Source: SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: |
Binary string: .PDBU source: SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe, 00000000.00000002.3328743713.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004095D4 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime, |
0_2_004095D4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004096B0 FindFirstFileA,GetLastError, |
0_2_004096B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00405D5C GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn, |
0_2_00405D5C |
Source: SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe, 00000000.00000002.3328743713.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://nitton.pl/tomseditor/index.php |
Source: SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe, 00000000.00000002.3328743713.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://tomseditor.com/blog/Projector.exe |
Source: SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe, SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe, 00000000.00000002.3328743713.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://tomseditor.com/blog/viewer |
Source: SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe, 00000000.00000002.3328743713.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://tomseditor.com/blog/viewer_update.php?v= |
Source: SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe, 00000000.00000002.3328743713.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://tomseditor.com/blog/vieweropen |
Source: SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe, 00000000.00000002.3328743713.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://tomseditor.com/blog/vieweropenS |
Source: SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe, 00000000.00000002.3328743713.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://tomseditor.com/blog/vieweropenSV |
Source: SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe, 00000000.00000002.3328743713.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://tomseditor.com/blog/youtube_thumb.php?url= |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004320D0 OpenClipboard,GlobalAlloc,GlobalFix,EmptyClipboard,SetClipboardData,GlobalUnWire, |
0_2_004320D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004320D0 OpenClipboard,GlobalAlloc,GlobalFix,EmptyClipboard,SetClipboardData,GlobalUnWire, |
0_2_004320D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00436080 SetClipboardData,SetClipboardData, |
0_2_00436080 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004361A4 SetClipboardData, |
0_2_004361A4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00435FFC SetClipboardData,SetClipboardData, |
0_2_00435FFC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00436150 GetClipboardData, |
0_2_00436150 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00446708 GetKeyboardState,KiUserCallbackDispatcher, |
0_2_00446708 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00449684 NtdllDefWindowProc_A,GetCapture,KiUserCallbackDispatcher, |
0_2_00449684 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00463DC0 NtdllDefWindowProc_A, |
0_2_00463DC0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00464568 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A, |
0_2_00464568 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00464618 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus, |
0_2_00464618 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0043504C NtdllDefWindowProc_A, |
0_2_0043504C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004590EC GetSubMenu,SaveDC,RestoreDC,SaveDC,RestoreDC,NtdllDefWindowProc_A, |
0_2_004590EC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0049A010 |
0_2_0049A010 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004CE0A4 |
0_2_004CE0A4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004CA1B4 |
0_2_004CA1B4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004A4248 |
0_2_004A4248 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004E22D0 |
0_2_004E22D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0045E2B8 |
0_2_0045E2B8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004B83EC |
0_2_004B83EC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004DA40C |
0_2_004DA40C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004A44FC |
0_2_004A44FC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004AC49C |
0_2_004AC49C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004C659C |
0_2_004C659C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004E07A8 |
0_2_004E07A8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0046E87C |
0_2_0046E87C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004E6978 |
0_2_004E6978 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0040E930 |
0_2_0040E930 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004CC990 |
0_2_004CC990 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004DAAF4 |
0_2_004DAAF4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00498D38 |
0_2_00498D38 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004C8DDC |
0_2_004C8DDC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0048EDA4 |
0_2_0048EDA4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0048ADBC |
0_2_0048ADBC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004ACEF8 |
0_2_004ACEF8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0048AEF4 |
0_2_0048AEF4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004D0F40 |
0_2_004D0F40 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004CEF68 |
0_2_004CEF68 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004EAFE8 |
0_2_004EAFE8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004590EC |
0_2_004590EC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004F1088 |
0_2_004F1088 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004D91D0 |
0_2_004D91D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00467270 |
0_2_00467270 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004DB344 |
0_2_004DB344 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004AD420 |
0_2_004AD420 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00473430 |
0_2_00473430 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004E5694 |
0_2_004E5694 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004F7760 |
0_2_004F7760 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004F17D4 |
0_2_004F17D4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004B99D4 |
0_2_004B99D4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004A1A50 |
0_2_004A1A50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00493A18 |
0_2_00493A18 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00473D64 |
0_2_00473D64 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004A3DB8 |
0_2_004A3DB8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004C7EBC |
0_2_004C7EBC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004D3F28 |
0_2_004D3F28 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004DDFC8 |
0_2_004DDFC8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00493FB8 |
0_2_00493FB8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: String function: 00404740 appears 47 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: String function: 00404B4C appears 33 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: String function: 00406DA4 appears 61 times |
|
Source: SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Static PE information: Section: UPX1 ZLIB complexity 0.9981084408967391 |
Source: classification engine |
Classification label: sus29.evad.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0048CC3C GetLastError,FormatMessageA, |
0_2_0048CC3C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00409996 GetDiskFreeSpaceA, |
0_2_00409996 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0041A3B0 FindResourceA, |
0_2_0041A3B0 |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.3328743713.0000000000401000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: |
Binary string: .PDBU source: SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe, 00000000.00000002.3328743713.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00450608 SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode, |
0_2_00450608 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00450C54 push 00450CE1h; ret |
0_2_00450CD9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0046A05C push 0046A088h; ret |
0_2_0046A080 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004E407C push 004E41D5h; ret |
0_2_004E41CD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0048807C push 004880A8h; ret |
0_2_004880A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00430078 push 004300A4h; ret |
0_2_0043009C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00486018 push ecx; mov dword ptr [esp], ecx |
0_2_0048601C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00430018 push 00430044h; ret |
0_2_0043003C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0042E020 push 0042E04Ch; ret |
0_2_0042E044 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004D60E4 push 004D61E1h; ret |
0_2_004D61D9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004300E8 push 00430114h; ret |
0_2_0043010C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004DC090 push 004DC2B5h; ret |
0_2_004DC2AD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004D80A4 push 004D8150h; ret |
0_2_004D8148 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004300B0 push 004300DCh; ret |
0_2_004300D4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004E80B4 push 004E81B6h; ret |
0_2_004E81AE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004660B8 push 00466112h; ret |
0_2_0046610A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004D8158 push 004D820Dh; ret |
0_2_004D8205 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00430120 push 0043014Ch; ret |
0_2_00430144 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00416138 push 00416164h; ret |
0_2_0041615C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004E81C0 push 004E82C2h; ret |
0_2_004E82BA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004701E4 push 0047021Ch; ret |
0_2_00470214 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004301E4 push 00430210h; ret |
0_2_00430208 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00430194 push 004301C0h; ret |
0_2_004301B8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004841B4 push 004841E0h; ret |
0_2_004841D8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004D8218 push 004D831Ah; ret |
0_2_004D8312 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0043021C push 00430248h; ret |
0_2_00430240 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004E82CC push 004E83CEh; ret |
0_2_004E83C6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0046A2E0 push 0046A30Ch; ret |
0_2_0046A304 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004E02F4 push 004E03F9h; ret |
0_2_004E03F1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00416288 push ecx; mov dword ptr [esp], ecx |
0_2_0041628B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004162A8 push ecx; mov dword ptr [esp], ecx |
0_2_004162AB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0046A2A8 push 0046A2D4h; ret |
0_2_0046A2CC |
Source: initial sample |
Static PE information: section name: UPX0 |
Source: initial sample |
Static PE information: section name: UPX1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00460E70 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow, |
0_2_00460E70 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00463E48 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, |
0_2_00463E48 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00464568 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A, |
0_2_00464568 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00464618 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus, |
0_2_00464618 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0042CA48 MonitorFromWindow,MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect, |
0_2_0042CA48 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0044ADA8 IsIconic,GetCapture, |
0_2_0044ADA8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0044B65C IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement, |
0_2_0044B65C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0044BF80 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient, |
0_2_0044BF80 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00450608 SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode, |
0_2_00450608 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: GetCurrentThreadId,GetCursorPos,WaitForSingleObject, |
0_2_004633B8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
API coverage: 6.3 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004095D4 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime, |
0_2_004095D4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004096B0 FindFirstFileA,GetLastError, |
0_2_004096B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00405D5C GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn, |
0_2_00405D5C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_004261D8 GetSystemInfo, |
0_2_004261D8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00450608 SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode, |
0_2_00450608 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA, |
0_2_00405F14 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: GetLocaleInfoA, |
0_2_0040C44C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: GetLocaleInfoA, |
0_2_0040C498 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: GetLocaleInfoA, |
0_2_0040680A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: GetLocaleInfoA, |
0_2_0040680C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: GetLocaleInfoA,GetACP, |
0_2_0040DB1C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_0040ADE8 GetLocalTime, |
0_2_0040ADE8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00406DEA GetTimeZoneInformation, |
0_2_00406DEA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Zpevdo.14269.7346.exe |
Code function: 0_2_00450C54 GetVersion, |
0_2_00450C54 |