Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1558739
MD5: 3f97ee2b5aefb68fc0d7c6383b41385d
SHA1: 1169a86fb0b2ccb367f9cc886b209e77c6418983
SHA256: 3fb4d76805f5d0d3f23f37fea0f19da7a8e11c6e2a6104035511aded0696fc82
Tags: exeuser-Bitsight
Infos:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected suspicious sample
Creates files with lurking names (e.g. Crack.exe)
Machine Learning detection for dropped file
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
File is packed with WinRar
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 87.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\crack.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Source: file.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: crack.exe.0.dr
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: file.exe
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB040BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF76DB040BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB1B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF76DB1B190
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB2FCA0 FindFirstFileExA, 0_2_00007FF76DB2FCA0
Source: IObit.Malware.Fighter.Pro-12.0.0.1433.exe.0.dr String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError

System Summary
barindex
Creates files with lurking names (e.g. Crack.exe)
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\crack.exe Jump to behavior
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DAFC2F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF76DAFC2F0
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB1CE88 0_2_00007FF76DB1CE88
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DAF5E24 0_2_00007FF76DAF5E24
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB11F20 0_2_00007FF76DB11F20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DAFF930 0_2_00007FF76DAFF930
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB04928 0_2_00007FF76DB04928
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB20754 0_2_00007FF76DB20754
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB1B190 0_2_00007FF76DB1B190
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB0A4AC 0_2_00007FF76DB0A4AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB13484 0_2_00007FF76DB13484
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB18DF4 0_2_00007FF76DB18DF4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB20754 0_2_00007FF76DB20754
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB12D58 0_2_00007FF76DB12D58
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB32080 0_2_00007FF76DB32080
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB0AF18 0_2_00007FF76DB0AF18
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB35AF8 0_2_00007FF76DB35AF8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DAF1AA4 0_2_00007FF76DAF1AA4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB12AB0 0_2_00007FF76DB12AB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB01A48 0_2_00007FF76DB01A48
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB2FA94 0_2_00007FF76DB2FA94
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB289A0 0_2_00007FF76DB289A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB13964 0_2_00007FF76DB13964
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB0C96C 0_2_00007FF76DB0C96C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB28C1C 0_2_00007FF76DB28C1C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB14B98 0_2_00007FF76DB14B98
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB0BB90 0_2_00007FF76DB0BB90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB05B60 0_2_00007FF76DB05B60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DAF76C0 0_2_00007FF76DAF76C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB0B534 0_2_00007FF76DB0B534
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB32550 0_2_00007FF76DB32550
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DAF4840 0_2_00007FF76DAF4840
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB2C838 0_2_00007FF76DB2C838
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DAFA310 0_2_00007FF76DAFA310
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DAFC2F0 0_2_00007FF76DAFC2F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DAF7288 0_2_00007FF76DAF7288
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB0126C 0_2_00007FF76DB0126C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB121D0 0_2_00007FF76DB121D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB0F180 0_2_00007FF76DB0F180
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB153F0 0_2_00007FF76DB153F0
PE file contains executable resources (Code or Archives)
Source: IObit.Malware.Fighter.Pro-12.0.0.1433.exe.0.dr Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: classification engine Classification label: mal56.evad.winEXE@1/3@0/0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DAFB6D8 GetLastError,FormatMessageW,LocalFree, 0_2_00007FF76DAFB6D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB18624 FindResourceExW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree, 0_2_00007FF76DB18624
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_5823640 Jump to behavior
Source: file.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\win.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dxgidebug.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dlnashext.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wpdshext.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ndfapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wdi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: file.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: file.exe Static file information: File size 80591650 > 1048576
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: crack.exe.0.dr
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: file.exe
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
File is packed with WinRar
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_5823640 Jump to behavior
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name: .didat
Source: file.exe Static PE information: section name: _RDATA
Source: crack.exe.0.dr Static PE information: section name: .didat
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB35166 push rsi; retf 0_2_00007FF76DB35167
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB35156 push rsi; retf 0_2_00007FF76DB35157
Drops PE files
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\crack.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\IObit.Malware.Fighter.Pro-12.0.0.1433.exe Jump to dropped file
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\crack.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IObit.Malware.Fighter.Pro-12.0.0.1433.exe Jump to dropped file
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB040BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF76DB040BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB1B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF76DB1B190
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB2FCA0 FindFirstFileExA, 0_2_00007FF76DB2FCA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB216A4 VirtualQuery,GetSystemInfo, 0_2_00007FF76DB216A4
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB276D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF76DB276D8
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB30D20 GetProcessHeap, 0_2_00007FF76DB30D20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB276D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF76DB276D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB23170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF76DB23170
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB22510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF76DB22510
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB23354 SetUnhandledExceptionFilter, 0_2_00007FF76DB23354
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB1B190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF76DB1B190
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB0DC70 cpuid 0_2_00007FF76DB0DC70
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\file.exe Code function: GetLocaleInfoW,GetNumberFormatW, 0_2_00007FF76DB1A2CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB20754 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, 0_2_00007FF76DB20754
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00007FF76DB04EB0 GetVersionExW, 0_2_00007FF76DB04EB0
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1558739 Sample: file.exe Startdate: 19/11/2024 Architecture: WINDOWS Score: 56 13 Machine Learning detection for sample 2->13 15 Machine Learning detection for dropped file 2->15 17 AI detected suspicious sample 2->17 5 file.exe 1 10 2->5         started        process3 file4 9 C:\Users\user\AppData\Local\Temp\crack.exe, PE32 5->9 dropped 11 IObit.Malware.Figh...Pro-12.0.0.1433.exe, PE32 5->11 dropped 19 Creates files with lurking names (e.g. Crack.exe) 5->19 signatures5
No contacted IP infos