| Source: update_390_391.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED |
| Source: update_390_391.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED |
| Source: classification engine |
Classification label: clean0.winEXE@2/2@0/0 |
| Source: C:\Users\user\Desktop\update_390_391.exe |
File created: C:\Users\user\Desktop\ _avk_0.0.0.txt |
| Source: Yara match |
File source: update_390_391.exe, type: SAMPLE |
| Source: Yara match |
File source: 00000000.00000000.1176732125.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
| Source: update_390_391.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
| Source: C:\Users\user\Desktop\update_390_391.exe |
File read: C:\Users\user\Desktop\update_390_391.exe |
| Source: unknown |
Process created: C:\Users\user\Desktop\update_390_391.exe "C:\Users\user\Desktop\update_390_391.exe" |
| Source: unknown |
Process created: C:\Users\user\Desktop\update_390_391.exe "C:\Users\user\Desktop\update_390_391.exe" |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: mpr.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: version.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: uxtheme.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: kernel.appcore.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: textshaping.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: textinputframework.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: coreuicomponents.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: coremessaging.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: ntmarta.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: wintypes.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: wintypes.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: wintypes.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: mpr.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: version.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: uxtheme.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: kernel.appcore.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: textshaping.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: textinputframework.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: coreuicomponents.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: coremessaging.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: ntmarta.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: wintypes.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: wintypes.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Section loaded: wintypes.dll |
| Source: C:\Users\user\Desktop\update_390_391.exe |
Window found: window name: TButton |
| Source: update_390_391.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
| Source: update_390_391.exe |
Static file information: File size 28808560 > 1048576 |
| Source: update_390_391.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x133800 |
