Windows Analysis Report
hUaqM7n5Zo.exe

Overview

General Information

Sample name: hUaqM7n5Zo.exe
renamed because original name is a hash value
Original sample name: d4dd8a6362310c944502065d2b0b6219.exe
Analysis ID: 1505454
MD5: d4dd8a6362310c944502065d2b0b6219
SHA1: 20743a7830ce87c58a025d4e15f6942ce8a89629
SHA256: 6bbb03ae0cf02a34159e5a17faae61253cf1747401f48e7dea5f5b2538a99fa6
Tags: exe
Infos:

Detection

Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Searches for specific processes (likely to inject)
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to delete services
Contains functionality to query CPU information (cpuid)
Contains functionality to query network adapater information
Contains functionality to read the clipboard data
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
PE file contains executable resources (Code or Archives)
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection

barindex
Source: hUaqM7n5Zo.exe Avira: detected
Source: hUaqM7n5Zo.exe ReversingLabs: Detection: 57%
Source: hUaqM7n5Zo.exe Virustotal: Detection: 50% Perma Link
Source: Submited Sample Integrated Neural Analysis Model: Matched 94.3% probability
Source: hUaqM7n5Zo.exe, 00000001.00000000.2207008388.0000000000273000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_8d90033e-f
Source: hUaqM7n5Zo.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: hUaqM7n5Zo.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: F:\VCtest\Projects\NEWGZXTEST\GZX\Release\netbios1.pdb7 source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\DriverInjectDll-master\bin\driver_inject_x64.pdb source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\NEWGZXTEST\GZX\Release\ReplayClientTest.pdb source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\HookGameACE\HookGameACE\Release\HookGameACE.pdb&& source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\InLineHookLib\Release\G_Game.pdb'' source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\InLineHookLib\Release\G_Game.pdb source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\HookGameACE\HookGameACE\Release\netbios.pdb source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\HookGameACE\HookGameACE\Release\netbios.pdb7 source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\NEWGZXTEST\GZX\Release\JQMain.pdb source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\HookGameACE\HookGameACE\Release\HookGameACE.pdb source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\NEWGZXTEST\GZX\Release\netbios1.pdb source: hUaqM7n5Zo.exe
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00250550 Sleep,Sleep,#21,WSAIoctl,EnterCriticalSection,LeaveCriticalSection,EnterCriticalSection,LeaveCriticalSection,#21,#22,#3,#266,#265,WSARecv,#111,EnterCriticalSection,LeaveCriticalSection,#266, 1_2_00250550
Source: hUaqM7n5Zo.exe String found in binary or memory: http://27.25.156.102:9999/style.html
Source: hUaqM7n5Zo.exe String found in binary or memory: http://27.25.156.102:9999/style.htmlSoftware
Source: hUaqM7n5Zo.exe String found in binary or memory: http://sf.symcb.com/sf.crl0f
Source: hUaqM7n5Zo.exe String found in binary or memory: http://sf.symcb.com/sf.crt0
Source: hUaqM7n5Zo.exe String found in binary or memory: http://sf.symcd.com0&
Source: hUaqM7n5Zo.exe String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: hUaqM7n5Zo.exe String found in binary or memory: https://curl.se/docs/hsts.html
Source: hUaqM7n5Zo.exe String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: hUaqM7n5Zo.exe String found in binary or memory: https://d.symcb.com/cps0%
Source: hUaqM7n5Zo.exe String found in binary or memory: https://d.symcb.com/rpa0
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_0024D4F0 memset,memset,SHGetSpecialFolderPathA,_time64,_localtime64_s,_localtime64_s,_localtime64_s,_localtime64_s,_localtime64_s,_localtime64_s,_localtime64_s,OpenClipboard,GetClipboardData,GlobalSize,malloc,GlobalLock,memset,GlobalUnlock,CloseClipboard,SendMessageW,#296,#296,SendMessageW,#4815,SendMessageW,#8067,#290,#13656,#13656,#1045,#290,#13656,#1045,#290,#290,#4815,#1045,#1045,#290,GetPrivateProfileIntW,#1045,#13656,#290,#290,WritePrivateProfileStringW,WritePrivateProfileStringW,#1045,#1045,WritePrivateProfileStringW,#290,#290,WritePrivateProfileStringW,#1045,#1045,#13656,#1045,#1045,fopen,fclose, 1_2_0024D4F0
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_0024D4F0 memset,memset,SHGetSpecialFolderPathA,_time64,_localtime64_s,_localtime64_s,_localtime64_s,_localtime64_s,_localtime64_s,_localtime64_s,_localtime64_s,OpenClipboard,GetClipboardData,GlobalSize,malloc,GlobalLock,memset,GlobalUnlock,CloseClipboard,SendMessageW,#296,#296,SendMessageW,#4815,SendMessageW,#8067,#290,#13656,#13656,#1045,#290,#13656,#1045,#290,#290,#4815,#1045,#1045,#290,GetPrivateProfileIntW,#1045,#13656,#290,#290,WritePrivateProfileStringW,WritePrivateProfileStringW,#1045,#1045,WritePrivateProfileStringW,#290,#290,WritePrivateProfileStringW,#1045,#1045,#13656,#1045,#1045,fopen,fclose, 1_2_0024D4F0

System Summary

barindex
Source: hUaqM7n5Zo.exe, type: SAMPLE Matched rule: Rule for beacon reflective loader Author: unknown
Source: 1.1.hUaqM7n5Zo.exe.278390.1.raw.unpack, type: UNPACKEDPE Matched rule: Rule for beacon reflective loader Author: unknown
Source: 1.2.hUaqM7n5Zo.exe.278390.3.raw.unpack, type: UNPACKEDPE Matched rule: Rule for beacon reflective loader Author: unknown
Source: 1.0.hUaqM7n5Zo.exe.240000.0.unpack, type: UNPACKEDPE Matched rule: Rule for beacon reflective loader Author: unknown
Source: 1.2.hUaqM7n5Zo.exe.240000.0.unpack, type: UNPACKEDPE Matched rule: Rule for beacon reflective loader Author: unknown
Source: 1.0.hUaqM7n5Zo.exe.278390.1.raw.unpack, type: UNPACKEDPE Matched rule: Rule for beacon reflective loader Author: unknown
Source: 00000001.00000001.2207365573.0000000000273000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Rule for beacon reflective loader Author: unknown
Source: 00000001.00000002.3450122029.0000000000273000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Rule for beacon reflective loader Author: unknown
Source: 00000001.00000000.2207008388.0000000000273000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Rule for beacon reflective loader Author: unknown
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00246620: memset,CreateFileA,DeviceIoControl,DeviceIoControl,CloseHandle,memset,DeviceIoControl,memmove,malloc,free, 1_2_00246620
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00245A00 OpenSCManagerA,OpenServiceA,GetLastError,MessageBoxA,CloseServiceHandle,CreateServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,ControlService,DeleteService,GetLastError, 1_2_00245A00
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00246450 1_2_00246450
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00243AA0 1_2_00243AA0
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_0024A2B0 1_2_0024A2B0
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_002463F0 1_2_002463F0
Source: hUaqM7n5Zo.exe Static PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: hUaqM7n5Zo.exe Static PE information: Resource name: DRV type: PE32+ executable (native) x86-64, for MS Windows
Source: hUaqM7n5Zo.exe Static PE information: Resource name: G_GAMEE type: PE32 executable (console) Intel 80386, for MS Windows
Source: hUaqM7n5Zo.exe Static PE information: Resource name: OLDDLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: hUaqM7n5Zo.exe, 00000001.00000000.2207008388.0000000000273000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameJQMain.exe8 vs hUaqM7n5Zo.exe
Source: hUaqM7n5Zo.exe, 00000001.00000000.2207008388.0000000000273000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameInPut.dll: vs hUaqM7n5Zo.exe
Source: hUaqM7n5Zo.exe, 00000001.00000000.2207008388.0000000000273000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamewjs3.dll: vs hUaqM7n5Zo.exe
Source: hUaqM7n5Zo.exe, 00000001.00000001.2207365573.0000000000273000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameJQMain.exe8 vs hUaqM7n5Zo.exe
Source: hUaqM7n5Zo.exe, 00000001.00000001.2207365573.0000000000273000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameInPut.dll: vs hUaqM7n5Zo.exe
Source: hUaqM7n5Zo.exe Binary or memory string: OriginalFilenameJQMain.exe8 vs hUaqM7n5Zo.exe
Source: hUaqM7n5Zo.exe Binary or memory string: OriginalFilenameInPut.dll: vs hUaqM7n5Zo.exe
Source: hUaqM7n5Zo.exe Binary or memory string: OriginalFilenamewjs3.dll: vs hUaqM7n5Zo.exe
Source: hUaqM7n5Zo.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: hUaqM7n5Zo.exe, type: SAMPLE Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 1.1.hUaqM7n5Zo.exe.278390.1.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 1.2.hUaqM7n5Zo.exe.278390.3.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 1.0.hUaqM7n5Zo.exe.240000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 1.2.hUaqM7n5Zo.exe.240000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 1.0.hUaqM7n5Zo.exe.278390.1.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000001.00000001.2207365573.0000000000273000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000001.00000002.3450122029.0000000000273000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000001.00000000.2207008388.0000000000273000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: hUaqM7n5Zo.exe Binary string: \Device\CrashDumpUpload\DosDevices\CrashDumpUpload
Source: classification engine Classification label: mal72.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: OpenSCManagerA,OpenServiceA,GetLastError,MessageBoxA,CloseServiceHandle,CreateServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,ControlService,DeleteService,GetLastError, 1_2_00245A00
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00249470 CreateToolhelp32Snapshot,memset,Process32FirstW,CloseHandle,StrCmpW,StrCmpW,StrCmpW,StrCmpW,OpenProcess,TerminateProcess,CloseHandle,CloseHandle,CloseHandle,Process32NextW,CloseHandle, 1_2_00249470
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00246D20 memset,memset,memset,memset,P_LoadSystem,P_UserLogin,P_GetLoginValue,P_GetLoginValue,#296,#296,#1526,P_GetLoginValue,#290,#4815,#1045,#13806,P_GetDataValue,VirtualQuery,FindResourceW,#1045,#1045,SizeofResource,LoadResource,LockResource,memset,memset,fopen,fwrite,fclose,fclose,fclose,#1045,#1045,#13806, 1_2_00246D20
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00245A00 OpenSCManagerA,OpenServiceA,GetLastError,MessageBoxA,CloseServiceHandle,CreateServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,ControlService,DeleteService,GetLastError, 1_2_00245A00
Source: hUaqM7n5Zo.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: hUaqM7n5Zo.exe ReversingLabs: Detection: 57%
Source: hUaqM7n5Zo.exe Virustotal: Detection: 50%
Source: hUaqM7n5Zo.exe String found in binary or memory: iphlpapi.dllif_nametoindexws2_32FreeAddrInfoExWGetAddrInfoExCancelGetAddrInfoExWkernel32LoadLibraryExA\/AddDllDirectoryh1h2h3%10s %512s %u %10s %512s %u "%64[^"]" %u %urt%s %s%s%s %u %s %s%s%s %u "%d%02d%02d %02d:%02d:%02d" %u %u
Source: hUaqM7n5Zo.exe String found in binary or memory: :8085/add
Source: hUaqM7n5Zo.exe String found in binary or memory: Unknown exceptionbad cast1721829950816Timestampapplication/jsonContent-TypelsjCustom-Header:8085/addhttp://UIN{"id":"UIN","txt":"data"}data:8085/query{"id":"UIN"}vector<bool> too longmap/set<T> too longalnumalnumalphaalphablankblankcntrlcntrldddigitdigitgraphgraphlowerlowerprintprintpunctpunctspacespacessupperupperwwxdigitxdigitabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_: httpslist<T> too long
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Section loaded: mfc140u.dll Jump to behavior
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Section loaded: plfl32.dll Jump to behavior
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Section loaded: uxtheme.dll Jump to behavior
Source: hUaqM7n5Zo.exe Static file information: File size 4538880 > 1048576
Source: hUaqM7n5Zo.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x437400
Source: hUaqM7n5Zo.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: hUaqM7n5Zo.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: hUaqM7n5Zo.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: hUaqM7n5Zo.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: hUaqM7n5Zo.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: hUaqM7n5Zo.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: hUaqM7n5Zo.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: hUaqM7n5Zo.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: F:\VCtest\Projects\NEWGZXTEST\GZX\Release\netbios1.pdb7 source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\DriverInjectDll-master\bin\driver_inject_x64.pdb source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\NEWGZXTEST\GZX\Release\ReplayClientTest.pdb source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\HookGameACE\HookGameACE\Release\HookGameACE.pdb&& source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\InLineHookLib\Release\G_Game.pdb'' source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\InLineHookLib\Release\G_Game.pdb source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\HookGameACE\HookGameACE\Release\netbios.pdb source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\HookGameACE\HookGameACE\Release\netbios.pdb7 source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\NEWGZXTEST\GZX\Release\JQMain.pdb source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\HookGameACE\HookGameACE\Release\HookGameACE.pdb source: hUaqM7n5Zo.exe
Source: Binary string: F:\VCtest\Projects\NEWGZXTEST\GZX\Release\netbios1.pdb source: hUaqM7n5Zo.exe
Source: hUaqM7n5Zo.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: hUaqM7n5Zo.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: hUaqM7n5Zo.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: hUaqM7n5Zo.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: hUaqM7n5Zo.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00252256 push ecx; ret 1_2_00252269
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_0024A2B0 memset,memset,memset,memset,SHGetFolderPathA,SHGetSpecialFolderPathA,memset,GetPrivateProfileIntA,_time64,fopen,fwrite,fclose,GetFileAttributesA,GetFileAttributesA,CreateDirectoryA,CreateDirectoryA,GetFileAttributesA,CreateDirectoryA,WritePrivateProfileStringA,memset,memset,memset,memset,memset,GetPrivateProfileStringA,GetPrivateProfileStringA,memset,GetPrivateProfileStringA,memset,GetPrivateProfileStringA,memset,GetPrivateProfileStringA,memset,GetPrivateProfileStringA,memset,GetPrivateProfileStringA,memset,GetPrivateProfileStringA,#13656,#13656,atoll,atoll,atoll,GetTickCount,GetTickCount,GetPrivateProfileIntA,GetTickCount,GetPrivateProfileIntA,#13656,memset,memset,memset,memset,memset,memset,memset,_access,_access,_access,memset,GetPrivateProfileStringA,memset,_time64,#13656,atoll,#13656,_access,_access,GetPrivateProfileStringA,#13656,memset,GetPrivateProfileStringA,GetPrivateProfileStringA,memset,GetPrivateProfileStringA,_access,_access,memset,GetPrivateProfileStringA,_access,#13656,memset,memcpy,_time64,#13656, 1_2_0024A2B0
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00245A00 OpenSCManagerA,OpenServiceA,GetLastError,MessageBoxA,CloseServiceHandle,CreateServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,ControlService,DeleteService,GetLastError, 1_2_00245A00
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00247850 IsIconic,memset,#890,SendMessageW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,#1391,#11038, 1_2_00247850
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_002414E0 memset,memset,LoadLibraryW,#296,#296,#4815,#4815,#4815,GetCurrentDirectoryW,#5110,SetCurrentDirectoryW,SetCurrentDirectoryW,#5110,LoadLibraryW,SetCurrentDirectoryW,#1045,#1045,GetProcAddress,GetProcAddress,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 1_2_002414E0
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: malloc,malloc,GetAdaptersInfo,GetAdaptersInfo,free,malloc,GetAdaptersInfo,strstr,strstr,free, 1_2_00246520
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00251420 P_GetLoginValue,#115,#111,CreateIoCompletionPort,CreateIoCompletionPort,CreateIoCompletionPort,CloseHandle,GetLastError,GetSystemInfo,CloseHandle,_beginthreadex,_beginthreadex,CloseHandle,_beginthreadex,CloseHandle, 1_2_00251420
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_002527EA IsDebuggerPresent,OutputDebugStringW, 1_2_002527EA
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_0025258D SetUnhandledExceptionFilter, 1_2_0025258D
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00251F12 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 1_2_00251F12
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_002523FB IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_002523FB

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00249470 CreateToolhelp32Snapshot,memset,Process32FirstW,CloseHandle,StrCmpW,StrCmpW,StrCmpW,StrCmpW,OpenProcess,TerminateProcess,CloseHandle,CloseHandle,CloseHandle,Process32NextW,CloseHandle, 1_2_00249470
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00244D50 CreateToolhelp32Snapshot,memset,#290,#290,Process32FirstW,PeekMessageW,TranslateMessage,#5110,StrCmpW,#296,#4815,OpenFileMappingW,#1045,#5110,StrCmpW,#296,#4815,OpenFileMappingW,MapViewOfFile,OpenProcess,GetProcessTimes,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,_time64,CloseHandle,UnmapViewOfFile,CloseHandle,PeekMessageW,#1045,TranslateMessage,PeekMessageW,TranslateMessage,DispatchMessageW,PeekMessageW,Process32NextW,CloseHandle,UnmapViewOfFile,CloseHandle,TerminateProcess,#1045,CloseHandle,#1045,#1045, 1_2_00244D50
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00249630 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,CreateToolhelp32Snapshot,memset,Process32FirstW,StrCmpW,Process32NextW,CloseHandle,#296,memset,GetWindowTextW,StrCmpW,OpenProcess,TerminateProcess,CloseHandle,GetWindowThreadProcessId,CreateThread,GetTickCount,GetTickCount,OpenProcess,TerminateProcess,CloseHandle,#1045, 1_2_00249630
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00244B10 CreateToolhelp32Snapshot,memset,#290,Process32FirstW,PeekMessageW,TranslateMessage,DispatchMessageW,#5110,StrCmpW,#296,#4815,OpenFileMappingW,MapViewOfFile,PeekMessageW,DispatchMessageW,UnmapViewOfFile,CloseHandle,#1045,TranslateMessage,PeekMessageW,TranslateMessage,DispatchMessageW,PeekMessageW,Process32NextW,CloseHandle,#1045, 1_2_00244B10
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00249370 CreateToolhelp32Snapshot,memset,Process32FirstW,Process32NextW,#286,#5110,StrCmpW,#1045,Process32NextW,CloseHandle, 1_2_00249370
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_00252636 cpuid 1_2_00252636
Source: C:\Users\user\Desktop\hUaqM7n5Zo.exe Code function: 1_2_002522ED GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 1_2_002522ED
No contacted IP infos