Windows Analysis Report
5vBN4LO7PH.exe

Overview

General Information

Sample name: 5vBN4LO7PH.exe
renamed because original name is a hash value
Original sample name: 353aaedc333d9c8c63b741f0183ca0856355f8da.exe
Analysis ID: 1546809
MD5: 36afcebdc35386cfcc65b675b7788c08
SHA1: 353aaedc333d9c8c63b741f0183ca0856355f8da
SHA256: 49478ec269d224b2ff1dc745e6ff8053d3040f9c7e0338bb1a2049c380f1f5b9
Tags: exeReversingLabsuser-NDA0E
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: 5vBN4LO7PH.exe ReversingLabs: Detection: 89%
Machine Learning detection for sample
Source: 5vBN4LO7PH.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: 5vBN4LO7PH.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: 5vBN4LO7PH.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: updater.exe.pdb source: 5vBN4LO7PH.exe
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 4x nop then movd mm0, dword ptr [edx] 0_2_007043C0
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.8:51270
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.8:49704
Source: 5vBN4LO7PH.exe String found in binary or memory: http://.css
Source: 5vBN4LO7PH.exe String found in binary or memory: http://.jpg
Source: 5vBN4LO7PH.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 5vBN4LO7PH.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: 5vBN4LO7PH.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 5vBN4LO7PH.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 5vBN4LO7PH.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 5vBN4LO7PH.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: 5vBN4LO7PH.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 5vBN4LO7PH.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 5vBN4LO7PH.exe String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: 5vBN4LO7PH.exe String found in binary or memory: http://html4/loose.dtd
Source: 5vBN4LO7PH.exe String found in binary or memory: http://ocsp.digicert.com0
Source: 5vBN4LO7PH.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: 5vBN4LO7PH.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: 5vBN4LO7PH.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: 5vBN4LO7PH.exe String found in binary or memory: http://support.google.com/installer/
Source: 5vBN4LO7PH.exe String found in binary or memory: http://support.google.com/installer/%s?product=%s&error=%d
Source: 5vBN4LO7PH.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: 5vBN4LO7PH.exe String found in binary or memory: https://clients2.google.com/cr/report
Source: 5vBN4LO7PH.exe String found in binary or memory: https://crashpad.chromium.org/
Source: 5vBN4LO7PH.exe String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: 5vBN4LO7PH.exe String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: 5vBN4LO7PH.exe String found in binary or memory: https://dl.google.com/update2/installers/icons/
Source: 5vBN4LO7PH.exe String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: 5vBN4LO7PH.exe String found in binary or memory: https://update.googleapis.com/service/update2/json
Source: 5vBN4LO7PH.exe String found in binary or memory: https://update.googleapis.com/service/update2/jsonhttps://clients2.google.com/cr/reporthttps://m.goo
Detected potential crypto function
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00A580B0 0_2_00A580B0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00974080 0_2_00974080
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008AC040 0_2_008AC040
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_0089C050 0_2_0089C050
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00840060 0_2_00840060
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008801F0 0_2_008801F0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008B0150 0_2_008B0150
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00978170 0_2_00978170
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_0075C220 0_2_0075C220
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008CC230 0_2_008CC230
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00864300 0_2_00864300
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007544D0 0_2_007544D0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_0089C470 0_2_0089C470
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007EC540 0_2_007EC540
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00758590 0_2_00758590
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008D0690 0_2_008D0690
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00714640 0_2_00714640
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_0079C620 0_2_0079C620
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008A4640 0_2_008A4640
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00974660 0_2_00974660
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008147EC 0_2_008147EC
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007707E0 0_2_007707E0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00814730 0_2_00814730
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_009188C0 0_2_009188C0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_009A8830 0_2_009A8830
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00730880 0_2_00730880
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_0087C920 0_2_0087C920
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00840AF0 0_2_00840AF0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00898A20 0_2_00898A20
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00A6CA60 0_2_00A6CA60
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008ACA50 0_2_008ACA50
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00704A80 0_2_00704A80
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_009B8B90 0_2_009B8B90
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00974B80 0_2_00974B80
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008A0BA0 0_2_008A0BA0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCBFC 0_2_007DCBFC
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCBF4 0_2_007DCBF4
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008A4B10 0_2_008A4B10
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCBE0 0_2_007DCBE0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00824B30 0_2_00824B30
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00888CB0 0_2_00888CB0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCC44 0_2_007DCC44
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_0081CCC0 0_2_0081CCC0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCC3C 0_2_007DCC3C
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCC2C 0_2_007DCC2C
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCC14 0_2_007DCC14
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCC0C 0_2_007DCC0C
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008ECCF0 0_2_008ECCF0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCCC0 0_2_007DCCC0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCCB8 0_2_007DCCB8
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCCA8 0_2_007DCCA8
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCCA0 0_2_007DCCA0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCC8C 0_2_007DCC8C
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCC84 0_2_007DCC84
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCD74 0_2_007DCD74
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DCC84 0_2_007DCC84
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007F4D40 0_2_007F4D40
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00918DF0 0_2_00918DF0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00720D10 0_2_00720D10
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00800D50 0_2_00800D50
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_0070CD97 0_2_0070CD97
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008C4EA0 0_2_008C4EA0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_0081CEC0 0_2_0081CEC0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007ACE30 0_2_007ACE30
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00774E20 0_2_00774E20
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008C0E10 0_2_008C0E10
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00984E50 0_2_00984E50
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007A0F30 0_2_007A0F30
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_0073CF20 0_2_0073CF20
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007E4FD0 0_2_007E4FD0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_009BCF70 0_2_009BCF70
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_0074D030 0_2_0074D030
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00705010 0_2_00705010
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007550D0 0_2_007550D0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007591F0 0_2_007591F0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_009B9110 0_2_009B9110
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008B5130 0_2_008B5130
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008E5150 0_2_008E5150
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007E11A0 0_2_007E11A0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00801160 0_2_00801160
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007DD230 0_2_007DD230
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00749220 0_2_00749220
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_009212E0 0_2_009212E0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00729370 0_2_00729370
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_0085D320 0_2_0085D320
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008914D0 0_2_008914D0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00825410 0_2_00825410
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007994B0 0_2_007994B0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00751560 0_2_00751560
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008AD5E0 0_2_008AD5E0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_007FD5C0 0_2_007FD5C0
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_0070D297 0_2_0070D297
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00708B97 0_2_00708B97
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_008D8C70 0_2_008D8C70
PE file contains executable resources (Code or Archives)
Source: 5vBN4LO7PH.exe Static PE information: Resource name: RT_STRING type: CLIPPER COFF executable (VAX #) not stripped - version 71
Sample file is different than original file name gathered from version info
Source: 5vBN4LO7PH.exe, 00000000.00000002.2726453523.0000000000BAC000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameupdater.exe> vs 5vBN4LO7PH.exe
Source: 5vBN4LO7PH.exe Binary or memory string: OriginalFilenameupdater.exe> vs 5vBN4LO7PH.exe
Uses 32bit PE files
Source: 5vBN4LO7PH.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: mal52.winEXE@1/0@0/0
Source: 5vBN4LO7PH.exe ReversingLabs: Detection: 89%
Source: 5vBN4LO7PH.exe String found in binary or memory: http://support.google.com/installer/
Source: 5vBN4LO7PH.exe String found in binary or memory: ..\..\chrome\updater\app\app_install_win.ccUpdate success.No updates.Updater error: http://support.google.com/installer/%s?product=%s&error=%d installation completed: error category[], error_code[], extra_code1[], completion_message[], post_install_launch_command_line[]oemSetOemInstallState failedStoreRunTimeEnrollmentToken failed
Source: 5vBN4LO7PH.exe String found in binary or memory: https://dl.google.com/update2/installers/icons/
Source: 5vBN4LO7PH.exe String found in binary or memory: Fhttps://update.googleapis.com/service/update2/jsonhttps://clients2.google.com/cr/reporthttps://m.google.com/devicemanagement/data/apihttps://dl.google.com/update2/installers/icons/enterprise_companion.mojom.EnterpriseCompanionReceive mojo replyReceive mojo message
Source: 5vBN4LO7PH.exe String found in binary or memory: Try '%ls --help' for more information.
Source: 5vBN4LO7PH.exe String found in binary or memory: Try '%ls --help' for more information.
Source: 5vBN4LO7PH.exe String found in binary or memory: --help display this help and exit
Source: 5vBN4LO7PH.exe String found in binary or memory: --help display this help and exit
Source: 5vBN4LO7PH.exe String found in binary or memory: partition_alloc/address_space
Source: 5vBN4LO7PH.exe String found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script>
Source: 5vBN4LO7PH.exe String found in binary or memory: asennuksen: $1oError sa pag-install: Nag-apply ang administrator ng network mo ng Group Policy na pumipigil sa pag-install: $1
Source: 5vBN4LO7PH.exe String found in binary or memory: Tapos na ang pag-install.
Source: 5vBN4LO7PH.exe String found in binary or memory: Kanselahin ang Pag-install
Source: 5vBN4LO7PH.exe String found in binary or memory: Error sa pag-install: $1
Source: 5vBN4LO7PH.exe String found in binary or memory: isvaatimuksia.fHindi na-install dahil hindi natutugunan ng iyong computer ang mga minimum na requirement sa hardware.mL'installation a
Source: 5vBN4LO7PH.exe String found in binary or memory: Inihinto ang Pag-install.
Source: 5vBN4LO7PH.exe String found in binary or memory: $1-installeerder
Source: 5vBN4LO7PH.exe String found in binary or memory: $1-Installationsprogramm
Source: 5vBN4LO7PH.exe String found in binary or memory: $1-installatieprogramma
Source: 5vBN4LO7PH.exe String found in binary or memory: $1-installasjonsprogram
Source: 5vBN4LO7PH.exe String found in binary or memory: .:Asennusvirhe: Asennusprosessin aloittaminen ei onnistunut.?Error sa pag-install: Hindi nagsimula ang proseso ng installer.GErreur d'installation
Source: 5vBN4LO7PH.exe String found in binary or memory: .LAsennusvirhe: Asennusohjelmaa ei suoritettu loppuun. Asennus on keskeytetty.LError sa pag-install: Hindi natapos ang installer. Na-abort ang pag-install.tErreur d'installation
Source: 5vBN4LO7PH.exe String found in binary or memory: Ini-install...
Source: 5vBN4LO7PH.exe String found in binary or memory: 3Asennus ei ole valmis. Haluatko varmasti perua sen?IHindi nakumpleto ang pag-install. Sigurado ka bang gusto mong kanselahin?9Installation non termin
Source: 5vBN4LO7PH.exe String found in binary or memory: uudelleen.#Hindi na-install. Pakisubukan ulit.,
Source: 5vBN4LO7PH.exe String found in binary or memory: isen virheen takia.FHindi na-install dahil sa isang internal na error sa server ng update.Q
Source: 5vBN4LO7PH.exe String found in binary or memory: ei tueta.OError sa pag-install: Invalid o hindi sinusuportahan ang filename ng installer.fErreur d'installation
Source: 5vBN4LO7PH.exe String found in binary or memory: ivityspalvelimella ei ole tiivistedataa sovelluksesta.\Hindi na-install dahil walang anumang data ng hash para sa application ang server ng update.p
Source: 5vBN4LO7PH.exe String found in binary or memory: n versiota ei tueta.QHindi na-install dahil hindi sinusuportahan ang bersyong ito ng operating system.ZL'installation a
Source: 5vBN4LO7PH.exe String found in binary or memory: maassa.AHindi na-install dahil pinaghihigpitan ang access sa bansang ito.=L'installation a
Source: 5vBN4LO7PH.exe String found in binary or memory: Ituloy ang Pag-install
Source: 5vBN4LO7PH.exe String found in binary or memory: Nakansela ang pag-install.
Source: 5vBN4LO7PH.exe String found in binary or memory: n.\Salamat sa pag-install. Dapat mong i-restart ang lahat ng iyong browser bago gamitin ang $1.eMerci d'avoir install
Source: 5vBN4LO7PH.exe String found in binary or memory: n.SSalamat sa pag-install. Dapat mong i-restart ang iyong browser bago gamitin ang $1.aMerci d'avoir install
Source: 5vBN4LO7PH.exe String found in binary or memory: n.TSalamat sa pag-install. Dapat mong i-restart ang iyong computer bago gamitin ang $1.aMerci d'avoir install
Source: 5vBN4LO7PH.exe String found in binary or memory: .4Asennus ei onnistu, palvelin ei tunnista sovellusta.9Hindi na-install, hindi kilala ng server ang application.=Installation impossible. Le serveur ne reconna
Source: 5vBN4LO7PH.exe String found in binary or memory: onnistui, koska protokollaa ei tueta.BHindi na-install dahil sa error na hindi sinusuportahang protocol.K
Source: 5vBN4LO7PH.exe String found in binary or memory: si Windows-versiota ei tueta.IHindi na-install dahil hindi sinusuportahan ang iyong bersyon ng Windows.V
Source: 5vBN4LO7PH.exe String found in binary or memory: Naghihintay sa pag-install...
Source: 5vBN4LO7PH.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: 5vBN4LO7PH.exe Static file information: File size 5585447 > 1048576
Source: 5vBN4LO7PH.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x3d7800
Source: 5vBN4LO7PH.exe Static PE information: More than 200 imports for KERNEL32.dll
Source: 5vBN4LO7PH.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: 5vBN4LO7PH.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: updater.exe.pdb source: 5vBN4LO7PH.exe
PE file contains an invalid checksum
Source: 5vBN4LO7PH.exe Static PE information: real checksum: 0x546229 should be: 0x562a2e
PE file contains sections with non-standard names
Source: 5vBN4LO7PH.exe Static PE information: section name: CPADinfo
Source: 5vBN4LO7PH.exe Static PE information: section name: malloc_h
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_009203BB push ecx; ret 0_2_009203CE
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_0084951C push eax; retn 0008h 0_2_00849525
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_0079C510 rdtsc 0_2_0079C510
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_0079C510 rdtsc 0_2_0079C510
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\5vBN4LO7PH.exe Code function: 0_2_00701000 cpuid 0_2_00701000
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1546809 Sample: 5vBN4LO7PH.exe Startdate: 01/11/2024 Architecture: WINDOWS Score: 52 7 Multi AV Scanner detection for submitted file 2->7 9 Machine Learning detection for sample 2->9 5 5vBN4LO7PH.exe 2->5         started        process3
No contacted IP infos