Source: |
Binary string: C:\Windows\System.ServiceModel.pdbpdbdel.pdb source: build.exe, 00000000.00000002.3247016957.0000000001636000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb source: build.exe, 00000000.00000002.3247016957.0000000001636000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\System.ServiceModel.pdbsq source: build.exe, 00000000.00000002.3247016957.0000000001636000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdbra source: build.exe, 00000000.00000002.3247016957.0000000001636000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb7MXP source: build.exe, 00000000.00000002.3247016957.0000000001636000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.ServiceModel.pdb source: build.exe, 00000000.00000002.3248605168.0000000005BEA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: build.exe, 00000000.00000002.3247016957.0000000001636000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb source: build.exe, 00000000.00000002.3247016957.0000000001636000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.ServiceModel.pdb693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: build.exe, 00000000.00000002.3248734324.0000000005C42000.00000004.00000020.00020000.00000000.sdmp |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.15.156.127 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: build.exe, 00000000.00000002.3247476169.0000000003502000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: $]q3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\]q equals www.youtube.com (Youtube) |
Source: build.exe, 00000000.00000002.3247476169.0000000003502000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube) |
Source: build.exe, 00000000.00000002.3247476169.0000000003502000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\]q equals www.youtube.com (Youtube) |
Source: build.exe, 00000000.00000002.3247476169.0000000003502000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb`,]q equals www.youtube.com (Youtube) |
Source: build.exe, 00000000.00000002.3247476169.0000000003502000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: `,]q#www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube) |
Source: build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next |
Source: build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/ |
Source: build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing |
Source: build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault |
Source: build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous |
Source: build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm |
Source: build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested |
Source: build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence |
Source: build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse |
Source: build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage |
Source: build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement |
Source: build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence |
Source: build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns |
Source: build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty |
Source: build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/8) |
Source: build.exe, 00000000.00000002.3247476169.0000000003618000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/RestAPI/ |
Source: build.exe, 00000000.00000002.3247476169.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000365B000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000369D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.00000000035CB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.0000000003618000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/RestAPI/TreeObject1LR |
Source: build.exe, 00000000.00000002.3247476169.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000365B000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000369D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.00000000035CB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.0000000003618000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/RestAPI/TreeObject1Response |
Source: build.exe, 00000000.00000002.3247476169.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000365B000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000369D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.00000000035CB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.0000000003618000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/RestAPI/TreeObject2LR |
Source: build.exe, 00000000.00000002.3247476169.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000365B000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000369D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.00000000035CB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.0000000003618000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/RestAPI/TreeObject2Response |
Source: build.exe, 00000000.00000002.3247476169.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000365B000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000369D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.00000000035CB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.0000000003618000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/RestAPI/TreeObject3LR |
Source: build.exe, 00000000.00000002.3247476169.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000365B000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000354C000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.000000000369D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.00000000035CB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.3247476169.0000000003618000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/RestAPI/TreeObject3Response |
Source: build.exe, 00000000.00000002.3247476169.00000000034C4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.ip.s |
Source: build.exe, 00000000.00000002.3247476169.00000000034C4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.ip.sb/ip |
Source: 0.2.build.exe.12afc24.1.unpack, type: UNPACKEDPE |
Matched rule: Detects zgRAT Author: ditekSHen |
Source: 0.2.build.exe.12afc24.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects zgRAT Author: ditekSHen |
Source: 0.2.build.exe.1450000.2.unpack, type: UNPACKEDPE |
Matched rule: Detects zgRAT Author: ditekSHen |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_002C9ABE |
0_2_002C9ABE |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_002B2CE0 |
0_2_002B2CE0 |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_002CE5B9 |
0_2_002CE5B9 |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_05870B98 |
0_2_05870B98 |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_05870900 |
0_2_05870900 |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_05870910 |
0_2_05870910 |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_05870B8B |
0_2_05870B8B |
Source: C:\Users\user\Desktop\build.exe |
Code function: String function: 002B99A0 appears 48 times |
|
Source: C:\Users\user\Desktop\build.exe |
Code function: String function: 002B5D90 appears 45 times |
|
Source: build.exe, 00000000.00000002.3246570367.00000000012AE000.00000004.00000010.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameHearths.exe" vs build.exe |
Source: build.exe, 00000000.00000002.3247016957.00000000015FE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs build.exe |
Source: build.exe, 00000000.00000002.3246788827.0000000001492000.00000002.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameHearths.exe" vs build.exe |
Source: 0.2.build.exe.12afc24.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT |
Source: 0.2.build.exe.12afc24.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT |
Source: 0.2.build.exe.1450000.2.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT |
Source: 0.2.build.exe.12afc24.1.raw.unpack, Strings.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.build.exe.12afc24.1.raw.unpack, WdBnEYAg1nRyqJHbk0Q.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.build.exe.12afc24.1.raw.unpack, WdBnEYAg1nRyqJHbk0Q.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: C:\Users\user\Desktop\build.exe |
Mutant created: NULL |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1268:120:WilError_03 |
Source: unknown |
Process created: C:\Users\user\Desktop\build.exe "C:\Users\user\Desktop\build.exe" |
Source: C:\Users\user\Desktop\build.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\build.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: |
Binary string: C:\Windows\System.ServiceModel.pdbpdbdel.pdb source: build.exe, 00000000.00000002.3247016957.0000000001636000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb source: build.exe, 00000000.00000002.3247016957.0000000001636000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\System.ServiceModel.pdbsq source: build.exe, 00000000.00000002.3247016957.0000000001636000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdbra source: build.exe, 00000000.00000002.3247016957.0000000001636000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb7MXP source: build.exe, 00000000.00000002.3247016957.0000000001636000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.ServiceModel.pdb source: build.exe, 00000000.00000002.3248605168.0000000005BEA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: build.exe, 00000000.00000002.3247016957.0000000001636000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb source: build.exe, 00000000.00000002.3247016957.0000000001636000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.ServiceModel.pdb693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: build.exe, 00000000.00000002.3248734324.0000000005C42000.00000004.00000020.00020000.00000000.sdmp |
Source: 0.2.build.exe.12afc24.1.raw.unpack, WdBnEYAg1nRyqJHbk0Q.cs |
.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)}) |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_002B2F90 VirtualAlloc,LoadLibraryA,GetProcAddress,GetProcAddress,lstrlenW,CreateThread,Sleep,WaitForSingleObject, |
0_2_002B2F90 |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_002B5710 push eax; ret |
0_2_002B5C31 |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_002D1C15 push ecx; ret |
0_2_002D1C28 |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_0587E0D0 pushad ; iretd |
0_2_0587E249 |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_0587E242 pushad ; iretd |
0_2_0587E249 |
Source: 0.2.build.exe.12afc24.1.raw.unpack, WdBnEYAg1nRyqJHbk0Q.cs |
High entropy of concatenated method names: 'Deym16AiJU', 'g38PJ8K3c0', 'bxAmNgpIsj', 'e1hmfGryNP', 'lwtmvR4TbI', 'gTTmjxPf2K', 'etPftZtnFF', 'k8lAkyS3d0', 'JTKAaFtTtb', 'ShGAiaNY5l' |
Source: 0.2.build.exe.12afc24.1.raw.unpack, jtvT30mIe4m7msKUQwZ.cs |
High entropy of concatenated method names: 'VkGmG6avNL', 'ioJmo5Cece', 'G4Vmx95Kxx', 's2amJtTEpL', 'xc1mQF3iqc', 'GdGmEOsNfa', 'BKFmbRmVTI', 'Dutm8SOTEe', 'e3Am0acWmO', 'bJjmLl8bTU' |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: build.exe, 00000000.00000002.3246570367.00000000012AE000.00000004.00000010.00020000.00000000.sdmp, build.exe, 00000000.00000002.3246740839.0000000001452000.00000020.00001000.00020000.00000000.sdmp |
Binary or memory string: \QEMU-GA.EXE |
Source: build.exe, 00000000.00000002.3246570367.00000000012AE000.00000004.00000010.00020000.00000000.sdmp, build.exe, 00000000.00000002.3246740839.0000000001452000.00000020.00001000.00020000.00000000.sdmp |
Binary or memory string: \qemu-ga.exe |
Source: build.exe, 00000000.00000002.3247016957.0000000001636000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_002B2F90 VirtualAlloc,LoadLibraryA,GetProcAddress,GetProcAddress,lstrlenW,CreateThread,Sleep,WaitForSingleObject, |
0_2_002B2F90 |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_002B992D SetUnhandledExceptionFilter, |
0_2_002B992D |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_002B9B5D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_002B9B5D |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_002BFD93 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_002BFD93 |
Source: C:\Users\user\Desktop\build.exe |
Code function: 0_2_002B97CE IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_002B97CE |
Source: C:\Users\user\Desktop\build.exe |
Code function: GetACP,IsValidCodePage,GetLocaleInfoW, |
0_2_002CA008 |
Source: C:\Users\user\Desktop\build.exe |
Code function: GetLocaleInfoW, |
0_2_002CA8A7 |
Source: C:\Users\user\Desktop\build.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_002CA97D |
Source: C:\Users\user\Desktop\build.exe |
Code function: EnumSystemLocalesW, |
0_2_002CA2B4 |
Source: C:\Users\user\Desktop\build.exe |
Code function: EnumSystemLocalesW, |
0_2_002CA2FF |
Source: C:\Users\user\Desktop\build.exe |
Code function: GetLocaleInfoW, |
0_2_002C7ADD |
Source: C:\Users\user\Desktop\build.exe |
Code function: EnumSystemLocalesW, |
0_2_002CA39A |
Source: C:\Users\user\Desktop\build.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
0_2_002CA425 |
Source: C:\Users\user\Desktop\build.exe |
Code function: EnumSystemLocalesW, |
0_2_002C75B1 |
Source: C:\Users\user\Desktop\build.exe |
Code function: GetLocaleInfoW, |
0_2_002CA678 |
Source: C:\Users\user\Desktop\build.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_002CA7A1 |
Source: C:\Users\user\Desktop\build.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\build.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 0.2.build.exe.12afc24.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.build.exe.12afc24.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.build.exe.1450000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.3246570367.00000000012AE000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3246740839.0000000001452000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.2.build.exe.12afc24.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.build.exe.12afc24.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.build.exe.1450000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.3246570367.00000000012AE000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3246740839.0000000001452000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: build.exe PID: 1856, type: MEMORYSTR |
Source: Yara match |
File source: 0.2.build.exe.12afc24.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.build.exe.12afc24.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.build.exe.1450000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.build.exe.12afc24.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.build.exe.12afc24.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.build.exe.1450000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.3246570367.00000000012AE000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3246740839.0000000001452000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.2.build.exe.12afc24.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.build.exe.12afc24.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.build.exe.1450000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.3246570367.00000000012AE000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3246740839.0000000001452000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: build.exe PID: 1856, type: MEMORYSTR |
Source: Yara match |
File source: 0.2.build.exe.12afc24.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.build.exe.12afc24.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.build.exe.1450000.2.unpack, type: UNPACKEDPE |