Windows Analysis Report
FONDOS.zip

Overview

General Information

Sample name: FONDOS.zip
Analysis ID: 1542231
MD5: 74aa14fc281c8e2224ca47400e03bd15
SHA1: 5862c8e09652d8d2dc47eaa0dcd4660d31fc1f65
SHA256: cfc296d3f6d635dc77a90109365e858d256b987000f070023c4d56e0fa971ec5
Infos:

Detection

Score: 4
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Potential time zone aware malware
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)

Classification

Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll Jump to behavior
Source: Binary string: bin/DIMSA.Modulos.Plataforma.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Negocios.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.InterfacesBCT.pdb source: FONDOS.zip, bin.zip
Source: Binary string: Vbin/DIMSA.Modulos.Auditoria.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.General.pdbPK source: bin.zip
Source: Binary string: hbin/DIMSA.Modulos.Bancos.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles_CS.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Componentes\Windows\FormasBase\obj\Debug\DIMSA.Componentes.FormasBase.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2552343143.0000000005FBE000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: bin/DIMSA.Negocios.General.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Principal.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.CRM.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Seguridad.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.LibroAccionistas.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Contabilidad.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Datos.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Contabilidad.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Auditoria.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.InterfacesBCT.pdbPK source: bin.zip
Source: Binary string: +bin/DIMSA.Modulos.PasivaFondosInversion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Servicios.Datos.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Servicios\Datos\obj\Debug\DIMSA.Servicios.Datos.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2559020880.0000000008CDC000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: bin/DIMSA.Modulos.Valoracion.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Exportador.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Seguridad.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Datos.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Exportador.pdb source: FONDOS.zip, bin.zip
Source: Binary string: &bin/DIMSA.Componentes.Controles_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Negocios.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: $bin/DIMSA.Componentes.FormasBase.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\SAFI\Negocios\Negocios\obj\Debug\DIMSA.Negocios.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2552556572.00000000063B2000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: bin/DIMSA.Servicios.Datos.pdbPK source: bin.zip
Source: Binary string: #bin/DIMSA.Componentes.Controles.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase.pdbPK source: bin.zip
Source: Binary string: W%bin/DIMSA.Datos.pdbPK source: bin.zip
Source: Binary string: &bin/DIMSA.Modulos.LibroAccionistas.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.LibroAccionistas.pdb source: FONDOS.zip, bin.zip
Source: Binary string: "bin/DIMSA.Modulos.Inmobiliario.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Sistemas.pdbPK source: bin.zip
Source: Binary string: "bin/DIMSA.Modulos.Contabilidad.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\SAFI\Datos\obj\Debug\DIMSA.Datos.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2554012082.0000000006BC2000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: bin/DIMSA.Modulos.Plataforma.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Clientes.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Servicios\Utiles\obj\Debug\DIMSA.Servicios.Utiles.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2553607236.0000000006762000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: bin/DIMSA.Modulos.Bancos.pdb source: FONDOS.zip, bin.zip
Source: Binary string: Qbin/DIMSA.InterfacesBCT.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.PasivaFondosInversion.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Bancos.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Inmobiliario.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Principal.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.CRM.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Portafolio.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Plataforma.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Componentes\Windows\Controles\obj\Debug\DIMSA.Componentes.Controles.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2556906329.000000000763A000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: bin/DIMSA.Modulos.Portafolio.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Servicios.Utiles.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Clientes.pdbPK source: bin.zip
Source: Binary string: 'bin/DIMSA.Componentes.FormasBase_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Servicios.Utiles.pdbPK source: bin.zip
Source: Binary string: * bin/DIMSA.Modulos.Portafolio.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.PasivaFondosInversion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Negocios.General.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Sistemas.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\SAFI\Windows\Principal\obj\Debug\DIMSA.Principal.pdb source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: bin/DIMSA.Modulos.Exportador.pdbPK source: bin.zip
Source: Binary string: bin/Calculadora.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.General.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/Calculadora.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Auditoria.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Inmobiliario.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase_CS.pdbPK source: bin.zip
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe File opened: C:\Users\user\Desktop\ Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe File opened: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\ Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe File opened: C:\Users\user\Desktop\FONDOS\FONDOS\bin\ Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe File opened: C:\Users\user\Desktop\FONDOS\ Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe File opened: C:\Users\user\Desktop\FONDOS\FONDOS\ Jump to behavior
Source: DIMSA.Principal.exe, 0000000D.00000002.2550212591.0000000003B91000.00000004.00000800.00020000.00000000.sdmp, DIMSA.Principal.exe, 0000000D.00000002.2550212591.0000000003C6B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://1.8.5.61/ServicioWebBCT/BCTService.svc
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fontfabrik.com
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/ServicioWebBCT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ActualizaClienteBursatilResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ActualizaClienteBursatilT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/BaseDatosDimsaDisponibleResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/BaseDatosDimsaDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/BaseDatosSGCDisponibleResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/BaseDatosSGCDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/BaseDatosVALCUSTODIASDisponibleResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/BaseDatosVALCUSTODIASDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaCuentaResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaCuentaT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaDocumentoInversionResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaDocumentoInversionT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaEstadoCuentaCustodioResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaEstadoCuentaCustodioT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaEstadoCuentaPuestoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaEstadoCuentaPuestoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaFondosPorClienteResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaFondosPorClienteT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaFondosPorCuentaResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaFondosPorCuentaT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaFondosResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaFondosT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaInversionesResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaInversionesT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaLiquidacionesResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaLiquidacionesT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaMargenesResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaMargenesT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaMonedaFondoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaMonedaFondoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosEfectivoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosEfectivoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosFondosResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosFondosT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosMonexResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosMonexT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosValoresSalidasResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaMovimientosValoresSalidasT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaPersonaResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaPersonaT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaRecomprasResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaRecomprasT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaSaldoClienteFondosResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaSaldoClienteFondosT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaSaldoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaSaldoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaTipoCambioResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaTipoCambioT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaVencimientosResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultaVencimientosT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultasSaldosValoresResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ConsultasSaldosValoresT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/EnvioAsientoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/EnvioAsientoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/EnvioEmailResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/EnvioEmailT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/EnvioOCResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/EnvioOCT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ObtieneCodigoCustodiaEnPuestoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ObtieneCodigoCustodiaEnPuestoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ObtieneEjecutivoFondoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ObtieneEjecutivoFondoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ObtieneEmisionResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ObtieneEmisionT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ObtieneEmisionesHoyResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ObtieneEmisionesHoyT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ObtieneEmisionesPorFechaResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ObtieneEmisionesPorFechaT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ProcesaSolInversionResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ProcesaSolInversionT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ProcesaSolLiquidacionResponsew
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ProcesaSolLiquidacionT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/RegistrarCambiarioResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/RegistrarCambiarioT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/RegistrarComisionBursatilResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/RegistrarComisionBursatilT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ServicioBolsaDisponibleResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ServicioBolsaDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ServicioDisponibleResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ServicioDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ServicioPELgxDisponibleResponseq
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ServicioPELgxDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ServicioSAPDisponibleResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ServicioSAPDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ServicioSGCDisponibleResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/ServicioSGCDisponibleT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/SincronizaRecordKeeperResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/SincronizaRecordKeeperT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/SolicitudMovimientoResponse
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/SolicitudMovimientoT
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/SolicitudMovimientoV2Response
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/IBCTService/SolicitudMovimientoV2T
Source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: http://tempuri.org/T
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: DIMSA.Principal.exe, 0000000D.00000002.2557446549.00000000087C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Detected potential crypto function
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Code function: 13_2_090E9790 13_2_090E9790
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Code function: 13_2_090E2BB0 13_2_090E2BB0
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Code function: 13_2_090E67B1 13_2_090E67B1
Source: classification engine Classification label: clean4.winZIP@2/0@0/0
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Mutant created: NULL
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
Source: C:\Windows\System32\rundll32.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe "C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe"
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: security.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Section loaded: rasadhlp.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll Jump to behavior
Source: FONDOS.zip Static file information: File size 33032528 > 1048576
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll Jump to behavior
Source: Binary string: bin/DIMSA.Modulos.Plataforma.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Negocios.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.InterfacesBCT.pdb source: FONDOS.zip, bin.zip
Source: Binary string: Vbin/DIMSA.Modulos.Auditoria.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.General.pdbPK source: bin.zip
Source: Binary string: hbin/DIMSA.Modulos.Bancos.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles_CS.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Componentes\Windows\FormasBase\obj\Debug\DIMSA.Componentes.FormasBase.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2552343143.0000000005FBE000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: bin/DIMSA.Negocios.General.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Principal.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.CRM.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Seguridad.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.LibroAccionistas.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Contabilidad.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Datos.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Contabilidad.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Auditoria.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.InterfacesBCT.pdbPK source: bin.zip
Source: Binary string: +bin/DIMSA.Modulos.PasivaFondosInversion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Servicios.Datos.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Servicios\Datos\obj\Debug\DIMSA.Servicios.Datos.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2559020880.0000000008CDC000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: bin/DIMSA.Modulos.Valoracion.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Exportador.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Seguridad.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Datos.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Exportador.pdb source: FONDOS.zip, bin.zip
Source: Binary string: &bin/DIMSA.Componentes.Controles_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Negocios.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: $bin/DIMSA.Componentes.FormasBase.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\SAFI\Negocios\Negocios\obj\Debug\DIMSA.Negocios.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2552556572.00000000063B2000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: bin/DIMSA.Servicios.Datos.pdbPK source: bin.zip
Source: Binary string: #bin/DIMSA.Componentes.Controles.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase.pdbPK source: bin.zip
Source: Binary string: W%bin/DIMSA.Datos.pdbPK source: bin.zip
Source: Binary string: &bin/DIMSA.Modulos.LibroAccionistas.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.LibroAccionistas.pdb source: FONDOS.zip, bin.zip
Source: Binary string: "bin/DIMSA.Modulos.Inmobiliario.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Sistemas.pdbPK source: bin.zip
Source: Binary string: "bin/DIMSA.Modulos.Contabilidad.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\SAFI\Datos\obj\Debug\DIMSA.Datos.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2554012082.0000000006BC2000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: bin/DIMSA.Modulos.Plataforma.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Clientes.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Servicios\Utiles\obj\Debug\DIMSA.Servicios.Utiles.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2553607236.0000000006762000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: bin/DIMSA.Modulos.Bancos.pdb source: FONDOS.zip, bin.zip
Source: Binary string: Qbin/DIMSA.InterfacesBCT.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.PasivaFondosInversion.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Bancos.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Inmobiliario.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Principal.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.CRM.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Portafolio.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.Plataforma.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\Componentes\Windows\Controles\obj\Debug\DIMSA.Componentes.Controles.pdb source: DIMSA.Principal.exe, 0000000D.00000002.2556906329.000000000763A000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: bin/DIMSA.Modulos.Portafolio.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Servicios.Utiles.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Clientes.pdbPK source: bin.zip
Source: Binary string: 'bin/DIMSA.Componentes.FormasBase_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Servicios.Utiles.pdbPK source: bin.zip
Source: Binary string: * bin/DIMSA.Modulos.Portafolio.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.PasivaFondosInversion.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Negocios.General.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Sistemas.pdb source: FONDOS.zip, bin.zip
Source: Binary string: C:\CONTROL_DE_VERSIONES\FONDOS_SQL_BCT\SAFI\Windows\Principal\obj\Debug\DIMSA.Principal.pdb source: DIMSA.Principal.exe, 0000000D.00000000.1817990467.0000000000E12000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: bin/DIMSA.Modulos.Exportador.pdbPK source: bin.zip
Source: Binary string: bin/Calculadora.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Modulos.General.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/Calculadora.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Auditoria.pdbPK source: bin.zip
Source: Binary string: bin/DIMSA.Componentes.Controles_CS.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Modulos.Inmobiliario.pdb source: FONDOS.zip, bin.zip
Source: Binary string: bin/DIMSA.Componentes.FormasBase_CS.pdbPK source: bin.zip
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Memory allocated: 1A10000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Memory allocated: 3B90000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Memory allocated: 1F60000 memory commit | memory reserve | memory write watch Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Thread delayed: delay time: 240000 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Window / User API: threadDelayed 529 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe TID: 1976 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe TID: 1976 Thread sleep time: -240000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe TID: 1976 Thread sleep time: -15870000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe TID: 1976 Thread sleep time: -30000s >= -30000s Jump to behavior
Potential time zone aware malware
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe System information queried: CurrentTimeZoneInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe System information queried: CurrentTimeZoneInformation Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Thread delayed: delay time: 240000 Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe File opened: C:\Users\user\Desktop\ Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe File opened: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\ Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe File opened: C:\Users\user\Desktop\FONDOS\FONDOS\bin\ Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe File opened: C:\Users\user\Desktop\FONDOS\ Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe File opened: C:\Users\user\Desktop\FONDOS\FONDOS\ Jump to behavior
Source: DIMSA.Principal.exe, 0000000D.00000002.2559975933.000000000A38A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllM
Source: DIMSA.Principal.exe, 0000000D.00000002.2559975933.000000000A360000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW>
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Componentes.FormasBase.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Componentes.FormasBase.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Negocios.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Negocios.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Datos.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Datos.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Servicios.Utiles.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Servicios.Utiles.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Componentes.Controles.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Componentes.Controles.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Servicios.Datos.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Servicios.Datos.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\Oracle.DataAccess.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\Oracle.DataAccess.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\Sybase.Data.AseClient.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\Sybase.Data.AseClient.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FONDOS\FONDOS\bin\bin\DIMSA.Principal.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1542231 Sample: FONDOS.zip Startdate: 25/10/2024 Architecture: WINDOWS Score: 4 4 DIMSA.Principal.exe 4 2->4         started        6 rundll32.exe 2->6         started       
No contacted IP infos