Click to jump to signature section
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Virustotal: Detection: 15% | Perma Link |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Static PE information: certificate valid |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH |
Source: | Binary string: goopdateres_unsigned_mr.pdb source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0 |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0 |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07 |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://ocsp.digicert.com0C |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://ocsp.digicert.com0H |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://ocsp.digicert.com0I |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://ocsp.digicert.com0O |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Binary or memory string: OriginalFilenamegoopdateres_mr.dllD vs 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL |
Source: classification engine | Classification label: mal48.winDLL@6/0@0/0 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7352:120:WilError_03 |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Windows\System32\loaddll32.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll",#1 |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Virustotal: Detection: 15% |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll" | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll",#1 | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll",#1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll",#1 | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll",#1 | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Static PE information: certificate valid |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH |
Source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: | Binary string: goopdateres_unsigned_mr.pdb source: 2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\loaddll32.exe | Thread delayed: delay time: 120000 | Jump to behavior |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\2E814B7D-3F0B-4AF7-8C7C-C8AE7CD57525_12172024125634383.dll",#1 | Jump to behavior |