Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Virustotal: Detection: 9% |
Perma Link |
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Joe Sandbox ML: detected |
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00405070 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn, |
0_2_00405070 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00420314 GetClipboardData,CopyEnhMetaFileA,GetEnhMetaFileHeader, |
0_2_00420314 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00430A64 GetKeyboardState,KiUserCallbackDispatcher, |
0_2_00430A64 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00433974 NtdllDefWindowProc_A,GetCapture, |
0_2_00433974 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0044DF14 NtdllDefWindowProc_A, |
0_2_0044DF14 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0044E6BC IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A, |
0_2_0044E6BC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0044E76C IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus, |
0_2_0044E76C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00443268 GetSubMenu,SaveDC,RestoreDC,SaveDC,RestoreDC,NtdllDefWindowProc_A, |
0_2_00443268 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00427524 NtdllDefWindowProc_A, |
0_2_00427524 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0044840C |
0_2_0044840C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0041ACFF |
0_2_0041ACFF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00443268 |
0_2_00443268 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: String function: 004035D4 appears 32 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: String function: 00406020 appears 61 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: String function: 00403F98 appears 73 times |
|
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe, 00000000.00000003.2012528482.0000000002124000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameCOMCTL32.DLL.MUIj% vs SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Static PE information: Section: UPX1 ZLIB complexity 0.9915806361607142 |
Source: classification engine |
Classification label: mal60.evad.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0041D7B4 GetLastError,FormatMessageA, |
0_2_0041D7B4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00408346 GetDiskFreeSpaceA, |
0_2_00408346 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00413440 FindResourceA, |
0_2_00413440 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Virustotal: Detection: 9% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0043A7A0 SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode, |
0_2_0043A7A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0043ADD0 push 0043AE5Dh; ret |
0_2_0043AE55 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0042405C push 00424088h; ret |
0_2_00424080 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00426070 push 0042609Ch; ret |
0_2_00426094 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00426000 push 0042602Ch; ret |
0_2_00426024 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00426038 push 00426064h; ret |
0_2_0042605C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_004260E0 push 0042610Ch; ret |
0_2_00426104 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0043C098 push 0043C0C4h; ret |
0_2_0043C0BC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0042409C push 004240C8h; ret |
0_2_004240C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_004260A8 push 004260D4h; ret |
0_2_004260CC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00426150 push 0042617Ch; ret |
0_2_00426174 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00450164 push 004501BEh; ret |
0_2_004501B6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00426118 push 00426144h; ret |
0_2_0042613C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00426188 push 004261B4h; ret |
0_2_004261AC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_004103AA push 00410422h; ret |
0_2_0041041A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_004103AC push 00410422h; ret |
0_2_0041041A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0041A456 push 0041A503h; ret |
0_2_0041A4FB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0041A458 push 0041A503h; ret |
0_2_0041A4FB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00410424 push 004104CCh; ret |
0_2_004104C4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0041A508 push 0041A598h; ret |
0_2_0041A590 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_004505FC push 00450628h; ret |
0_2_00450620 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0042A5B4 push 0042A629h; ret |
0_2_0042A621 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_004105B8 push 004105E4h; ret |
0_2_004105DC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0042A62C push 0042A685h; ret |
0_2_0042A67D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00450634 push 0045065Ah; ret |
0_2_00450652 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00412708 push ecx; mov dword ptr [esp], edx |
0_2_0041270D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00426794 push 004267EDh; ret |
0_2_004267E5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00430804 push ecx; mov dword ptr [esp], ecx |
0_2_00430808 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0041A81C push 0041A848h; ret |
0_2_0041A840 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0040C8E8 push ecx; mov dword ptr [esp], edx |
0_2_0040C8ED |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_004068AC push ecx; mov dword ptr [esp], eax |
0_2_004068AD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0042891C push 0042895Eh; ret |
0_2_00428956 |
Source: initial sample |
Static PE information: section name: UPX0 |
Source: initial sample |
Static PE information: section name: UPX1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0044AFC4 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow, |
0_2_0044AFC4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0044DF9C PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, |
0_2_0044DF9C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_004361CC IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient, |
0_2_004361CC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0044E6BC IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A, |
0_2_0044E6BC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0044E76C IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus, |
0_2_0044E76C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00435098 IsIconic,GetCapture, |
0_2_00435098 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0043594C IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement, |
0_2_0043594C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00423B14 MonitorFromWindow,MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect, |
0_2_00423B14 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0043A7A0 SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode, |
0_2_0043A7A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0042A4B4 |
0_2_0042A4B4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
User Timer Set: Timeout: 20ms |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: GetCurrentThreadId,GetCursorPos,WaitForSingleObject, |
0_2_0044D50C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
API coverage: 9.4 % |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0042A4B4 |
0_2_0042A4B4 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00405070 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn, |
0_2_00405070 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0041DD44 GetSystemInfo, |
0_2_0041DD44 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0043A7A0 SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode, |
0_2_0043A7A0 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA, |
0_2_00405228 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: GetLocaleInfoA,GetACP, |
0_2_0040C134 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: GetLocaleInfoA, |
0_2_0040AB48 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: GetLocaleInfoA, |
0_2_0040AB94 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: GetLocaleInfoA, |
0_2_00405B1E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: GetLocaleInfoA, |
0_2_00405B20 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_00409648 GetLocalTime, |
0_2_00409648 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.24378.5325.exe |
Code function: 0_2_0043ADD0 GetVersion, |
0_2_0043ADD0 |