Source: diCTAJuHTs.exe |
Virustotal: Detection: 37% |
Perma Link |
Source: diCTAJuHTs.exe |
ReversingLabs: Detection: 42% |
Source: diCTAJuHTs.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF2C06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose, |
0_2_00007FF7DDF2C06C |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF21DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF7DDF21DAC |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF21DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF7DDF21DAC |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF2FF2C |
0_2_00007FF7DDF2FF2C |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF19760 |
0_2_00007FF7DDF19760 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF11B80 |
0_2_00007FF7DDF11B80 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF17FCC |
0_2_00007FF7DDF17FCC |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF22BE0 |
0_2_00007FF7DDF22BE0 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF287F4 |
0_2_00007FF7DDF287F4 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF1E80C |
0_2_00007FF7DDF1E80C |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF30010 |
0_2_00007FF7DDF30010 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF33C18 |
0_2_00007FF7DDF33C18 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF2B13C |
0_2_00007FF7DDF2B13C |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF1A060 |
0_2_00007FF7DDF1A060 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF2C06C |
0_2_00007FF7DDF2C06C |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF2E0C0 |
0_2_00007FF7DDF2E0C0 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF2E4EC |
0_2_00007FF7DDF2E4EC |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF1790D |
0_2_00007FF7DDF1790D |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF2B13C |
0_2_00007FF7DDF2B13C |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF1E5A4 |
0_2_00007FF7DDF1E5A4 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF21DAC |
0_2_00007FF7DDF21DAC |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF26DE0 |
0_2_00007FF7DDF26DE0 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF29200 |
0_2_00007FF7DDF29200 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF30A18 |
0_2_00007FF7DDF30A18 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF24684 |
0_2_00007FF7DDF24684 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF17AA4 |
0_2_00007FF7DDF17AA4 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF302A4 |
0_2_00007FF7DDF302A4 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF162D0 |
0_2_00007FF7DDF162D0 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF182D8 |
0_2_00007FF7DDF182D8 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF21DAC |
0_2_00007FF7DDF21DAC |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF20700 |
0_2_00007FF7DDF20700 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: String function: 00007FF7DDF12760 appears 41 times |
|
Source: classification engine |
Classification label: mal48.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF16FA0 GetLastError,FormatMessageW,WideCharToMultiByte, |
0_2_00007FF7DDF16FA0 |
Source: diCTAJuHTs.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: diCTAJuHTs.exe |
Virustotal: Detection: 37% |
Source: diCTAJuHTs.exe |
ReversingLabs: Detection: 42% |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
File read: C:\Users\user\Desktop\diCTAJuHTs.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: diCTAJuHTs.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: diCTAJuHTs.exe |
Static file information: File size 14444897 > 1048576 |
Source: diCTAJuHTs.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: diCTAJuHTs.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: diCTAJuHTs.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: diCTAJuHTs.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: diCTAJuHTs.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: diCTAJuHTs.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: diCTAJuHTs.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: diCTAJuHTs.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: diCTAJuHTs.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: diCTAJuHTs.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: diCTAJuHTs.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: diCTAJuHTs.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: diCTAJuHTs.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: diCTAJuHTs.exe |
Static PE information: section name: _RDATA |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF13C90 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
0_2_00007FF7DDF13C90 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Check user administrative privileges: GetTokenInformation,DecisionNodes |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
API coverage: 6.7 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF2C06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose, |
0_2_00007FF7DDF2C06C |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF21DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF7DDF21DAC |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF21DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF7DDF21DAC |
Source: diCTAJuHTs.exe |
Binary or memory string: jqEMu |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF25750 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF7DDF25750 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF2DB48 GetProcessHeap, |
0_2_00007FF7DDF2DB48 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF25750 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF7DDF25750 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF1B0C4 SetUnhandledExceptionFilter, |
0_2_00007FF7DDF1B0C4 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF1A8DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF7DDF1A8DC |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF1AEE0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF7DDF1AEE0 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF33A60 cpuid |
0_2_00007FF7DDF33A60 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF1ADC8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00007FF7DDF1ADC8 |
Source: C:\Users\user\Desktop\diCTAJuHTs.exe |
Code function: 0_2_00007FF7DDF30010 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation, |
0_2_00007FF7DDF30010 |