| Source: Submited Sample |
Integrated Neural Analysis Model: Matched 97.2% probability |
| Source: FYBRUTggrf.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| Source: |
Binary string: D:\users\jyhshyuan_su\Desktop\RunAsAdmin\Release\RunAsAdmin.pdb source: RunAsAdmin.exe.0.dr |
| Source: FYBRUTggrf.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_Error |
| Source: FYBRUTggrf.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
| Source: FYBRUTggrf.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| Source: classification engine |
Classification label: sus21.winEXE@1/2@0/0 |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
File created: C:\Users\user\AppData\Local\Temp\nsj3117.tmp |
Jump to behavior |
| Source: FYBRUTggrf.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
File read: C:\Users\user\Desktop\FYBRUTggrf.exe |
Jump to behavior |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
Section loaded: shfolder.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
Section loaded: propsys.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
Jump to behavior |
| Source: |
Binary string: D:\users\jyhshyuan_su\Desktop\RunAsAdmin\Release\RunAsAdmin.pdb source: RunAsAdmin.exe.0.dr |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
File created: C:\Users\user\AppData\Local\Temp\RunAsAdmin.exe |
Jump to dropped file |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
File created: C:\Users\user\AppData\Local\Temp\nsz3186.tmp\UserInfo.dll |
Jump to dropped file |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RunAsAdmin.exe |
Jump to dropped file |
| Source: C:\Users\user\Desktop\FYBRUTggrf.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz3186.tmp\UserInfo.dll |
Jump to dropped file |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet