Windows Analysis Report
SW-GX-3R(EX)_06293_setup.exe

Overview

General Information

Sample name: SW-GX-3R(EX)_06293_setup.exe
Analysis ID: 1579780
MD5: 5e1e66319cace2ea52f37e9f025e40fb
SHA1: 2fd7c9e96c17ab5da52b43108cb9e4a44213a536
SHA256: 30d2957b6b44309b4121193bc52f9e3a6bf4bb2b36bf53c19db7607f3f07cc5a
Infos:

Detection

Score: 24
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Signatures

PE file has a writeable .text section
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Msiexec Execute Arbitrary DLL
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: SW-GX-3R(EX)_06293_setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Binary string: 6 symbols\dll\msjtes40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msltus40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\mspbde40.pdb source: GX-3R.msi.0.dr
Source: Binary string: ,pV symbols\dll\msexch40.pdbd source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msexcl40.pdb source: GX-3R.msi.0.dr
Source: Binary string: V symbols\dll\msrepl40.pdb source: GX-3R.msi.0.dr
Source: Binary string: E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\Setup___Win32_Release_Unicode\setup.pdb source: SW-GX-3R(EX)_06293_setup.exe
Source: Binary string: symbols\dll\msjet40.pdb source: GX-3R.msi.0.dr
Source: Binary string: 6 symbols\dll\msltus40.pdb source: GX-3R.msi.0.dr
Source: Binary string: ,vV symbols\dll\msjet40.pdbd source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msrepl40.pdb source: GX-3R.msi.0.dr
Source: Binary string: V symbols\dll\msrd2x40.pdb source: GX-3R.msi.0.dr
Source: Binary string: ,zV symbols\dll\msjtes40.pdbD source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msjtes40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msjetoledb40.pdb source: GX-3R.msi.0.dr
Source: Binary string: ,rV symbols\dll\msexcl40.pdbd source: GX-3R.msi.0.dr
Source: Binary string: ` symbols\dll\msexch40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msrd2x40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msrd3x40.pdb source: GX-3R.msi.0.dr
Source: Binary string: 6 symbols\dll\msrepl40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\mstext40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msxbde40.pdb source: GX-3R.msi.0.dr
Source: Binary string: 6 symbols\dll\msjet40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\expsrv.pdb source: GX-3R.msi.0.dr
Source: Binary string: t,6 symbols\dll\msexcl40.pdb source: GX-3R.msi.0.dr
Source: Binary string: 6 symbols\dll\mstext40.pdbd source: GX-3R.msi.0.dr
Source: Binary string: ,xV symbols\dll\msjetoledb40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\dao360.pdb source: GX-3R.msi.0.dr
Source: Binary string: ,|V symbols\dll\mspbde40.pdb source: GX-3R.msi.0.dr
Source: Binary string: 5 symbols\dll\dao360.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msexch40.pdb source: GX-3R.msi.0.dr
Source: Binary string: t,6 symbols\dll\msrd3x40.pdb source: GX-3R.msi.0.dr
Source: Binary string: ` symbols\dll\msrd2x40.pdb$ source: GX-3R.msi.0.dr
Source: Binary string: V symbols\dll\expsrv.pdb source: GX-3R.msi.0.dr
Source: Binary string: V symbols\dll\mstext40.pdb source: GX-3R.msi.0.dr
Source: Binary string: 6 symbols\dll\msjetoledb40.pdb source: GX-3R.msi.0.dr
Source: Binary string: ,{V symbols\dll\msltus40.pdb source: GX-3R.msi.0.dr
Source: Binary string: V symbols\dll\msxbde40.pdb source: GX-3R.msi.0.dr
Source: Binary string: 6 symbols\dll\mspbde40.pdbd source: GX-3R.msi.0.dr
Source: Binary string: v,r` symbols\dll\expsrv.pdb source: GX-3R.msi.0.dr
Source: Binary string: 5 symbols\dll\msxbde40.pdbD source: GX-3R.msi.0.dr
Source: Binary string: .pdB# source: SW-GX-3R(EX)_06293_setup.exe
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: x: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: v: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: t: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: r: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: p: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: n: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: l: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: j: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: h: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: f: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: b: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: y: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: w: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: u: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: s: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: q: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: o: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: m: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: k: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: i: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: g: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: e: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: c: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: a: Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0042217D __EH_prolog3,_memset,GetTempPathW,FindFirstFileW,CompareFileTime,DeleteFileW,FindNextFileW, 0_2_0042217D
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0045A208 GetProcAddress,SearchPathW,GetModuleFileNameW,FindFirstFileW,CreateEventW,VirtualProtect,VirtualQuery,VirtualProtect,VirtualProtect, 0_2_0045A208
Source: GX-3R.msi.0.dr String found in binary or memory: http://www.flexerasoftware.com0
Source: SW-GX-3R(EX)_06293_setup.exe String found in binary or memory: http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d

System Summary
barindex
PE file has a writeable .text section
Source: richtx32.ocx.2.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_004464E0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx, 0_2_004464E0
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\668c32.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{1FFE8FB4-E84F-4460-8750-7986F429A342} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI9308.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI9413.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI9471.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\Vsflex7.ocx Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\cmdlgjp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\comdlg32.ocx Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\JETCOMP.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msexch35.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msexcl35.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msjet35.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msjint35.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msjt4jlt.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msjter35.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msltus35.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mspdox35.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msrd2x35.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msrepl35.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msrpfs35.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mstext35.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msxbse35.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\VBAR332.DLL Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\Odbcjet.hlp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\Odbcjet.cnt Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc42loc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mscomct2.ocx Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mscomctl.ocx Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\vb6jp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\richtx32.ocx Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_VC_ATLUnicode_f1.7EBEDD68_AA66_11D2_B980_006097C4DE24 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\F479_Dao360.dll.5B60FF9E_851D_11D4_A752_00B0D0428C0C Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\F248_vbajet32.dll.9D68DD2A_1AF8_11D4_AB3C_00C04F0971B2 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\F1122_Expsrv.dll.9D68DD2A_1AF8_11D4_AB3C_00C04F0971B2 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_VC_MFC42ANSICore_f0.51D569E2_8A28_11D2_B962_006097C4DE24 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_Vba_VbRuntime_f0.1E64E430_36E0_11D2_A794_0060089A724B Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_VC_CRT_f0.51D569E0_8A28_11D2_B962_006097C4DE24 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_OLEAUT32_f2.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{1FFE8FB4-E84F-4460-8750-7986F429A342} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{1FFE8FB4-E84F-4460-8750-7986F429A342}\ARPPRODUCTICON.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{1FFE8FB4-E84F-4460-8750-7986F429A342}\NewShortcut1_0BE5A0A4C6544045B9A8BB1F57F0AFD3.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{1FFE8FB4-E84F-4460-8750-7986F429A342}\NewShortcut11_24FC0B0B186C41C78A4A8C3D821B787F.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\668c34.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\668c34.msi Jump to behavior
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI9308.tmp Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0042C448 0_2_0042C448
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0048C026 0_2_0048C026
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_004940F0 0_2_004940F0
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0047C10A 0_2_0047C10A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00488463 0_2_00488463
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0046C710 0_2_0046C710
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0048898E 0_2_0048898E
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00480DCA 0_2_00480DCA
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00488ED2 0_2_00488ED2
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00478EDA 0_2_00478EDA
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00498EB0 0_2_00498EB0
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0048954E 0_2_0048954E
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00469788 0_2_00469788
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0045D8D8 0_2_0045D8D8
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00469C5D 0_2_00469C5D
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00475D7D 0_2_00475D7D
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0046A031 0_2_0046A031
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00496230 0_2_00496230
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0046A43D 0_2_0046A43D
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0046A85D 0_2_0046A85D
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00476B9E 0_2_00476B9E
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00476E19 0_2_00476E19
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00473084 0_2_00473084
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0047711E 0_2_0047711E
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0048B8D3 0_2_0048B8D3
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00493890 0_2_00493890
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00477CF4 0_2_00477CF4
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00493CF0 0_2_00493CF0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: String function: 0040F3F1 appears 31 times
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: String function: 0040E918 appears 41 times
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: String function: 0047565F appears 35 times
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: String function: 00408D97 appears 43 times
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: String function: 004096BA appears 118 times
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: String function: 00464713 appears 70 times
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: String function: 00463F3B appears 65 times
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: String function: 00464749 appears 93 times
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: String function: 004646E0 appears 715 times
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: String function: 004018B0 appears 176 times
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: String function: 004676BC appears 57 times
PE file does not import any functions
Source: vb6jp.dll.2.dr Static PE information: No import functions for PE file found
Source: mfc42loc.dll.2.dr Static PE information: No import functions for PE file found
Source: Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24.2.dr Static PE information: No import functions for PE file found
Source: cmdlgjp.dll.2.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: SW-GX-3R(EX)_06293_setup.exe, 00000000.00000002.2103510944.000000000051D000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameInstallShield Setup.exe, vs SW-GX-3R(EX)_06293_setup.exe
Source: SW-GX-3R(EX)_06293_setup.exe Binary or memory string: OriginalFilenameInstallShield Setup.exe, vs SW-GX-3R(EX)_06293_setup.exe
Uses 32bit PE files
Source: SW-GX-3R(EX)_06293_setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: richtx32.ocx.2.dr Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_CACHED, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: classification engine Classification label: sus24.winEXE@28/82@0/0
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_004464E0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx, 0_2_004464E0
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00441F61 LoadLibraryW,GetProcAddress,lstrcpyW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FreeLibrary, 0_2_00441F61
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0044D92E __EH_prolog3_GS,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,CoCreateInstance, 0_2_0044D92E
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_004177BA FindResourceW,SizeofResource,LoadResource,LockResource, 0_2_004177BA
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\GX-3R Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe File created: C:\Users\user\AppData\Local\Downloaded Installations Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe File created: C:\Users\user\AppData\Local\Temp\{29BAAC47-C463-4F5C-90DF-D5756FE7815E}\ Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: debuglog 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: runfromtemp 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: reboot 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: %s%s 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: tempdisk1folder 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: ISSetup.dll 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: ISSetup.dll 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: Skin 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: Startup 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: setup.isn 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: count 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: Languages 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: key%d 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: Languages 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: %s\0x%04x.ini 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: %s\0x%04x.ini 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: %s\%04x.mst 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: %s\%04x.mst 0_2_0043E15A
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Command line argument: `UG 0_2_004754B0
Source: SW-GX-3R(EX)_06293_setup.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe File read: C:\Users\user\AppData\Local\Temp\{29BAAC47-C463-4F5C-90DF-D5756FE7815E}\Setup.INI Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe File read: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe "C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe"
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Process created: C:\Windows\SysWOW64\msiexec.exe MSIEXEC.EXE /i "C:\Users\user\AppData\Local\Downloaded Installations\{7DED6250-9973-44A8-BFD0-71491CF41AEA}\GX-3R.msi" SETUPEXEDIR="C:\Users\user\Desktop" SETUPEXENAME="SW-GX-3R(EX)_06293_setup.exe"
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 965794F20A6A7A4389D97787515D8009 C
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A68C3EFAC0AEFE0BC0AA104F747B6A98
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 588624F03B769A27B304CA4FE9239E00 M Global\MSI0000
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msexch35.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msexcl35.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msjet35.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msjt4jlt.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msltus35.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\mspdox35.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msrd2x35.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\mstext35.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msxbse35.dll"
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Process created: C:\Windows\SysWOW64\msiexec.exe MSIEXEC.EXE /i "C:\Users\user\AppData\Local\Downloaded Installations\{7DED6250-9973-44A8-BFD0-71491CF41AEA}\GX-3R.msi" SETUPEXEDIR="C:\Users\user\Desktop" SETUPEXENAME="SW-GX-3R(EX)_06293_setup.exe" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 965794F20A6A7A4389D97787515D8009 C Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A68C3EFAC0AEFE0BC0AA104F747B6A98 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 588624F03B769A27B304CA4FE9239E00 M Global\MSI0000 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msexch35.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msexcl35.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msjet35.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msjt4jlt.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msltus35.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\mspdox35.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msrd2x35.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\mstext35.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msxbse35.dll" Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: msi.dll Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msihnd.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: spp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msexch35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msjet35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msvcrt40.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msjint35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msexcl35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msjet35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msjint35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msjet35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msjt4jlt.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msltus35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msjet35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msjint35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mspdox35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msjint35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msrd2x35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msjet35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mstext35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msjet35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msjint35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msxbse35.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msjint35.dll Jump to behavior
Source: GX-3R.lnk.2.dr LNK file: ..\..\..\..\..\Program Files (x86)\GX-3R\GX3R.exe
Source: GX-3R.lnk0.2.dr LNK file: ..\..\..\Program Files (x86)\GX-3R\GX3R.exe
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe File written: C:\Users\user\AppData\Local\Temp\{29BAAC47-C463-4F5C-90DF-D5756FE7815E}\Setup.INI Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Automated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exe Automated click: I accept the terms in the license agreement
Source: C:\Windows\SysWOW64\msiexec.exe Automated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exe Automated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exe Automated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exe Automated click: Install
Source: Window Recorder Window detected: More than 3 window changes detected
Source: SW-GX-3R(EX)_06293_setup.exe Static file information: File size 31250995 > 1048576
Source: SW-GX-3R(EX)_06293_setup.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: 6 symbols\dll\msjtes40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msltus40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\mspbde40.pdb source: GX-3R.msi.0.dr
Source: Binary string: ,pV symbols\dll\msexch40.pdbd source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msexcl40.pdb source: GX-3R.msi.0.dr
Source: Binary string: V symbols\dll\msrepl40.pdb source: GX-3R.msi.0.dr
Source: Binary string: E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\Setup___Win32_Release_Unicode\setup.pdb source: SW-GX-3R(EX)_06293_setup.exe
Source: Binary string: symbols\dll\msjet40.pdb source: GX-3R.msi.0.dr
Source: Binary string: 6 symbols\dll\msltus40.pdb source: GX-3R.msi.0.dr
Source: Binary string: ,vV symbols\dll\msjet40.pdbd source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msrepl40.pdb source: GX-3R.msi.0.dr
Source: Binary string: V symbols\dll\msrd2x40.pdb source: GX-3R.msi.0.dr
Source: Binary string: ,zV symbols\dll\msjtes40.pdbD source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msjtes40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msjetoledb40.pdb source: GX-3R.msi.0.dr
Source: Binary string: ,rV symbols\dll\msexcl40.pdbd source: GX-3R.msi.0.dr
Source: Binary string: ` symbols\dll\msexch40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msrd2x40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msrd3x40.pdb source: GX-3R.msi.0.dr
Source: Binary string: 6 symbols\dll\msrepl40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\mstext40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msxbde40.pdb source: GX-3R.msi.0.dr
Source: Binary string: 6 symbols\dll\msjet40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\expsrv.pdb source: GX-3R.msi.0.dr
Source: Binary string: t,6 symbols\dll\msexcl40.pdb source: GX-3R.msi.0.dr
Source: Binary string: 6 symbols\dll\mstext40.pdbd source: GX-3R.msi.0.dr
Source: Binary string: ,xV symbols\dll\msjetoledb40.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\dao360.pdb source: GX-3R.msi.0.dr
Source: Binary string: ,|V symbols\dll\mspbde40.pdb source: GX-3R.msi.0.dr
Source: Binary string: 5 symbols\dll\dao360.pdb source: GX-3R.msi.0.dr
Source: Binary string: symbols\dll\msexch40.pdb source: GX-3R.msi.0.dr
Source: Binary string: t,6 symbols\dll\msrd3x40.pdb source: GX-3R.msi.0.dr
Source: Binary string: ` symbols\dll\msrd2x40.pdb$ source: GX-3R.msi.0.dr
Source: Binary string: V symbols\dll\expsrv.pdb source: GX-3R.msi.0.dr
Source: Binary string: V symbols\dll\mstext40.pdb source: GX-3R.msi.0.dr
Source: Binary string: 6 symbols\dll\msjetoledb40.pdb source: GX-3R.msi.0.dr
Source: Binary string: ,{V symbols\dll\msltus40.pdb source: GX-3R.msi.0.dr
Source: Binary string: V symbols\dll\msxbde40.pdb source: GX-3R.msi.0.dr
Source: Binary string: 6 symbols\dll\mspbde40.pdbd source: GX-3R.msi.0.dr
Source: Binary string: v,r` symbols\dll\expsrv.pdb source: GX-3R.msi.0.dr
Source: Binary string: 5 symbols\dll\msxbde40.pdbD source: GX-3R.msi.0.dr
Source: Binary string: .pdB# source: SW-GX-3R(EX)_06293_setup.exe
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0042C448 _memset,_memset,lstrlenW,_memset,wsprintfW,___FUnloadDelayLoadedDLL2@4,LoadLibraryW,GetProcAddress,GetLastError,GetSystemTimeAsFileTime, 0_2_0042C448
PE file contains an invalid checksum
Source: MSI3CCA.tmp.1.dr Static PE information: real checksum: 0x0 should be: 0x12bc5
Source: MSI9471.tmp.2.dr Static PE information: real checksum: 0x0 should be: 0xba91
Source: Vsflex7.ocx.2.dr Static PE information: real checksum: 0x0 should be: 0x83140
Source: RKComm.ocx.2.dr Static PE information: real checksum: 0x0 should be: 0x23ba8
Source: Global_VC_ATLUnicode_f1.7EBEDD68_AA66_11D2_B980_006097C4DE24.2.dr Static PE information: real checksum: 0x0 should be: 0x1bc64
Source: NewShortcut1_0BE5A0A4C6544045B9A8BB1F57F0AFD3.exe.2.dr Static PE information: real checksum: 0x0 should be: 0x10280
Source: RkIrDA11.ocx.2.dr Static PE information: real checksum: 0x0 should be: 0x12215
Source: richtx32.ocx.2.dr Static PE information: real checksum: 0x37a99 should be: 0x4aa56
Source: ARPPRODUCTICON.exe.2.dr Static PE information: real checksum: 0x0 should be: 0x1389e
Source: Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24.2.dr Static PE information: real checksum: 0x0 should be: 0x52af
Source: JETCOMP.exe.2.dr Static PE information: real checksum: 0x0 should be: 0x13c21
Source: NewShortcut11_24FC0B0B186C41C78A4A8C3D821B787F.exe.2.dr Static PE information: real checksum: 0x0 should be: 0x10280
PE file contains sections with non-standard names
Source: F1122_Expsrv.dll.9D68DD2A_1AF8_11D4_AB3C_00C04F0971B2.2.dr Static PE information: section name: ENGINE
Source: msexch35.dll.2.dr Static PE information: section name: CURSORS
Source: msexch35.dll.2.dr Static PE information: section name: BASE
Source: msjint35.dll.2.dr Static PE information: section name: WEP_TEXT
Source: VBAR332.DLL.2.dr Static PE information: section name: ENGINE
Source: Global_Vba_VbRuntime_f0.1E64E430_36E0_11D2_A794_0060089A724B.2.dr Static PE information: section name: ENGINE
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_3_00734A51 push ebx; retf 0_3_00734A52
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_3_00734A51 push ebx; retf 0_3_00734A52
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_3_00734A51 push ebx; retf 0_3_00734A52
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_3_00734A51 push ebx; retf 0_3_00734A52
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_3_00734A51 push ebx; retf 0_3_00734A52
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_3_00734A51 push ebx; retf 0_3_00734A52
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_3_00734A51 push ebx; retf 0_3_00734A52
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_3_00734A51 push ebx; retf 0_3_00734A52
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_3_00734A51 push ebx; retf 0_3_00734A52
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_004647B8 push ecx; ret 0_2_004647CB
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00467701 push ecx; ret 0_2_00467714
Drops PE files
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msrd2x35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\F479_Dao360.dll.5B60FF9E_851D_11D4_A752_00B0D0428C0C Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_Vba_VbRuntime_f0.1E64E430_36E0_11D2_A794_0060089A724B Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\comdlg32.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msxbse35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mscomct2.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI9308.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msjet35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\vb6jp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\GX-3R\RKComm.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\GX-3R\GX3R.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\VBAR332.DLL Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_OLEAUT32_f2.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\cmdlgjp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msexcl35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msjt4jlt.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\Vsflex7.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\F1122_Expsrv.dll.9D68DD2A_1AF8_11D4_AB3C_00C04F0971B2 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\JETCOMP.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\GX-3R\RkIrDA11.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{1FFE8FB4-E84F-4460-8750-7986F429A342}\NewShortcut11_24FC0B0B186C41C78A4A8C3D821B787F.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI9471.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msjint35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\F248_vbajet32.dll.9D68DD2A_1AF8_11D4_AB3C_00C04F0971B2 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mstext35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msrpfs35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msltus35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msrepl35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mspdox35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msjter35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\richtx32.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mscomctl.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{1FFE8FB4-E84F-4460-8750-7986F429A342}\ARPPRODUCTICON.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc42loc.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_VC_MFC42ANSICore_f0.51D569E2_8A28_11D2_B962_006097C4DE24 Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSI3CCA.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_VC_ATLUnicode_f1.7EBEDD68_AA66_11D2_B980_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msexch35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{1FFE8FB4-E84F-4460-8750-7986F429A342}\NewShortcut1_0BE5A0A4C6544045B9A8BB1F57F0AFD3.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_VC_CRT_f0.51D569E0_8A28_11D2_B962_006097C4DE24 Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msrd2x35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\F479_Dao360.dll.5B60FF9E_851D_11D4_A752_00B0D0428C0C Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_Vba_VbRuntime_f0.1E64E430_36E0_11D2_A794_0060089A724B Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\comdlg32.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msxbse35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mscomct2.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI9308.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msjet35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\vb6jp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\VBAR332.DLL Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_OLEAUT32_f2.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\cmdlgjp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msexcl35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msjt4jlt.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\Vsflex7.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\F1122_Expsrv.dll.9D68DD2A_1AF8_11D4_AB3C_00C04F0971B2 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\JETCOMP.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{1FFE8FB4-E84F-4460-8750-7986F429A342}\NewShortcut11_24FC0B0B186C41C78A4A8C3D821B787F.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI9471.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msjint35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\F248_vbajet32.dll.9D68DD2A_1AF8_11D4_AB3C_00C04F0971B2 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mstext35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msrpfs35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msltus35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msrepl35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mspdox35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msjter35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\richtx32.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mscomctl.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{1FFE8FB4-E84F-4460-8750-7986F429A342}\ARPPRODUCTICON.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\mfc42loc.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_VC_MFC42ANSICore_f0.51D569E2_8A28_11D2_B962_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_VC_ATLUnicode_f1.7EBEDD68_AA66_11D2_B980_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msexch35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{1FFE8FB4-E84F-4460-8750-7986F429A342}\NewShortcut1_0BE5A0A4C6544045B9A8BB1F57F0AFD3.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_VC_CRT_f0.51D569E0_8A28_11D2_B962_006097C4DE24 Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_VC_ATLUnicode_f1.7EBEDD68_AA66_11D2_B980_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\F479_Dao360.dll.5B60FF9E_851D_11D4_A752_00B0D0428C0C Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\F248_vbajet32.dll.9D68DD2A_1AF8_11D4_AB3C_00C04F0971B2 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\F1122_Expsrv.dll.9D68DD2A_1AF8_11D4_AB3C_00C04F0971B2 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_VC_MFC42ANSICore_f0.51D569E2_8A28_11D2_B962_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_Vba_VbRuntime_f0.1E64E430_36E0_11D2_A794_0060089A724B Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_VC_CRT_f0.51D569E0_8A28_11D2_B962_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_OLEAUT32_f2.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00428196 __EH_prolog3,GetTempPathW,CoCreateGuid,CreateDirectoryW,GetPrivateProfileStringW,CreateDirectoryW, 0_2_00428196
Stores files to the Windows start menu directory
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GX-3R.lnk Jump to behavior
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0045A382 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_0045A382
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\comdlg32.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_Vba_VbRuntime_f0.1E64E430_36E0_11D2_A794_0060089A724B Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\F479_Dao360.dll.5B60FF9E_851D_11D4_A752_00B0D0428C0C Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\mscomct2.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI9308.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\vb6jp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\GX-3R\RKComm.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\GX-3R\GX3R.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_OLEAUT32_f2.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\VBAR332.DLL Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\cmdlgjp.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\Vsflex7.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\F1122_Expsrv.dll.9D68DD2A_1AF8_11D4_AB3C_00C04F0971B2 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\JETCOMP.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\GX-3R\RkIrDA11.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\{1FFE8FB4-E84F-4460-8750-7986F429A342}\NewShortcut11_24FC0B0B186C41C78A4A8C3D821B787F.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI9471.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\F248_vbajet32.dll.9D68DD2A_1AF8_11D4_AB3C_00C04F0971B2 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\msrpfs35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\msrepl35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\msjter35.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\richtx32.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\mscomctl.ocx Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\{1FFE8FB4-E84F-4460-8750-7986F429A342}\ARPPRODUCTICON.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_VC_MFC42ANSICore_f0.51D569E2_8A28_11D2_B962_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc42loc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI3CCA.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_VC_ATLUnicode_f1.7EBEDD68_AA66_11D2_B980_006097C4DE24 Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\{1FFE8FB4-E84F-4460-8750-7986F429A342}\NewShortcut1_0BE5A0A4C6544045B9A8BB1F57F0AFD3.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\4BF8EFF1F48E0644780597684F923A24\1.0.56\Global_VC_CRT_f0.51D569E0_8A28_11D2_B962_006097C4DE24 Jump to dropped file
Found evasive API chain (may stop execution after checking a module file name)
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0042217D __EH_prolog3,_memset,GetTempPathW,FindFirstFileW,CompareFileTime,DeleteFileW,FindNextFileW, 0_2_0042217D
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0045A208 GetProcAddress,SearchPathW,GetModuleFileNameW,FindFirstFileW,CreateEventW,VirtualProtect,VirtualQuery,VirtualProtect,VirtualProtect, 0_2_0045A208
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00440295 __EH_prolog3,VirtualQuery,GetSystemInfo,MapViewOfFile, 0_2_00440295
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe API call chain: ExitProcess graph end node
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_004646D1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_004646D1
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0042C448 _memset,_memset,lstrlenW,_memset,wsprintfW,___FUnloadDelayLoadedDLL2@4,LoadLibraryW,GetProcAddress,GetLastError,GetSystemTimeAsFileTime, 0_2_0042C448
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_004097D1 GetFileSize,GetProcessHeap,GetProcessHeap,HeapAlloc,ReadFile,lstrlenA,__alloca_probe_16,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,ReadFile,GetProcessHeap,HeapFree, 0_2_004097D1
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_004646D1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_004646D1
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0046CC4D __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_0046CC4D
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_004657C4 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_004657C4
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0047A13D SetUnhandledExceptionFilter, 0_2_0047A13D
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msexch35.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msexcl35.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msjet35.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msjt4jlt.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msltus35.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\mspdox35.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msrd2x35.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\mstext35.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\msxbse35.dll" Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0043C6DF __EH_prolog3,_memset,_memset,_memset,_memset,_memset,_memset,InitializeSecurityDescriptor,GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,SetSecurityDescriptorDacl,CoInitializeSecurity, 0_2_0043C6DF
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00458DDF GetCurrentThread,OpenThreadToken,GetLastError,GetLastError,GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid, 0_2_00458DDF
Source: SW-GX-3R(EX)_06293_setup.exe Binary or memory string: AShell_TrayWndTahoma
Source: SW-GX-3R(EX)_06293_setup.exe Binary or memory string: Shell_TrayWnd
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, 0_2_0047CC3C
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, 0_2_0047CD53
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen, 0_2_0047CDEB
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage, 0_2_0047CE5F
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, 0_2_0047D031
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: EnumSystemLocalesA, 0_2_0047D0F4
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, 0_2_0047D11E
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s, 0_2_0047D1C1
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, 0_2_0047D185
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW, 0_2_0046D5FD
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: GetLocaleInfoW,TranslateCharsetInfo,IsValidLocale, 0_2_004419CA
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: GetLocaleInfoW, 0_2_00441A4E
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: GetLocaleInfoA, 0_2_0048A79F
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, 0_2_0047AA43
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: GetLocaleInfoA, 0_2_0048AA33
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement, 0_2_0047B0E4
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement, 0_2_0047B36F
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement, 0_2_0047B635
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: GetLocaleInfoW, 0_2_00483CDC
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW, 0_2_00483CF5
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,__alloca_probe_16,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA, 0_2_00483D29
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, 0_2_00483E68
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_0042C448 _memset,_memset,lstrlenW,_memset,wsprintfW,___FUnloadDelayLoadedDLL2@4,LoadLibraryW,GetProcAddress,GetLastError,GetSystemTimeAsFileTime, 0_2_0042C448
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00489D12 __lock,__get_daylight,__invoke_watson,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson, 0_2_00489D12
Source: C:\Users\user\Desktop\SW-GX-3R(EX)_06293_setup.exe Code function: 0_2_00432A7F GetVersionExW,GetSystemInfo, 0_2_00432A7F
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1579780 Sample: SW-GX-3R(EX)_06293_setup.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 24 32 PE file has a writeable .text section 2->32 6 msiexec.exe 501 87 2->6         started        9 SW-GX-3R(EX)_06293_setup.exe 33 2->9         started        process3 file4 24 C:\Windows\SysWOW64\vb6jp.dll, PE32 6->24 dropped 26 C:\Windows\SysWOW64\richtx32.ocx, PE32 6->26 dropped 28 C:\Windows\SysWOW64\msxbse35.dll, PE32 6->28 dropped 30 40 other files (none is malicious) 6->30 dropped 11 msiexec.exe 45 6->11         started        13 msiexec.exe 38 6->13         started        15 msiexec.exe 39 6->15         started        20 9 other processes 6->20 17 msiexec.exe 10 9->17         started        process5 file6 22 C:\Users\user\AppData\Local\...\MSI3CCA.tmp, PE32 17->22 dropped
No contacted IP infos