\Desktop\home21.exe | Mutant created: \Sessions\1\BaseNamedObjects\brkurschmogesk-fdsfsdfsd |
Source: Yara match | File source: 00000000.00000003.2934182935.0000000009BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\home21.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: oledlg.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: shfolder.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: magnification.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: d3d9.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: dwmapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: security.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: colorui.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: mscms.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: coloradapterclient.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: compstui.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: inetres.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: thumbcache.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: riched20.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: usp10.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: msls31.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: olepro32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: idndl.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: d3d10warp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: dxcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: dcomp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 | Jump to behavior |
Source: Window Recorder | Window detected: More than 3 window changes detected |
Source: home21.exe | Static file information: File size 22286864 > 1048576 |
Source: home21.exe | Static PE information: Raw size of is bigger than: 0x100000 < 0x4db400 |
Source: home21.exe | Static PE information: Raw size of is bigger than: 0x100000 < 0x506200 |
Source: home21.exe | Static PE information: Raw size of is bigger than: 0x100000 < 0x75ae00 |
Source: home21.exe | Static PE information: Raw size of .boot is bigger than: 0x100000 < 0x372000 |
Source: initial sample | Static PE information: section where entry point is pointing to: .boot |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: |
Source: home21.exe | Static PE information: section name: .themida |
Source: home21.exe | Static PE information: section name: .boot |
Source: home21.exe | Static PE information: section name: entropy: 7.9097474746193965 |
Source: C:\Users\user\Desktop\home21.exe | Window searched: window name: RegmonClass | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Window searched: window name: FilemonClass | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Window searched: window name: PROCMON_WINDOW_CLASS | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Window searched: window name: Regmonclass | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Window searched: window name: Filemonclass | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Window searched: window name: PROCMON_WINDOW_CLASS | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Last function: Thread delayed |
Source: home21.exe, 00000000.00000003.2954093591.000000000AFE0000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: @Idassignednumbers@IdPORT_vmnet |
Source: home21.exe, 00000000.00000003.2954093591.000000000AFE0000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: @Idassignednumbers@IdPORT_vmnet$@Idassignednumbers@IdPORT_genrad_mux |
Source: C:\Users\user\Desktop\home21.exe | Open window title or class name: regmonclass |
Source: C:\Users\user\Desktop\home21.exe | Open window title or class name: process monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\home21.exe | Open window title or class name: registry monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\home21.exe | Open window title or class name: procmon_window_class |
Source: C:\Users\user\Desktop\home21.exe | Open window title or class name: filemonclass |
Source: C:\Users\user\Desktop\home21.exe | Open window title or class name: file monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\home21.exe | Process queried: DebugPort | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Process queried: DebugPort | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Process queried: DebugObjectHandle | Jump to behavior |
Source: C:\Users\user\Desktop\home21.exe | Memory protected: page read and write | page write copy | page execute read | page execute and read and write | page guard | page no cache | page write combine | Jump to behavior |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: Shell_TrayWndSVW |
Source: home21.exe, 00000000.00000003.2954093591.000000000AFE0000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: @Winapi@Windows@DOF_PROGMAN |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: Shell_TrayWnd |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: Shell_TrayWndU |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: ReBarWindow32Shell_TrayWndMSTaskSwWClassMSTaskListWClassU |
Source: home21.exe, 00000000.00000003.2934182935.0000000009BFB000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: Shell_TrayWndReBarWindow32MSTaskSwWClassToolbarWindow32SV |