Windows Analysis Report
dAYksbWyFS.exe

Overview

General Information

Sample name: dAYksbWyFS.exe
renamed because original name is a hash value
Original sample name: 0007f9d205fd99b833ed659b802b3c17a408cc0b.exe
Analysis ID: 1546794
MD5: 18390350844942315df7e588671b4b4e
SHA1: 0007f9d205fd99b833ed659b802b3c17a408cc0b
SHA256: e57857d31f92e1a0d8290378e345749b42711777eee1af937a2b8b4fbafd9826
Tags: exeReversingLabsuser-NDA0E
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Contains functionality to query CPU information (cpuid)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: dAYksbWyFS.exe ReversingLabs: Detection: 86%
Machine Learning detection for sample
Source: dAYksbWyFS.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: dAYksbWyFS.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: dAYksbWyFS.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\updater.exe.pdb source: dAYksbWyFS.exe
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\updater.exe.pdb source: dAYksbWyFS.exe
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 4x nop then movd mm0, dword ptr [edx] 0_2_005043C0
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.6:57384
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.6:49774
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.6:57376
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Source: unknown DNS traffic detected: query: 198.187.3.20.in-addr.arpa replaycode: Name error (3)
Source: unknown DNS traffic detected: query: 212.20.149.52.in-addr.arpa replaycode: Name error (3)
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: 198.187.3.20.in-addr.arpa
Source: global traffic DNS traffic detected: DNS query: 212.20.149.52.in-addr.arpa
Source: dAYksbWyFS.exe String found in binary or memory: http://.css
Source: dAYksbWyFS.exe String found in binary or memory: http://.jpg
Source: dAYksbWyFS.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: dAYksbWyFS.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: dAYksbWyFS.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: dAYksbWyFS.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: dAYksbWyFS.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: dAYksbWyFS.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: dAYksbWyFS.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: dAYksbWyFS.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: dAYksbWyFS.exe String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: dAYksbWyFS.exe String found in binary or memory: http://html4/loose.dtd
Source: dAYksbWyFS.exe String found in binary or memory: http://ocsp.digicert.com0
Source: dAYksbWyFS.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: dAYksbWyFS.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: dAYksbWyFS.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: dAYksbWyFS.exe String found in binary or memory: http://support.google.com/installer/
Source: dAYksbWyFS.exe String found in binary or memory: http://support.google.com/installer/%s?product=%s&error=%d
Source: dAYksbWyFS.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: dAYksbWyFS.exe String found in binary or memory: https://clients2.google.com/cr/report
Source: dAYksbWyFS.exe String found in binary or memory: https://crashpad.chromium.org/
Source: dAYksbWyFS.exe String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: dAYksbWyFS.exe String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: dAYksbWyFS.exe String found in binary or memory: https://dl.google.com/update2/installers/icons/
Source: dAYksbWyFS.exe String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: dAYksbWyFS.exe String found in binary or memory: https://update.googleapis.com/service/update2/json
Source: dAYksbWyFS.exe String found in binary or memory: https://update.googleapis.com/service/update2/jsonhttps://clients2.google.com/cr/reporthttps://m.goo
Detected potential crypto function
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005C4050 0_2_005C4050
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00660000 0_2_00660000
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00776010 0_2_00776010
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0060A0B0 0_2_0060A0B0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0080C070 0_2_0080C070
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00746080 0_2_00746080
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0053A240 0_2_0053A240
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_006802C0 0_2_006802C0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0056A2A0 0_2_0056A2A0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0064C330 0_2_0064C330
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0070E460 0_2_0070E460
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0065E440 0_2_0065E440
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005CA470 0_2_005CA470
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0065A410 0_2_0065A410
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0058C420 0_2_0058C420
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005FC4D0 0_2_005FC4D0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0074E540 0_2_0074E540
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00748520 0_2_00748520
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005145D0 0_2_005145D0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_007825F6 0_2_007825F6
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_007825C6 0_2_007825C6
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00756610 0_2_00756610
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005FA620 0_2_005FA620
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005AC6F0 0_2_005AC6F0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_006806D0 0_2_006806D0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_007986B0 0_2_007986B0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0051E710 0_2_0051E710
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0061C710 0_2_0061C710
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0078C7C9 0_2_0078C7C9
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0078C7C1 0_2_0078C7C1
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_006E67AB 0_2_006E67AB
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00668790 0_2_00668790
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00756870 0_2_00756870
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005F6810 0_2_005F6810
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_007128C0 0_2_007128C0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0074C970 0_2_0074C970
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005D4910 0_2_005D4910
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_006309F0 0_2_006309F0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0076E9D0 0_2_0076E9D0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00618980 0_2_00618980
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00664980 0_2_00664980
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00788980 0_2_00788980
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0061CA20 0_2_0061CA20
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0061AA00 0_2_0061AA00
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0080EAF8 0_2_0080EAF8
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005E2A20 0_2_005E2A20
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00716AD0 0_2_00716AD0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00504A80 0_2_00504A80
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00644AB0 0_2_00644AB0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00748AA0 0_2_00748AA0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00698A80 0_2_00698A80
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005FAB50 0_2_005FAB50
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0067EBF0 0_2_0067EBF0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0052CB90 0_2_0052CB90
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00654CE0 0_2_00654CE0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00794C80 0_2_00794C80
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_007E4C80 0_2_007E4C80
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0076AD74 0_2_0076AD74
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0076AD7C 0_2_0076AD7C
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0076AD60 0_2_0076AD60
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0076AD68 0_2_0076AD68
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005C2DC0 0_2_005C2DC0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00616D80 0_2_00616D80
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005ACE00 0_2_005ACE00
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00806E20 0_2_00806E20
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0060AEA0 0_2_0060AEA0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00642FE0 0_2_00642FE0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0064CFF0 0_2_0064CFF0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0074AFE0 0_2_0074AFE0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00787050 0_2_00787050
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00505010 0_2_00505010
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_008070E8 0_2_008070E8
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0053F020 0_2_0053F020
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_007A10DA 0_2_007A10DA
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0067B0C0 0_2_0067B0C0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_007A10B0 0_2_007A10B0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0059D0B0 0_2_0059D0B0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0076B080 0_2_0076B080
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00683170 0_2_00683170
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_007A11F9 0_2_007A11F9
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0056B1C0 0_2_0056B1C0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_007A11E1 0_2_007A11E1
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00801154 0_2_00801154
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00801158 0_2_00801158
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0080115C 0_2_0080115C
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00785270 0_2_00785270
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_008072A8 0_2_008072A8
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_007A120E 0_2_007A120E
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00677210 0_2_00677210
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005D12C0 0_2_005D12C0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_007A12D3 0_2_007A12D3
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_006992B0 0_2_006992B0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_007A12A6 0_2_007A12A6
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00773290 0_2_00773290
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00675280 0_2_00675280
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005032A2 0_2_005032A2
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_007A1281 0_2_007A1281
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00523340 0_2_00523340
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00713320 0_2_00713320
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_007E5300 0_2_007E5300
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_006F53E1 0_2_006F53E1
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005F93D0 0_2_005F93D0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005E33A0 0_2_005E33A0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0050D457 0_2_0050D457
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005C3460 0_2_005C3460
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005D5430 0_2_005D5430
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00667410 0_2_00667410
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00587420 0_2_00587420
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0060B490 0_2_0060B490
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00583540 0_2_00583540
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_007D7540 0_2_007D7540
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00793500 0_2_00793500
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_006555E0 0_2_006555E0
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0085D510 0_2_0085D510
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_0080551C 0_2_0080551C
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_005E3590 0_2_005E3590
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00506500 0_2_00506500
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00684690 0_2_00684690
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00507429 0_2_00507429
Sample file is different than original file name gathered from version info
Source: dAYksbWyFS.exe, 00000000.00000000.2164857952.000000000092C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameupdater.exe> vs dAYksbWyFS.exe
Source: dAYksbWyFS.exe Binary or memory string: OriginalFilenameupdater.exe> vs dAYksbWyFS.exe
Uses 32bit PE files
Source: dAYksbWyFS.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: mal52.winEXE@1/0@2/0
Source: dAYksbWyFS.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: dAYksbWyFS.exe ReversingLabs: Detection: 86%
Source: dAYksbWyFS.exe String found in binary or memory: http://support.google.com/installer/
Source: dAYksbWyFS.exe String found in binary or memory: ..\..\chrome\updater\app\app_install_win.ccUpdate success.No updates.Updater error: http://support.google.com/installer/%s?product=%s&error=%d installation completed: error category[], error_code[], extra_code1[], completion_message[], post_install_launch_command_line[]oemSetOemInstallState failedStoreRunTimeEnrollmentToken failed
Source: dAYksbWyFS.exe String found in binary or memory: https://dl.google.com/update2/installers/icons/
Source: dAYksbWyFS.exe String found in binary or memory: .0\u to Write byteshttps://update.googleapis.com/service/update2/jsonhttps://clients2.google.com/cr/reporthttps://m.google.com/devicemanagement/data/apihttps://dl.google.com/update2/installers/icons/1:356l7w0
Source: dAYksbWyFS.exe String found in binary or memory: Try '%ls --help' for more information.
Source: dAYksbWyFS.exe String found in binary or memory: Try '%ls --help' for more information.
Source: dAYksbWyFS.exe String found in binary or memory: --help display this help and exit
Source: dAYksbWyFS.exe String found in binary or memory: --help display this help and exit
Source: dAYksbWyFS.exe String found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script>
Source: dAYksbWyFS.exe String found in binary or memory: asennuksen: $1oError sa pag-install: Nag-apply ang administrator ng network mo ng Group Policy na pumipigil sa pag-install: $1
Source: dAYksbWyFS.exe String found in binary or memory: Tapos na ang pag-install.
Source: dAYksbWyFS.exe String found in binary or memory: Kanselahin ang Pag-install
Source: dAYksbWyFS.exe String found in binary or memory: Error sa pag-install: $1
Source: dAYksbWyFS.exe String found in binary or memory: isvaatimuksia.fHindi na-install dahil hindi natutugunan ng iyong computer ang mga minimum na requirement sa hardware.mL'installation a
Source: dAYksbWyFS.exe String found in binary or memory: Inihinto ang Pag-install.
Source: dAYksbWyFS.exe String found in binary or memory: $1-installeerder
Source: dAYksbWyFS.exe String found in binary or memory: $1-Installationsprogramm
Source: dAYksbWyFS.exe String found in binary or memory: $1-installatieprogramma
Source: dAYksbWyFS.exe String found in binary or memory: $1-installasjonsprogram
Source: dAYksbWyFS.exe String found in binary or memory: .:Asennusvirhe: Asennusprosessin aloittaminen ei onnistunut.?Error sa pag-install: Hindi nagsimula ang proseso ng installer.GErreur d'installation
Source: dAYksbWyFS.exe String found in binary or memory: .LAsennusvirhe: Asennusohjelmaa ei suoritettu loppuun. Asennus on keskeytetty.LError sa pag-install: Hindi natapos ang installer. Na-abort ang pag-install.tErreur d'installation
Source: dAYksbWyFS.exe String found in binary or memory: Ini-install...
Source: dAYksbWyFS.exe String found in binary or memory: 3Asennus ei ole valmis. Haluatko varmasti perua sen?IHindi nakumpleto ang pag-install. Sigurado ka bang gusto mong kanselahin?9Installation non termin
Source: dAYksbWyFS.exe String found in binary or memory: uudelleen.#Hindi na-install. Pakisubukan ulit.,
Source: dAYksbWyFS.exe String found in binary or memory: isen virheen takia.FHindi na-install dahil sa isang internal na error sa server ng update.Q
Source: dAYksbWyFS.exe String found in binary or memory: ei tueta.OError sa pag-install: Invalid o hindi sinusuportahan ang filename ng installer.fErreur d'installation
Source: dAYksbWyFS.exe String found in binary or memory: ivityspalvelimella ei ole tiivistedataa sovelluksesta.\Hindi na-install dahil walang anumang data ng hash para sa application ang server ng update.p
Source: dAYksbWyFS.exe String found in binary or memory: n versiota ei tueta.QHindi na-install dahil hindi sinusuportahan ang bersyong ito ng operating system.ZL'installation a
Source: dAYksbWyFS.exe String found in binary or memory: maassa.AHindi na-install dahil pinaghihigpitan ang access sa bansang ito.=L'installation a
Source: dAYksbWyFS.exe String found in binary or memory: Ituloy ang Pag-install
Source: dAYksbWyFS.exe String found in binary or memory: Nakansela ang pag-install.
Source: dAYksbWyFS.exe String found in binary or memory: n.\Salamat sa pag-install. Dapat mong i-restart ang lahat ng iyong browser bago gamitin ang $1.eMerci d'avoir install
Source: dAYksbWyFS.exe String found in binary or memory: n.SSalamat sa pag-install. Dapat mong i-restart ang iyong browser bago gamitin ang $1.aMerci d'avoir install
Source: dAYksbWyFS.exe String found in binary or memory: n.TSalamat sa pag-install. Dapat mong i-restart ang iyong computer bago gamitin ang $1.aMerci d'avoir install
Source: dAYksbWyFS.exe String found in binary or memory: .4Asennus ei onnistu, palvelin ei tunnista sovellusta.9Hindi na-install, hindi kilala ng server ang application.=Installation impossible. Le serveur ne reconna
Source: dAYksbWyFS.exe String found in binary or memory: onnistui, koska protokollaa ei tueta.BHindi na-install dahil sa error na hindi sinusuportahang protocol.K
Source: dAYksbWyFS.exe String found in binary or memory: si Windows-versiota ei tueta.IHindi na-install dahil hindi sinusuportahan ang iyong bersyon ng Windows.V
Source: dAYksbWyFS.exe String found in binary or memory: Naghihintay sa pag-install...
Source: dAYksbWyFS.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: dAYksbWyFS.exe Static file information: File size 4962863 > 1048576
Source: dAYksbWyFS.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x366000
Source: dAYksbWyFS.exe Static PE information: More than 200 imports for KERNEL32.dll
Source: dAYksbWyFS.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: dAYksbWyFS.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\updater.exe.pdb source: dAYksbWyFS.exe
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\updater.exe.pdb source: dAYksbWyFS.exe
PE file contains an invalid checksum
Source: dAYksbWyFS.exe Static PE information: real checksum: 0x4b3e08 should be: 0x4bf8a9
PE file contains sections with non-standard names
Source: dAYksbWyFS.exe Static PE information: section name: CPADinfo
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_006C6F2B push ecx; ret 0_2_006C6F3E
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\dAYksbWyFS.exe Code function: 0_2_00501000 cpuid 0_2_00501000
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1546794 Sample: dAYksbWyFS.exe Startdate: 01/11/2024 Architecture: WINDOWS Score: 52 8 212.20.149.52.in-addr.arpa 2->8 10 198.187.3.20.in-addr.arpa 2->10 12 Multi AV Scanner detection for submitted file 2->12 14 Machine Learning detection for sample 2->14 6 dAYksbWyFS.exe 2->6         started        signatures3 process4
No contacted IP infos

Contacted Domains

Name IP Active
198.187.3.20.in-addr.arpa unknown unknown
212.20.149.52.in-addr.arpa unknown unknown