Windows Analysis Report
Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Overview

General Information

Sample name:	Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Analysis ID:	1544696
MD5:	51ef7e32d7120c644fabee284af7501a
SHA1:	a20a8860ce64896c98754d14e7c1d5c9e9649a25
SHA256:	f8ee0959e12e3a3537cc2f7290f06b4a18303543c6988df99599bb0cf80732a3
Infos:

Detection

Score:	18
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to query locales information (e.g. system language)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Classification

Signatures

Uses 32bit PE files

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: certificate valid

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\x86\MiniUnzipRelease\miniunz.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\IC\libraries\zlib\src\contrib\vstudio\vc17\ARM64\Release\miniunz.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\x86\ZlibDllRelease\zlibwapi.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\arm64\ZlibDllRelease\zlibwapi.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\x64\ZlibDllRelease\zlibwapi.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_ThirdPartyLibraries\zlib-1.2.13\contrib\vstudio\vc17_Fromvc14\x64\MiniUnzipRelease\miniunz.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Code function: 0_2_0089D3E0 FindFirstFileW,		0_2_0089D3E0
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Code function: 0_2_008C7FC0 FindFirstFileW,FindNextFileW,FindClose,		0_2_008C7FC0

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://aia.entrust.net/evcs2-chain.p7c01
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://aia.entrust.net/ts2-chain256.p7c01
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://crl.entrust.net/csbr1.crl0
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://crl.entrust.net/evcs2.crl0
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://crl.entrust.net/g2ca.crl0
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://crl.entrust.net/ts2ca.crl0
Source: DellPair-Setup-x64.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://ocsp.entrust.net00
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://ocsp.entrust.net01
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://ocsp.entrust.net02
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://ocsp.entrust.net03
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://relaxng.org/ns/structure/1.0
Source: mup.xml	String found in binary or memory: http://schemas.dell.com/openmanage/cm/2/0/mupdefinition.xsd
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://schemas.dell.com/openmanage/cm/2009/1/0/mupdefinition.xsd
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000002.2937854735.0000000001839000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.dell.com/openmanage/cm/2009/1/0/mupdefinition.xsdL
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://schemas.dell.com/openmanage/cm/2009/1/1/datamodelcore.xsd
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000002.2937854735.0000000001839000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.dell.com/openmanage/cm/2009/1/1/datamodelcore.xsdG
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, package.xml	String found in binary or memory: http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=9DY26
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000002.2937854735.0000000001839000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=9DY26L
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://www.entrust.net/rpa0
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://www.entrust.net/rpa03
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd-//OASIS//DTD
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://www.winimage.com/zLibDll
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://www.winimage.com/zLibDll/unzip.html
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://www.winimage.com/zLibDllH
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, package.xml	String found in binary or memory: https://www.dell.com/support/kbdoc/000201693
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: https://www.entrust.net/rpa0

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Code function: String function: 00828AA8 appears 295 times
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Code function: String function: 00826690 appears 65 times

PE file contains executable resources (Code or Archives)

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Resource name: BIN type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Resource name: BIN type: PE32+ executable (console) x86-64, for MS Windows
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Resource name: BIN type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Resource name: BIN type: PE32 executable (console) Intel 80386, for MS Windows
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Resource name: BIN type: PE32+ executable (console) Aarch64, for MS Windows
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Resource name: BIN type: PE32+ executable (DLL) (GUI) Aarch64, for MS Windows

Sample file is different than original file name gathered from version info

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000000.1690480176.0000000000EEC000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamezlibwapi.dll2 vs Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000002.2937355037.0000000001176000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameDUPFramework.exe , vs Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Binary or memory string: OriginalFilenamezlibwapi.dll2 vs Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Binary or memory string: OriginalFilenameDUPFramework.exe , vs Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Uses 32bit PE files

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: clean18.evad.winEXE@1/9@0/0

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Code function: 0_2_008B49A0 CoCreateInstance,

0_2_008B49A0

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Code function: 0_2_0086C390 LoadResource,LockResource,SizeofResource,

0_2_0086C390

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\104[1]

Jump to behavior

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: # Exit Codes for Appx-Installer: Global Variable.
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: # Logging for Appx-Installer.
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: <installertype>custom</installertype>
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: </InstallInstruction>

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

File read: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE:Zone.Identifier

Jump to behavior

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: msiso.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: windowscodecs.dll	Jump to behavior

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Jump to behavior

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: certificate valid

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static file information: File size 50595424 > 1048576

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x59ac00
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x110a00
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x2b7400

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: More than 200 imports for KERNEL32.dll

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\x86\MiniUnzipRelease\miniunz.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\IC\libraries\zlib\src\contrib\vstudio\vc17\ARM64\Release\miniunz.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\x86\ZlibDllRelease\zlibwapi.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\arm64\ZlibDllRelease\zlibwapi.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\x64\ZlibDllRelease\zlibwapi.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_ThirdPartyLibraries\zlib-1.2.13\contrib\vstudio\vc17_Fromvc14\x64\MiniUnzipRelease\miniunz.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

PE file contains sections with non-standard names

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: section name: .didat
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Memory allocated: 3EC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Memory allocated: 5400000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Memory allocated: 5580000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Memory allocated: 87D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Memory allocated: 9A20000 memory reserve \| memory write watch	Jump to behavior

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

API coverage: 9.2 %

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Code function: 0_2_0089D3E0 FindFirstFileW,		0_2_0089D3E0
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Code function: 0_2_008C7FC0 FindFirstFileW,FindNextFileW,FindClose,		0_2_008C7FC0

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware20,1
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.NoneVMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0VMware20,1
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware SVGA IIES1371
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.VMW201.00V.20829224.B64.221121184211/21/2022
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000002.2937854735.00000000018B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.VMW201.00V.20829224.B64.221121184

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Code function: 0_2_00888820 SetDllDirectoryW,GetCurrentProcess,IsWow64Process,GetSystemWow64DirectoryA,AddDllDirectory,GetSystemDirectoryW,AddDllDirectory,SetDefaultDllDirectories,SetUnhandledExceptionFilter,

0_2_00888820

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Memory allocated: page read and write | page guard

Jump to behavior

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Code function: GetLocaleInfoW,

0_2_0089D870

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Code function: 0_2_008B7180 GetVersionExW,

0_2_008B7180

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Uses 32bit PE files

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: certificate valid

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\x86\MiniUnzipRelease\miniunz.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\IC\libraries\zlib\src\contrib\vstudio\vc17\ARM64\Release\miniunz.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\x86\ZlibDllRelease\zlibwapi.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\arm64\ZlibDllRelease\zlibwapi.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\x64\ZlibDllRelease\zlibwapi.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_ThirdPartyLibraries\zlib-1.2.13\contrib\vstudio\vc17_Fromvc14\x64\MiniUnzipRelease\miniunz.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Code function: 0_2_0089D3E0 FindFirstFileW,		0_2_0089D3E0
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Code function: 0_2_008C7FC0 FindFirstFileW,FindNextFileW,FindClose,		0_2_008C7FC0

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://aia.entrust.net/evcs2-chain.p7c01
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://aia.entrust.net/ts2-chain256.p7c01
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://crl.entrust.net/csbr1.crl0
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://crl.entrust.net/evcs2.crl0
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://crl.entrust.net/g2ca.crl0
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://crl.entrust.net/ts2ca.crl0
Source: DellPair-Setup-x64.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://ocsp.entrust.net00
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://ocsp.entrust.net01
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://ocsp.entrust.net02
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://ocsp.entrust.net03
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://relaxng.org/ns/structure/1.0
Source: mup.xml	String found in binary or memory: http://schemas.dell.com/openmanage/cm/2/0/mupdefinition.xsd
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://schemas.dell.com/openmanage/cm/2009/1/0/mupdefinition.xsd
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000002.2937854735.0000000001839000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.dell.com/openmanage/cm/2009/1/0/mupdefinition.xsdL
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://schemas.dell.com/openmanage/cm/2009/1/1/datamodelcore.xsd
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000002.2937854735.0000000001839000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.dell.com/openmanage/cm/2009/1/1/datamodelcore.xsdG
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, package.xml	String found in binary or memory: http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=9DY26
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000002.2937854735.0000000001839000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=9DY26L
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://www.entrust.net/rpa0
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://www.entrust.net/rpa03
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd-//OASIS//DTD
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://www.winimage.com/zLibDll
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://www.winimage.com/zLibDll/unzip.html
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: http://www.winimage.com/zLibDllH
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, package.xml	String found in binary or memory: https://www.dell.com/support/kbdoc/000201693
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: https://www.entrust.net/rpa0

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Code function: String function: 00828AA8 appears 295 times
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Code function: String function: 00826690 appears 65 times

PE file contains executable resources (Code or Archives)

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Resource name: BIN type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Resource name: BIN type: PE32+ executable (console) x86-64, for MS Windows
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Resource name: BIN type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Resource name: BIN type: PE32 executable (console) Intel 80386, for MS Windows
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Resource name: BIN type: PE32+ executable (console) Aarch64, for MS Windows
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Resource name: BIN type: PE32+ executable (DLL) (GUI) Aarch64, for MS Windows

Sample file is different than original file name gathered from version info

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000000.1690480176.0000000000EEC000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamezlibwapi.dll2 vs Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000002.2937355037.0000000001176000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameDUPFramework.exe , vs Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Binary or memory string: OriginalFilenamezlibwapi.dll2 vs Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Binary or memory string: OriginalFilenameDUPFramework.exe , vs Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Uses 32bit PE files

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: clean18.evad.winEXE@1/9@0/0

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Code function: 0_2_008B49A0 CoCreateInstance,

0_2_008B49A0

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Code function: 0_2_0086C390 LoadResource,LockResource,SizeofResource,

0_2_0086C390

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\104[1]

Jump to behavior

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: # Exit Codes for Appx-Installer: Global Variable.
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: # Logging for Appx-Installer.
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: <installertype>custom</installertype>
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	String found in binary or memory: </InstallInstruction>

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

File read: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE:Zone.Identifier

Jump to behavior

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: msiso.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Section loaded: windowscodecs.dll	Jump to behavior

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Jump to behavior

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: certificate valid

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static file information: File size 50595424 > 1048576

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x59ac00
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x110a00
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x2b7400

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: More than 200 imports for KERNEL32.dll

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\x86\MiniUnzipRelease\miniunz.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\IC\libraries\zlib\src\contrib\vstudio\vc17\ARM64\Release\miniunz.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\x86\ZlibDllRelease\zlibwapi.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\arm64\ZlibDllRelease\zlibwapi.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_GitRepos\libraries\zlib\src\contrib\vstudio\vc17\x64\ZlibDllRelease\zlibwapi.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Source:	Binary string: C:\_ThirdPartyLibraries\zlib-1.2.13\contrib\vstudio\vc17_Fromvc14\x64\MiniUnzipRelease\miniunz.pdb source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

PE file contains sections with non-standard names

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: section name: .didat
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Memory allocated: 3EC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Memory allocated: 5400000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Memory allocated: 5580000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Memory allocated: 87D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Memory allocated: 9A20000 memory reserve \| memory write watch	Jump to behavior

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

API coverage: 9.2 %

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Code function: 0_2_0089D3E0 FindFirstFileW,		0_2_0089D3E0
Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE	Code function: 0_2_008C7FC0 FindFirstFileW,FindNextFileW,FindClose,		0_2_008C7FC0

Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware20,1
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.NoneVMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0VMware20,1
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware SVGA IIES1371
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.VMW201.00V.20829224.B64.221121184211/21/2022
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000003.1691791230.00000000018C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE, 00000000.00000002.2937854735.00000000018B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.VMW201.00V.20829224.B64.221121184

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

0_2_00888820

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Memory allocated: page read and write | page guard

Jump to behavior

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Code function: GetLocaleInfoW,

0_2_0089D870

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Code function: 0_2_008B7180 GetVersionExW,

0_2_008B7180

ID:	1544696
Product:	CloudBasic
Start time:	16:30:11
Start date:	29.10.2024
Sample:	Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	51ef7e32d7120c644fabee284af7501a
SHA1:	a20a8860ce64896c98754d14e7c1d5c9e9649a25
SHA256:	f8ee0959e12e3a3537cc2f7290f06b4a18303543c6988df99599bb0cf80732a3
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\ProgramData\Dell\UpdatePackage\Log\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.txt	Unicode text, UTF-16, little-endian text, with CRLF line terminators	09B1FEF34BE8EA5C517D016760B199C9	0BB0B458A132B8A287484AB0C306778B152D7C24	C10444A069B8BB043CC793B8E0E1D1E65F02642FB877B0067FD67875A0A64B6C
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT	data	0392ADA071EB68355BED625D8F9695F3	777253141235B6C6AC92E17E297A1482E82252CC	B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\104[1]	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	479E26A07D3D851BA0D877594B2C5956	9DBFCAC52078F282779577090358FA44972B9815	05062B44CBAFBEAAE53AD9F5A093DB4F2A0E27548749A74FBB466091F371D302
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\info_normal[1]	PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced	A932EB14B05652327DE09E8194F85768	55C295383057191919963B24B57F5FAF75D2F11D	FACF4CD9D8C8005B7A605F05491A115B20AFF914F190A49139407D7DCF5743BF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\close_hover[1]	PNG image data, 26 x 26, 8-bit/color RGB, interlaced	01684E4CF0F22309B883AB2DA4FCDCC1	E6FBB9F52942556E6334F15F14E714E47A3E15EB	AACAB6AE289DCD836C1DA6366B69290B389DCD89C5511A029E5A173FF272E0DC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\script[1]	ASCII text, with CRLF line terminators	762247EE6432B6FE87058C092B4B64EF	B7380028C839F31E7D21C59F267201C6DE130D6E	DF735D8704AB406C120B10482BFBF7755C81E9E2BAE6B20E86793102430AEA07
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\close_normal[1]	PNG image data, 26 x 26, 8-bit/color RGBA, interlaced	476D6E57122F68EFDD4C7C36E9FE1E5D	7C665BC3CE2BCB9DB543F5DBEC812B421B6D79F3	53B4F26194DA0CD25B57B39D205B2E3BCBD1C008DCE76C3A69FF9FF8ABF7084B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\logo[1]	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced	9EE20B8883F606D34DBE94D190A64712	6723512C89C002D68ACB77F199107A5CE432B2AC	A2F9710779C921967E15D9B33044E97C2B34445CB73C32B615C46EDAEEFE5A05
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\styles[1]	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	99010FE50AB0F704DCEE7428CEE81A64	6686647E7D6239DBD1562B33735803BF240098CD	81E0E10A20913964F61DBE198382CF2CDFF0486E94068B655C288D9805EE2AEA

Windows Analysis Report
Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE