Windows Analysis Report
CakeView.exe

Overview

General Information

Sample name: CakeView.exe
Analysis ID: 1657847
MD5: e1773cb30c0917178d415442ff691fa7
SHA1: f0d4329bc0de6741b01af7d6ff7ae5cd47c63a24
SHA256: 6a68f60f181aff9db2b65b433ab74750b1135cc220a2c6f7ae3684037d0d6f5b

Detection

Score: 3
Range: 0 - 100
Confidence: 60%

Signatures

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Detected potential crypto function
Found potential string decryption / allocating functions
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Source: CakeView.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0BEB6C FindClose,terminate,FindFirstFileExW,GetLastError, 0_2_00007FF73D0BEB6C
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0BEBE0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,CloseHandle,CloseHandle,terminate, 0_2_00007FF73D0BEBE0
Source: CakeView.exe String found in binary or memory: https://discord.gg/ctUmSTueV3
Source: CakeView.exe String found in binary or memory: https://prowrestlingmods.io
Source: CakeView.exe String found in binary or memory: https://wiki.prowrestlingmods.io/
Source: CakeView.exe String found in binary or memory: https://wiki.prowrestlingmods.io/https://discord.gg/ctUmSTueV3materialeditor.exePlease
Source: CakeView.exe String found in binary or memory: https://www.patreon.com/PWMods
Source: CakeView.exe String found in binary or memory: https://www.patreon.com/PWModsSysCore::Assets::VCTexture
Detected potential crypto function
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D087E20 0_2_00007FF73D087E20
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D06EEB0 0_2_00007FF73D06EEB0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D01EEA0 0_2_00007FF73D01EEA0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0A9ED0 0_2_00007FF73D0A9ED0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D05CED0 0_2_00007FF73D05CED0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D051EC0 0_2_00007FF73D051EC0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73CFF1EF0 0_2_00007FF73CFF1EF0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D060EE0 0_2_00007FF73D060EE0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D062F13 0_2_00007FF73D062F13
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D035D30 0_2_00007FF73D035D30
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D061D40 0_2_00007FF73D061D40
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D093D70 0_2_00007FF73D093D70
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D054D60 0_2_00007FF73D054D60
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D053DB0 0_2_00007FF73D053DB0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D078DA0 0_2_00007FF73D078DA0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D073DD0 0_2_00007FF73D073DD0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D03ADC0 0_2_00007FF73D03ADC0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D09BE00 0_2_00007FF73D09BE00
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D036030 0_2_00007FF73D036030
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D08F070 0_2_00007FF73D08F070
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D070060 0_2_00007FF73D070060
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0380A0 0_2_00007FF73D0380A0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D05C0E0 0_2_00007FF73D05C0E0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D064F30 0_2_00007FF73D064F30
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D022F19 0_2_00007FF73D022F19
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D008F20 0_2_00007FF73D008F20
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D053F60 0_2_00007FF73D053F60
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D079FB0 0_2_00007FF73D079FB0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73CFF4FF0 0_2_00007FF73CFF4FF0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D00EFF7 0_2_00007FF73D00EFF7
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0A9A40 0_2_00007FF73D0A9A40
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D029A70 0_2_00007FF73D029A70
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D088A90 0_2_00007FF73D088A90
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0BAA90 0_2_00007FF73D0BAA90
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73CFF2AA0 0_2_00007FF73CFF2AA0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D08BAA0 0_2_00007FF73D08BAA0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D09EAE0 0_2_00007FF73D09EAE0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D085AE0 0_2_00007FF73D085AE0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73CFF7920 0_2_00007FF73CFF7920
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73CFF1940 0_2_00007FF73CFF1940
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D051940 0_2_00007FF73D051940
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0619A1 0_2_00007FF73D0619A1
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D00D9C0 0_2_00007FF73D00D9C0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D01DC60 0_2_00007FF73D01DC60
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D050D10 0_2_00007FF73D050D10
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73CFF4B40 0_2_00007FF73CFF4B40
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D04DB70 0_2_00007FF73D04DB70
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0A5BE0 0_2_00007FF73D0A5BE0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0BEBE0 0_2_00007FF73D0BEBE0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D051690 0_2_00007FF73D051690
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0486F0 0_2_00007FF73D0486F0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73CFF56F0 0_2_00007FF73CFF56F0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73CFF3700 0_2_00007FF73CFF3700
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D062700 0_2_00007FF73D062700
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D086550 0_2_00007FF73D086550
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D060560 0_2_00007FF73D060560
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73CFF8580 0_2_00007FF73CFF8580
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D03D590 0_2_00007FF73D03D590
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D088580 0_2_00007FF73D088580
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73CFFD5A0 0_2_00007FF73CFFD5A0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0195D0 0_2_00007FF73D0195D0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0575D0 0_2_00007FF73D0575D0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D033856 0_2_00007FF73D033856
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0298B0 0_2_00007FF73D0298B0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0898D0 0_2_00007FF73D0898D0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D05C8C0 0_2_00007FF73D05C8C0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D074730 0_2_00007FF73D074730
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D00B720 0_2_00007FF73D00B720
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D062720 0_2_00007FF73D062720
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0AA750 0_2_00007FF73D0AA750
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D052750 0_2_00007FF73D052750
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D069780 0_2_00007FF73D069780
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D08B7B0 0_2_00007FF73D08B7B0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0477A0 0_2_00007FF73D0477A0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D08E250 0_2_00007FF73D08E250
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0B5250 0_2_00007FF73D0B5250
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D072270 0_2_00007FF73D072270
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0532F0 0_2_00007FF73D0532F0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D095120 0_2_00007FF73D095120
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D053190 0_2_00007FF73D053190
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0AE1C0 0_2_00007FF73D0AE1C0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D08B210 0_2_00007FF73D08B210
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73CFF1200 0_2_00007FF73CFF1200
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D058210 0_2_00007FF73D058210
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D00C450 0_2_00007FF73D00C450
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0A5440 0_2_00007FF73D0A5440
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D061470 0_2_00007FF73D061470
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D013480 0_2_00007FF73D013480
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D03A4D0 0_2_00007FF73D03A4D0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D09E4F0 0_2_00007FF73D09E4F0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D06C4E0 0_2_00007FF73D06C4E0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D01C320 0_2_00007FF73D01C320
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D031320 0_2_00007FF73D031320
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73CFF6350 0_2_00007FF73CFF6350
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0B7360 0_2_00007FF73D0B7360
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D040390 0_2_00007FF73D040390
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D064390 0_2_00007FF73D064390
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73CFF23A0 0_2_00007FF73CFF23A0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0953F0 0_2_00007FF73D0953F0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0533F0 0_2_00007FF73D0533F0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\CakeView.exe Code function: String function: 00007FF73CFFA0D0 appears 38 times
Source: C:\Users\user\Desktop\CakeView.exe Code function: String function: 00007FF73CFFC4B0 appears 59 times
Source: C:\Users\user\Desktop\CakeView.exe Code function: String function: 00007FF73D04BA70 appears 99 times
Sample file is different than original file name gathered from version info
Source: CakeView.exe Binary or memory string: OriginalFilename vs CakeView.exe
Source: classification engine Classification label: clean3.winEXE@1/0@0/0
Source: CakeView.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\CakeView.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: CakeView.exe String found in binary or memory: Bake/Launch
Source: CakeView.exe String found in binary or memory: Set WWE/Launcher Exe Path:
Source: CakeView.exe String found in binary or memory: Set WWE/Launcher Exe Path
Source: CakeView.exe String found in binary or memory: Set WWE/Launcher Exe Path:
Source: CakeView.exe String found in binary or memory: Set WWE/Launcher Exe Path
Source: CakeView.exe String found in binary or memory: }PanelWidgetpanelFrameverticalLayout_14OverviewNew BakeOpen Game DirectoryTotal Bakedfiles0User/Game/PathTotal ModsTotal SavedNew ColumnNew RowRegistry TotalRecently Saved:Failed to load lists./ModsVerticalItemSpacerDate Modified GBBrowsemargin-right: 5px;Failed to load user game path.QWidget { color: rgb(255, 255, 255);background-color: rgb(47, 47, 47);}QLineEdit { background-color: rgb(30, 30, 30); color: rgb(255, 255, 255);}QInputDialog {background-color: rgb(47,47,47);color: rgb(255, 255, 255);}QLineEdit:focus {border: none;outline: none;}Set WWE/Launcher Exe Path: Set WWE/Launcher Exe PathExecutable File (*.exe)Select Game ExeCould not locate game path.
Source: CakeView.exe String found in binary or memory: Bake/Launch
Source: CakeView.exe String found in binary or memory: }targetLabelSegoe UIversionComboBoxwidget_6progressInfoprogressBarCakeView - BakeBake New DirectoryCAK Version: v9.2 (2k24)v9.1 (2k24)Output Folder:ModsGame RootTarget Directory:...Target Name:Auto-GenerateBakeBake/LaunchCancelGame Target:2K242K25Progress:Last Baked DirectoryRecentLast Baked SaveFileRegistry bake requestedEmpty target, could not initialize bake service.Please specify all bake targets.Bake TargetDirectory baked succesfully to: Bake CompleteConfiguring user settings...Loading cakeview config...Loading bake config.../modsValidating bake session path: Could not access save path: File is inaccessible or is in use by another program.Bake ErrorCould not access mods path: Could not access source directoryFormatting save path:Initializing bake worker...Updating GUI progress...Launching bake service...STATUS_COMPILE_ERRORFailed to compile registry at path: Invalid directory path. Failed to compile .cak file.Appending save file to history...) (Open Target Directory-
Source: CakeView.exe String found in binary or memory: gbutton-launch-and-bake.png
Source: C:\Users\user\Desktop\CakeView.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\CakeView.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Users\user\Desktop\CakeView.exe Section loaded: qt5winextras.dll Jump to behavior
Source: C:\Users\user\Desktop\CakeView.exe Section loaded: qt53dextras.dll Jump to behavior
Source: C:\Users\user\Desktop\CakeView.exe Section loaded: qt53drender.dll Jump to behavior
Source: C:\Users\user\Desktop\CakeView.exe Section loaded: qt53dinput.dll Jump to behavior
Source: C:\Users\user\Desktop\CakeView.exe Section loaded: qt53dcore.dll Jump to behavior
Source: C:\Users\user\Desktop\CakeView.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Users\user\Desktop\CakeView.exe Section loaded: qt5network.dll Jump to behavior
Source: C:\Users\user\Desktop\CakeView.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Users\user\Desktop\CakeView.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\Desktop\CakeView.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\CakeView.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: CakeView.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: CakeView.exe Static file information: File size 2254336 > 1048576
Source: CakeView.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x136c00
Source: CakeView.exe Static PE information: More than 200 imports for Qt5Widgets.dll
Source: CakeView.exe Static PE information: More than 200 imports for Qt5Core.dll
Source: CakeView.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: CakeView.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: CakeView.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: CakeView.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: CakeView.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: CakeView.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: CakeView.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: CakeView.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: CakeView.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: CakeView.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: CakeView.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: CakeView.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: CakeView.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D00E8A3 push rbp; iretd 0_2_00007FF73D00E8B0
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D00E516 push rbp; iretd 0_2_00007FF73D00E523
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D02C384 push rdi; ret 0_2_00007FF73D02C385
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0BEB6C FindClose,terminate,FindFirstFileExW,GetLastError, 0_2_00007FF73D0BEB6C
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0BEBE0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,CloseHandle,CloseHandle,terminate, 0_2_00007FF73D0BEBE0
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0BFEB0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF73D0BFEB0
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\CakeView.exe Code function: GetLocaleInfoEx,FormatMessageA, 0_2_00007FF73D0BE740
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D0C0290 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_00007FF73D0C0290
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\CakeView.exe Code function: 0_2_00007FF73D09D650 ??0QLocalSocket@@QEAA@PEAVQObject@@@Z,?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z,?connectToServer@QLocalSocket@@QEAAXAEBVQString@@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z,??1QString@@QEAA@XZ,?waitForConnected@QLocalSocket@@QEAA_NH@Z,??0QByteArray@@QEAA@XZ,??0QDataStream@@QEAA@PEAVQByteArray@@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z,?size@QListData@@QEBAHXZ,??6QDataStream@@QEAAAEAV0@H@Z,?begin@QListData@@QEBAPEAPEAXXZ,?end@QListData@@QEBAPEAPEAXXZ,??6@YAAEAVQDataStream@@AEAV0@AEBVQString@@@Z,?write@QIODevice@@QEAA_JAEBVQByteArray@@@Z,?waitForBytesWritten@QLocalSocket@@UEAA_NH@Z,?disconnectFromServer@QLocalSocket@@QEAAXXZ,??1QDataStream@@QEAA@XZ,??1QByteArray@@QEAA@XZ,??0QLocalServer@@QEAA@PEAVQObject@@@Z,?newConnection@QLocalServer@@QEAAXXZ,?staticMetaObject@QLocalServer@@2UQMetaObject@@B,?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z,??1Connection@QMetaObject@@QEAA@XZ,?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z,?listen@QLocalServer@@QEAA_NAEBVQString@@@Z,??1QString@@QEAA@XZ,??1QLocalSocket@@UEAA@XZ, 0_2_00007FF73D09D650
windows-stand
Behavior
Click here to start
Slideshow Behavior Animation
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1657847 Sample: CakeView.exe Startdate: 06/04/2025 Architecture: WINDOWS Score: 3 4 CakeView.exe 2->4         started       
No contacted IP infos