Windows Analysis Report
1PI1dOAtKY.exe

Overview

General Information

Sample name: 1PI1dOAtKY.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name: 3fe5fd377ea9bde5ca15723d214916b9a8e1b780bd49fab6e75412315c155b52
Analysis ID: 1539800
MD5: 65265a6752011edf039bdeafeb4e1551
SHA1: 7414c76369b2e5762c93936a22ba530d80488d10
SHA256: 3fe5fd377ea9bde5ca15723d214916b9a8e1b780bd49fab6e75412315c155b52
Infos:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evaded block containing many API calls
Found evasive API chain (date check)
Found potential string decryption / allocating functions
Program does not show much activity (idle)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: 1PI1dOAtKY.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: 1PI1dOAtKY.exe Virustotal: Detection: 10% Perma Link
Source: 1PI1dOAtKY.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D7A740 InternetOpenA,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,GetLastError,HttpQueryInfoA,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle, 0_2_00007FF746D7A740
Source: 1PI1dOAtKY.exe String found in binary or memory: https://http://Mozilla/5.0
Detected potential crypto function
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DB2644 0_2_00007FF746DB2644
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DC6F64 0_2_00007FF746DC6F64
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D8E053 0_2_00007FF746D8E053
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DB2020 0_2_00007FF746DB2020
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DBDA9C 0_2_00007FF746DBDA9C
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D847B0 0_2_00007FF746D847B0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DAE764 0_2_00007FF746DAE764
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D7A740 0_2_00007FF746D7A740
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DCF8F8 0_2_00007FF746DCF8F8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DC48FC 0_2_00007FF746DC48FC
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D865D0 0_2_00007FF746D865D0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DBB59C 0_2_00007FF746DBB59C
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D8A594 0_2_00007FF746D8A594
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D76590 0_2_00007FF746D76590
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DDB698 0_2_00007FF746DDB698
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DB56AC 0_2_00007FF746DB56AC
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D77360 0_2_00007FF746D77360
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D82500 0_2_00007FF746D82500
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D754A0 0_2_00007FF746D754A0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D7E480 0_2_00007FF746D7E480
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DD5474 0_2_00007FF746DD5474
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D83470 0_2_00007FF746D83470
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DC1450 0_2_00007FF746DC1450
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D75190 0_2_00007FF746D75190
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D84160 0_2_00007FF746D84160
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DA5124 0_2_00007FF746DA5124
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DB52FC 0_2_00007FF746DB52FC
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DC42D8 0_2_00007FF746DC42D8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D8F298 0_2_00007FF746D8F298
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DB1248 0_2_00007FF746DB1248
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DB0010 0_2_00007FF746DB0010
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DD1FE4 0_2_00007FF746DD1FE4
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DA8F9C 0_2_00007FF746DA8F9C
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DB0FB0 0_2_00007FF746DB0FB0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D75F70 0_2_00007FF746D75F70
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D86F32 0_2_00007FF746D86F32
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D85050 0_2_00007FF746D85050
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DA1DC4 0_2_00007FF746DA1DC4
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D78DD0 0_2_00007FF746D78DD0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DBCE74 0_2_00007FF746DBCE74
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D8BE20 0_2_00007FF746D8BE20
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DADBB4 0_2_00007FF746DADBB4
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D7CB60 0_2_00007FF746D7CB60
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D8CB40 0_2_00007FF746D8CB40
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DA1B38 0_2_00007FF746DA1B38
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D8FB3E 0_2_00007FF746D8FB3E
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DD5CC8 0_2_00007FF746DD5CC8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D81A00 0_2_00007FF746D81A00
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D739F0 0_2_00007FF746D739F0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: String function: 00007FF746DA0700 appears 63 times
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: String function: 00007FF746D94AE0 appears 36 times
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: String function: 00007FF746D9C040 appears 144 times
Source: classification engine Classification label: mal56.winEXE@2/1@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1816:120:WilError_03
Source: 1PI1dOAtKY.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: 1PI1dOAtKY.exe Virustotal: Detection: 10%
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe File read: C:\Users\user\Desktop\1PI1dOAtKY.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\1PI1dOAtKY.exe "C:\Users\user\Desktop\1PI1dOAtKY.exe"
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Section loaded: wininet.dll Jump to behavior
Source: 1PI1dOAtKY.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: 1PI1dOAtKY.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: 1PI1dOAtKY.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 1PI1dOAtKY.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 1PI1dOAtKY.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 1PI1dOAtKY.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 1PI1dOAtKY.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DCD8FC LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_00007FF746DCD8FC
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DA5124 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_00007FF746DA5124
Contains functionality to query network adapater information
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: malloc,GetAdaptersInfo,free,malloc,GetAdaptersInfo,free,sprintf,free, 0_2_00007FF746D74030
Found evaded block containing many API calls
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Evaded block: after key decision
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Evaded block: after key decision
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Evaded block: after key decision
Found evasive API chain (date check)
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: 1PI1dOAtKY.exe, 00000000.00000002.2026520257.00000187C39D0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe API call chain: ExitProcess graph end node
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DAD1DC __crtCaptureCurrentContext,IsDebuggerPresent,__crtUnhandledException, 0_2_00007FF746DAD1DC
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DC227C EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 0_2_00007FF746DC227C
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DCD8FC LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_00007FF746DCD8FC
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DD466C _lseeki64_nolock,_lseeki64_nolock,GetProcessHeap,HeapAlloc,_errno,_errno,_setmode_nolock,__doserrno,_errno,_setmode_nolock,GetProcessHeap,HeapFree,_lseeki64_nolock,SetEndOfFile,_errno,__doserrno,GetLastError,_lseeki64_nolock, 0_2_00007FF746DD466C
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DAC73C SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF746DAC73C
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DB3868 SetUnhandledExceptionFilter, 0_2_00007FF746DB3868
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DAF8B8 cpuid 0_2_00007FF746DAF8B8
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: __crtGetLocaleInfoEx, 0_2_00007FF746DC47F8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: __crtGetLocaleInfoEx,__crtGetLocaleInfoEx,GetACP, 0_2_00007FF746DC4744
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,__crtGetUserDefaultLocaleName,_invoke_watson,_invoke_watson,_getptd,_getptd,LcidFromHexString,GetLocaleInfoW, 0_2_00007FF746DC48FC
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free, 0_2_00007FF746DC282C
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo, 0_2_00007FF746DC3540
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, 0_2_00007FF746DC2654
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: __crtGetLocaleInfoEx,malloc,__crtGetLocaleInfoEx,WideCharToMultiByte,free, 0_2_00007FF746DC24F8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: _getptd,GetLocaleInfoW, 0_2_00007FF746DC51E8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 0_2_00007FF746DC5138
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: _getptd,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,TestDefaultCountry,__crtGetLocaleInfoEx,TestDefaultCountry,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_getptd,__crtGetLocaleInfoEx,_invoke_watson, 0_2_00007FF746DC42D8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: _getptd,_getptd,TranslateName,GetLcidFromLangCountry,GetLcidFromLanguage,TranslateName,GetLcidFromLangCountry,GetLcidFromLanguage,_getptd,EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,__crtDownlevelLCIDToLocaleName,__crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,_itow_s, 0_2_00007FF746DC5290
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: _getptd,__lc_wcstolc,__get_qualified_locale_downlevel,__get_qualified_locale,__lc_lctowcs,__crtGetLocaleInfoEx,GetACP,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson, 0_2_00007FF746DB1248
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: __crtDownlevelLocaleNameToLCID,GetLocaleInfoW, 0_2_00007FF746DACFE0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: _getptd,_getptd,LcidFromHexString,GetLocaleInfoW,TestDefaultLanguage, 0_2_00007FF746DC4FEC
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: EnumSystemLocalesW, 0_2_00007FF746DACF9C
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free, 0_2_00007FF746DC2DB8
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: _getptd,_getptd,LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,TestDefaultLanguage, 0_2_00007FF746DC4DBC
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: _getptd,EnumSystemLocalesW, 0_2_00007FF746DC4D28
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,GetCPInfo,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free, 0_2_00007FF746DA7EF4
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,__crtGetLocaleInfoEx,_calloc_crt,__crtGetLocaleInfoEx,free,__crtGetLocaleInfoEx,_invoke_watson, 0_2_00007FF746DAEB88
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: _getptd,EnumSystemLocalesW, 0_2_00007FF746DC4C74
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D754A0 SetFileAttributesA,std::ios_base::_Ios_base_dtor,_time64,Sleep,_time64,_time64,_time64,rand,rand,SetFileAttributesA,GetSystemTime,rand,SystemTimeToFileTime,CreateFileA,SetFileTime,CloseHandle,std::ios_base::_Ios_base_dtor, 0_2_00007FF746D754A0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746D737C0 GetUserNameA, 0_2_00007FF746D737C0
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DBAD54 GetVersionExW,Concurrency::details::platform::InitializeSystemFunctionPointers,Concurrency::details::WinRT::Initialize,std::bad_exception::bad_exception,_CxxThrowException,std::bad_exception::bad_exception,_CxxThrowException, 0_2_00007FF746DBAD54
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DD0158 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::WorkItem::Bind,Concurrency::details::SchedulerBase::GetInternalContext, 0_2_00007FF746DD0158
Source: C:\Users\user\Desktop\1PI1dOAtKY.exe Code function: 0_2_00007FF746DD10A0 Concurrency::details::VirtualProcessor::ThrowVirtualProcessorEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::WorkItem::Bind, 0_2_00007FF746DD10A0
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1539800 Sample: 1PI1dOAtKY Startdate: 23/10/2024 Architecture: WINDOWS Score: 56 10 Antivirus / Scanner detection for submitted sample 2->10 12 Multi AV Scanner detection for submitted file 2->12 6 1PI1dOAtKY.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
No contacted IP infos