Windows Analysis Report software_reporter_tool.exe
Overview
General Information
Detection
Score: | 36 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Compliance
Score: | 62 |
Range: | 0 - 100 |
Signatures
Classification
Analysis Advice |
---|
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
- • Compliance
- • Spreading
- • Networking
- • Key, Mouse, Clipboard, Microphone and Screen Capturing
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
Compliance: |
---|
PE / OLE file has a valid certificate |
Source: | Static PE information: | ||
Source: | Static PE information: |
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Source: | Static PE information: |
Binary contains paths to debug symbols |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
Source: | Process Stats: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
May modify the system service descriptor table (often done to hook functions) |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FF611E1AD74 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Command and Scripting Interpreter12 | Scheduled Task/Job1 | Process Injection12 | Masquerading1 | Credential API Hooking1 | System Time Discovery1 | Remote Services | Credential API Hooking1 | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job1 | DLL Side-Loading1 | Scheduled Task/Job1 | Process Injection12 | Input Capture11 | Security Software Discovery11 | Remote Desktop Protocol | Input Capture11 | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | DLL Side-Loading1 | DLL Side-Loading1 | Security Account Manager | Process Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Information Discovery12 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
3% | Metadefender | Browse | ||
4% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
No Antivirus matches |
---|
No Antivirus matches |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
No contacted domains info |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high |
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 439325 |
Start date: | 24.06.2021 |
Start time: | 00:27:06 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | software_reporter_tool.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | SUS |
Classification: | sus36.evad.winEXE@7/15@0/0 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
No simulations |
---|
No context |
---|
No context |
---|
No context |
---|
No context |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\Desktop\em000_64.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
C:\Users\user\Desktop\em001_64.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse |
Process: | C:\Users\user\Desktop\software_reporter_tool.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40 |
Entropy (8bit): | 3.3041625260016576 |
Encrypted: | false |
SSDEEP: | 3:FkXyOn:+h |
MD5: | A7635A5D096DF31ED9A8D6E032E988E2 |
SHA1: | DF0423DE7AB6264DA07598A15AABC0F2A418246A |
SHA-256: | 87A0F1687EE9216C1E30FF85AD6524127694E8F8542C08227866288FDD024F61 |
SHA-512: | C009B0B71AF0B56C255157BDD2A62A22808C83084735F8D9382A88DB382790E3A46DD0A57775DD6C4281C10759A8399D9AFBD938B46530ABD6DDABD1EC111C01 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\software_reporter_tool.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 83 |
Entropy (8bit): | 5.042780065260603 |
Encrypted: | false |
SSDEEP: | 3:qTEVRSTn5vB+CyaSW5xq2FJKuVMXmqr:qwHa5Z9nSWXqxuVM28 |
MD5: | 0720EE907F69B6F6258E44B1C5D9A56C |
SHA1: | 0EA5035BC36D67D332FA788FFC36DB6E5A9EE670 |
SHA-256: | D81982A94ED12C9973BC6975D6BAC18BA14CB43BBB22257FBB26564E42FBF57C |
SHA-512: | 8F892991A7A2EF270A33AA97D2893E5FDF96A590ED8ABC6A7547C712F61CEAB0C6B4B54267947C8BF5D3535FA6BEEB97A53EE5F2E2785F49E5E204192761C53F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\software_reporter_tool.exe |
File Type: | |
Category: | modified |
Size (bytes): | 3542 |
Entropy (8bit): | 5.251452357489359 |
Encrypted: | false |
SSDEEP: | 48:1o25mVhOGqNJ8oyXSQSQSQSQSQSQSQSQSQSQSQYWYWYWYWYWY6:D5SAqom |
MD5: | FA60151E6393C644DD5C7AF6782E1095 |
SHA1: | AF26B2A6F6513CB0447D5817A139FA70990486AE |
SHA-256: | 6B63227623F10B1303EE76E721738A86B7EC5AE89DE610823F8A682800D77E67 |
SHA-512: | 367936CFF2F60916C5D55DDD3941CA539C27CF7FE3247E7C7BEB85D160855BC3BEEE77E113F4DAB37D551CC5FD3D03D6EAD63BA344109BCD4E412D1D31BD071A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\software_reporter_tool.exe |
File Type: | |
Category: | modified |
Size (bytes): | 2640 |
Entropy (8bit): | 5.355622870700031 |
Encrypted: | false |
SSDEEP: | 48:Jo24tVlNJDJPeFGSoWnFG9xsO0EGREpw0EbRExD0ExDRE30E3RE30E3REn:v4DJJmY4Y3sO9Gmpw9bmxD9xDm393m3G |
MD5: | 6A71FF5AED2A49ED7AF79F1E773A73D6 |
SHA1: | 9963F3EEA973327BBF131DCC39171FCBCEC16673 |
SHA-256: | C1B4D7298A280E994BFF75C49C32BFFE3C0D38AECDEFC5B6CB0A85A2D15705BD |
SHA-512: | 70928AAAC9DD6E1E08E40338BC62ACC779837CC93892106132214A7B04BA5A95E18EC4CCF574A12ABE1D41D0D6167DFD615B57FCE6D780F51261B7A322DB3A7D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\software_reporter_tool.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 457288 |
Entropy (8bit): | 6.4379083116622144 |
Encrypted: | false |
SSDEEP: | 6144:nFpu4NA0BM2CnPaFaz0IcmSOww/rg/5J9h6Y7Oh46oh/KR/dR6b3Yy:PdAClVFaz0Ickrg/jPm46oFa6bn |
MD5: | E9A7C44D7BDA10B5B7A132D46FCDAF35 |
SHA1: | 5217179F094C45BA660777CFA25C7EB00B5C8202 |
SHA-256: | 35351366369A7774F9F30F38DC8AA3CD5E087ACD8EAE79E80C24526CD40E95A1 |
SHA-512: | E76308EEE65BF0BF31E58D754E07B63092A4109EF3D44DF7B746DA99D44BE6112BC5F970123C4E82523B6D301392E09C2CFC490E304550B42D152CDB0757E774 |
Malicious: | false |
Antivirus: | |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\software_reporter_tool.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 37208 |
Entropy (8bit): | 6.3378291331001035 |
Encrypted: | false |
SSDEEP: | 768:Dkmhgw/0grmFbaNRreonvVp62LJpTp3he6v:DkYgw/qm6KJpd3he6v |
MD5: | D0CF72186DBAEA05C5A5BF6594225FC3 |
SHA1: | 0E69EFD78DC1124122DD8B752BE92CB1CBC067A1 |
SHA-256: | 225D4F7E3AB4687F05F817435B883F6C3271B6C4D4018D94FE4398A350D74907 |
SHA-512: | 8122A9A9205CFA67FF87CB4755089E5ED1ACF8F807467216C98F09F94704F98497F7AA57AD29E255EFA4D7206C577C4CF7FED140AFB046499FC2E57E03F55285 |
Malicious: | false |
Antivirus: | |
Joe Sandbox View: | |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\software_reporter_tool.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 368968 |
Entropy (8bit): | 6.409781011228818 |
Encrypted: | false |
SSDEEP: | 6144:JEUoYzK6HCWzplgd4xmXsAGNXbQWHupObpEkfAU5kSsfeMBX:JnoYzK6HCW8d4YXWZjOpOFEkfAukZfe6 |
MD5: | D6385DECF21BCFEC1AB918DC2A4BCFD9 |
SHA1: | AA0A7CC7A68F2653253B0ACE7B416B33A289B22E |
SHA-256: | C26081F692C7446A8EF7C9DEC932274343FAAB70427C1861AFEF260413D79535 |
SHA-512: | BBB82176E0D7F8F151E7C7B0812C6897BFACF43F93FD04599380D4F30E2E18E7812628019D7DBA5C4B26CBE5A28DC0798C339273E59EEE9EE814A66E55D08246 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: | |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\software_reporter_tool.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2150488 |
Entropy (8bit): | 6.561798711922303 |
Encrypted: | false |
SSDEEP: | 24576:wSCiCOxp5Z3ocReG6suIW6EVVf7ZLkSMLl4RSrheKkQqhx/1hnlu:wSCZMp5ZEFd5UBjdaRhX+ |
MD5: | F6F738D7C6F7B44240DB780EF805A4A0 |
SHA1: | E828C77185CE9ECA63F7576D588F9860712CF31B |
SHA-256: | D1F3B32C8EE347CA4094CFC6E119269C6B374D0CFBC07EFB94AAA6206431AE9E |
SHA-512: | 66B6F8E7394EA9618B2B71F0429495B50F79E7155CB1E24E7A66DE5438DBA6D52FA0B250DAB5C4F96BF03E138D7FFB381ED8BE8673808E367E778A9123E96696 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\software_reporter_tool.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1406536 |
Entropy (8bit): | 6.26286745901486 |
Encrypted: | false |
SSDEEP: | 24576:3ObdgNmw92ogGES/vheTYapaPMbR5JHJY9jaY52mcXjtTLMXwuB8Ej:+bdgNm5VSXkaavJHJY1yJTLhNEj |
MD5: | 96354437590BA847EB1514373A4E6557 |
SHA1: | 18A94C1813A858A705B0F529000820EE85C3D7DF |
SHA-256: | AFFFE82DE0158D41073AD56532DE94918079A698CFCADB847F69F32C48E116DE |
SHA-512: | 6E62CFBCCE4D613B784B5F91AA2584F44BD617F301D67595E970DBB9E4DA51AB2F14C8D5B627ED94DFBFAEEA02F9B5297E18CA7791D6825889701F855E2C0EAC |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\software_reporter_tool.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6212416 |
Entropy (8bit): | 6.646624615276952 |
Encrypted: | false |
SSDEEP: | 49152:qn5jDppZ+Ys3P1Eq2cQSvLeIHJCOh+zAcz9QECUc6GERIh21PVVw/8fNBSL6:ajjWvje0JczAcxctEGh219Vt |
MD5: | 77C6725B231BDEF2D79ADF0BD18DA3A2 |
SHA1: | AC0B36D30683EA3CD8E70DA70BBB41BF7AD77C44 |
SHA-256: | FCD68FA3DD59F1DA65DFAEA295E6DE968209BCD789AD85F9C15D6C00ACE04A2F |
SHA-512: | A8DF5BC0B3CC9D5A8047CD3EECBAB3FB2455C1B6DD550EFBB5458B7F737BBB543079AB078D4F41C22AE749A267A2C3CDF14E669345F5807CF2AFA5DB9DC54622 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\software_reporter_tool.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 590408 |
Entropy (8bit): | 6.131790619815019 |
Encrypted: | false |
SSDEEP: | 6144:uNco9k7OQQo6vefi0Q2MqwdWny21dT824+3qbzLtGY+XCVXw4k3gRh/fMSvs:pou738veK0zMBd8yqdTs/LtdAEW5 |
MD5: | 169A2EF320119891CF3189AA3FD23B0E |
SHA1: | DE51C936101EF79BBC0F1D3C800CF832D221EEF8 |
SHA-256: | 1072D49DA0A70640FB9716CB894F4834FF621CA96D4AEA1F478754EDF4D0F780 |
SHA-512: | 7FE27D360BBF6D410EA9D33D6003AB455CD8B9E5521C00DB9BB6C44A7472CCF2083D51034BAB5FFC5AEF85DB36FC758C76B02FA31F0D0024C9D532548A2BF9CA |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.630515643559699 |
TrID: |
|
File name: | software_reporter_tool.exe |
File size: | 14120552 |
MD5: | 670e3a26ef44855f6fa0ec20ba262a62 |
SHA1: | def4952964d0aea5e6558b1a554178eacffac265 |
SHA256: | 5fe1e44938260208fad3439c8c2ff3c82a79b07e70e2c80288b085eb3256bbc5 |
SHA512: | 3250bfb5f0ef83d606080a2f6aa13ec181d36486b7d96234bf05554797e461d4f0b3ea078eaa6e27287a39ed959fa354e60ed45931ed17575947777c0ad6a71a |
SSDEEP: | 98304:4/do/y4w0kN4+z1u4CGVaqgjiFVSXsesfTLjjWvje0JczAcxctEGh219Vnou9:Wo/G0k++z1NlfFVglsf2iEecGbntou9 |
File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|c`..........".......".........`..........@..........................................`........................................ |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
General | |
---|---|
Entrypoint: | 0x1401fad60 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x140000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA |
Time Stamp: | 0x60637C11 [Tue Mar 30 19:29:21 2021 UTC] |
TLS Callbacks: | 0x401121e0, 0x1, 0x40186ed0, 0x1, 0x401f9230, 0x1, 0x401b6930, 0x1 |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 2 |
File Version Major: | 5 |
File Version Minor: | 2 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 2 |
Import Hash: | 0d1c626a719cd06ba522c3f2cf68a27b |
Signature Valid: | true |
Signature Issuer: | CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 388E38D27B96846D61081CFBF5FF7DC2 |
Thumbprint SHA-1: | CB7E84887F3C6015FE7EDFB4F8F36DF7DC10590E |
Thumbprint SHA-256: | 3CA4FC0489E3E25B1A6A8514A9486B257FD8B80B9F3181AF20A34FA9EF5AB282 |
Serial: | 0C15BE4A15BB0903C901B1D6C265302F |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F54BC5D0F20h |
dec eax |
add esp, 28h |
jmp 00007F54BC5D0D8Fh |
int3 |
int3 |
dec eax |
mov dword ptr [esp+20h], ebx |
push ebp |
dec eax |
mov ebp, esp |
dec eax |
sub esp, 20h |
dec eax |
mov eax, dword ptr [000AAD70h] |
dec eax |
mov ebx, 2DDFA232h |
cdq |
sub eax, dword ptr [eax] |
add byte ptr [eax+3Bh], cl |
ret |
jne 00007F54BC5D0F86h |
dec eax |
and dword ptr [ebp+18h], 00000000h |
dec eax |
lea ecx, dword ptr [ebp+18h] |
call dword ptr [0009A57Ah] |
dec eax |
mov eax, dword ptr [ebp+18h] |
dec eax |
mov dword ptr [ebp+10h], eax |
call dword ptr [0009A42Ch] |
mov eax, eax |
dec eax |
xor dword ptr [ebp+10h], eax |
call dword ptr [0009A408h] |
mov eax, eax |
dec eax |
lea ecx, dword ptr [ebp+20h] |
dec eax |
xor dword ptr [ebp+10h], eax |
call dword ptr [0009A728h] |
mov eax, dword ptr [ebp+20h] |
dec eax |
lea ecx, dword ptr [ebp+10h] |
dec eax |
shl eax, 20h |
dec eax |
xor eax, dword ptr [ebp+20h] |
dec eax |
xor eax, dword ptr [ebp+10h] |
dec eax |
xor eax, ecx |
dec eax |
mov ecx, FFFFFFFFh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x293ef1 | 0x80 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x293f71 | 0x12c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2d0000 | 0xab4e10 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x2b3000 | 0x17a30 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xd75c00 | 0x1a68 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xd85000 | 0x3020 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x29107c | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x290ed8 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x250010 | 0x130 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x294cd8 | 0xc38 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x293de0 | 0x60 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x229728 | 0x229800 | unknown | unknown | unknown | unknown | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x22b000 | 0x77964 | 0x77a00 | False | 0.321390086207 | 5View capture file | 5.91460517573 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2a3000 | 0xfbf0 | 0x3e00 | False | 0.152217741935 | data | 3.29973252713 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.pdata | 0x2b3000 | 0x17a30 | 0x17c00 | False | 0.487417763158 | data | 6.06397876313 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.00cfg | 0x2cb000 | 0x28 | 0x200 | False | 0.05859375 | data | 0.428599758814 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.retplne | 0x2cc000 | 0xc | 0x200 | False | 0.046875 | ASCII text, with no line terminators | 0.22011315744 | |
.tls | 0x2cd000 | 0x131 | 0x200 | False | 0.04296875 | data | 0.136463791656 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
CPADinfo | 0x2ce000 | 0x38 | 0x200 | False | 0.04296875 | data | 0.122275881259 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
_RDATA | 0x2cf000 | 0x94 | 0x200 | False | 0.21484375 | data | 1.44880110252 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x2d0000 | 0xab4e10 | 0xab5000 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xd85000 | 0x3020 | 0x3200 | False | 0.265625 | data | 5.39927070546 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
LIBRARY | 0x2d0d00 | 0x6fa48 | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
LIBRARY | 0x340748 | 0x9158 | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
LIBRARY | 0x3498a0 | 0x5a148 | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
LIBRARY | 0x3a39e8 | 0x20d058 | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
LIBRARY | 0x5b0a40 | 0x157648 | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
LIBRARY | 0x708088 | 0x5ecb40 | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
LIBRARY | 0xcf4bc8 | 0x90248 | PE32+ executable (DLL) (GUI) x86-64, for MS Windows | ||
TEXT | 0x2d0ac0 | 0x23d | data | ||
RT_VERSION | 0x2d06a0 | 0x41c | data | English | United States |
RT_MANIFEST | 0x2d0270 | 0x42c | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | AccessCheck, BuildExplicitAccessWithNameW, BuildSecurityDescriptorW, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertStringSidToSidW, CopySid, CreateProcessAsUserW, CreateRestrictedToken, CreateWellKnownSid, DuplicateToken, DuplicateTokenEx, EqualSid, EventRegister, EventUnregister, EventWrite, FreeSid, GetAce, GetKernelObjectSecurity, GetLengthSid, GetNamedSecurityInfoW, GetSecurityDescriptorSacl, GetSecurityInfo, GetSidSubAuthority, GetTokenInformation, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, ImpersonateLoggedOnUser, ImpersonateNamedPipeClient, InitializeAcl, InitializeSecurityDescriptor, InitializeSid, IsValidSid, LookupAccountSidW, LookupPrivilegeValueW, MapGenericMask, OpenProcessToken, RegCloseKey, RegCreateKeyExW, RegDeleteKeyExW, RegDeleteValueW, RegDisablePredefinedCache, RegEnumKeyExW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegisterTraceGuidsW, RevertToSelf, SetEntriesInAclW, SetKernelObjectSecurity, SetNamedSecurityInfoW, SetSecurityDescriptorDacl, SetSecurityInfo, SetThreadToken, SetTokenInformation, SystemFunction036, TraceEvent, UnregisterTraceGuids |
OLEAUT32.dll | SysAllocString, SysAllocStringByteLen, SysAllocStringLen, SysFreeString, VariantClear |
SHELL32.dll | CommandLineToArgvW, SHGetFolderPathW, SHGetKnownFolderPath |
USER32.dll | CloseDesktop, CloseWindowStation, CreateDesktopW, CreateWindowExW, CreateWindowStationW, DefWindowProcW, DestroyWindow, DispatchMessageW, GetMessageW, GetProcessWindowStation, GetQueueStatus, GetThreadDesktop, GetUserObjectInformationW, GetWindowLongPtrW, KillTimer, MsgWaitForMultipleObjectsEx, PeekMessageW, PostMessageW, PostQuitMessage, RegisterClassExW, RegisterClassW, SetProcessWindowStation, SetTimer, SetWindowLongPtrW, TranslateMessage, UnregisterClassW |
WININET.dll | InternetCheckConnectionW |
KERNEL32.dll | AcquireSRWLockExclusive, AssignProcessToJobObject, CallbackMayRunLong, CancelIo, CloseHandle, CloseThreadpool, CloseThreadpoolWork, CompareStringW, ConnectNamedPipe, CreateDirectoryW, CreateEventW, CreateFileA, CreateFileMappingW, CreateFileW, CreateIoCompletionPort, CreateJobObjectW, CreateMutexW, CreateNamedPipeW, CreateProcessW, CreateRemoteThread, CreateSemaphoreW, CreateThread, CreateThreadpool, CreateThreadpoolWork, DebugBreak, DeleteCriticalSection, DeleteFileW, DeleteProcThreadAttributeList, DisconnectNamedPipe, DuplicateHandle, EncodePointer, EnterCriticalSection, EnumSystemLocalesEx, EnumSystemLocalesW, ExitProcess, ExitThread, ExpandEnvironmentStringsW, FileTimeToSystemTime, FindClose, FindFirstFileExW, FindFirstFileW, FindNextFileW, FindResourceW, FlsAlloc, FlsSetValue, FlushFileBuffers, FlushViewOfFile, FormatMessageA, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentProcessorNumber, GetCurrentThread, GetCurrentThreadId, GetDateFormatW, GetDiskFreeSpaceExW, GetDriveTypeW, GetEnvironmentStringsW, GetExitCodeProcess, GetFileAttributesExW, GetFileAttributesW, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFileSizeEx, GetFileTime, GetFileType, GetFullPathNameW, GetLastError, GetLocalTime, GetLocaleInfoW, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNativeSystemInfo, GetOEMCP, GetProcAddress, GetProcessHandleCount, GetProcessHeap, GetProcessHeaps, GetProcessId, GetProcessIoCounters, GetProcessTimes, GetProcessWorkingSetSizeEx, GetProductInfo, GetQueuedCompletionStatus, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDefaultLCID, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempPathW, GetThreadContext, GetThreadId, GetThreadLocale, GetThreadPriority, GetTickCount, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserDefaultLangID, GetUserDefaultLocaleName, GetUserPreferredUILanguages, GetVersion, GetVersionExW, GetVolumeInformationW, GetVolumePathNameW, GetWindowsDirectoryW, GlobalFree, HeapDestroy, HeapSetInformation, InitOnceExecuteOnce, InitializeConditionVariable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeProcThreadAttributeList, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, K32EnumProcessModulesEx, K32EnumProcesses, K32GetModuleFileNameExW, K32GetProcessMemoryInfo, K32QueryWorkingSetEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadResource, LocalFree, LockFileEx, LockResource, MapViewOfFile, MoveFileW, MultiByteToWideChar, OpenProcess, OutputDebugStringA, OutputDebugStringW, PeekNamedPipe, PostQueuedCompletionStatus, ProcessIdToSessionId, QueryDosDeviceW, QueryFullProcessImageNameW, QueryInformationJobObject, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, RaiseException, ReadConsoleW, ReadFile, ReadProcessMemory, RegisterWaitForSingleObject, ReleaseSRWLockExclusive, ReleaseSemaphore, RemoveDirectoryW, ReplaceFileW, ResetEvent, ResumeThread, SearchPathW, SetConsoleCtrlHandler, SetCurrentDirectoryW, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFilePointerEx, SetHandleInformation, SetInformationJobObject, SetLastError, SetNamedPipeHandleState, SetPriorityClass, SetProcessShutdownParameters, SetProcessWorkingSetSizeEx, SetStdHandle, SetThreadAffinityMask, SetThreadPriority, SetThreadpoolThreadMaximum, SetThreadpoolThreadMinimum, SetUnhandledExceptionFilter, SignalObjectAndWait, SizeofResource, Sleep, SleepConditionVariableSRW, SleepEx, SubmitThreadpoolWork, SuspendThread, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateJobObject, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TransactNamedPipe, TryAcquireSRWLockExclusive, TzSpecificLocalTimeToSystemTime, UnhandledExceptionFilter, UnlockFileEx, UnmapViewOfFile, UnregisterWait, UnregisterWaitEx, UpdateProcThreadAttribute, VerifyVersionInfoW, VirtualAlloc, VirtualAllocEx, VirtualFree, VirtualFreeEx, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualQueryEx, WaitForMultipleObjects, WaitForSingleObject, WaitForSingleObjectEx, WaitForThreadpoolWorkCallbacks, WaitNamedPipeW, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, Wow64GetThreadContext, WriteConsoleW, WriteFile, WriteProcessMemory, lstrlenW |
ole32.dll | CoCreateInstance, CoInitializeEx, CoRegisterInitializeSpy, CoRevokeInitializeSpy, CoTaskMemFree, CoUninitialize |
Secur32.dll | GetUserNameExW |
WINHTTP.dll | WinHttpAddRequestHeaders, WinHttpCloseHandle, WinHttpConnect, WinHttpCrackUrl, WinHttpGetIEProxyConfigForCurrentUser, WinHttpGetProxyForUrl, WinHttpOpen, WinHttpOpenRequest, WinHttpQueryDataAvailable, WinHttpQueryHeaders, WinHttpReadData, WinHttpReceiveResponse, WinHttpSendRequest, WinHttpSetOption, WinHttpSetStatusCallback, WinHttpSetTimeouts, WinHttpWriteData |
IPHLPAPI.DLL | CancelIPChangeNotify, NotifyAddrChange |
VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
ntdll.dll | RtlCaptureContext, RtlCaptureStackBackTrace, RtlLookupFunctionEntry, RtlPcToFileHeader, RtlUnwind, RtlUnwindEx, RtlVirtualUnwind, VerSetConditionMask |
SHLWAPI.dll | PathMatchSpecW |
WINMM.dll | timeBeginPeriod, timeEndPeriod, timeGetTime |
Name | Ordinal | Address |
---|---|---|
GetHandleVerifier | 1 | 0x140116b00 |
IsSandboxedProcess | 2 | 0x1400cc8d0 |
Description | Data |
---|---|
LegalCopyright | Copyright 2015 Google Inc. All Rights Reserved. |
InternalName | software_reporter_tool_exe |
CompanyShortName | |
FileVersion | 89.259.200 |
CompanyName | |
ProductShortName | Software Reporter Tool |
ProductName | Software Reporter Tool |
ProductVersion | 89.259.200 |
FileDescription | Software Reporter Tool |
OriginalFilename | software_reporter_tool.exe |
Official Build | 1 |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
Start time: | 00:27:52 |
Start date: | 24/06/2021 |
Path: | C:\Users\user\Desktop\software_reporter_tool.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff611c20000 |
File size: | 14120552 bytes |
MD5 hash: | 670E3A26EF44855F6FA0EC20BA262A62 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
File Activities
Section Activities
Registry Activities
Mutex Activities
Process Activities
Thread Activities
Memory Activities
System Activities
Windows UI Activities
Process Token Activities
Object Security Activities
LPC Port Activities
Start time: | 00:27:56 |
Start date: | 24/06/2021 |
Path: | C:\Users\user\Desktop\software_reporter_tool.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff611c20000 |
File size: | 14120552 bytes |
MD5 hash: | 670E3A26EF44855F6FA0EC20BA262A62 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
File Activities
Section Activities
Registry Activities
Mutex Activities
Process Activities
Thread Activities
Memory Activities
System Activities
Windows UI Activities
Process Token Activities
LPC Port Activities
Start time: | 00:28:01 |
Start date: | 24/06/2021 |
Path: | C:\Users\user\Desktop\software_reporter_tool.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff611c20000 |
File size: | 14120552 bytes |
MD5 hash: | 670E3A26EF44855F6FA0EC20BA262A62 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
File Activities
Section Activities
Registry Activities
Mutex Activities
Process Activities
Thread Activities
Memory Activities
System Activities
Process Token Activities
LPC Port Activities
Start time: | 00:28:11 |
Start date: | 24/06/2021 |
Path: | C:\Users\user\Desktop\software_reporter_tool.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff611c20000 |
File size: | 14120552 bytes |
MD5 hash: | 670E3A26EF44855F6FA0EC20BA262A62 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
File Activities
Section Activities
Registry Activities
Mutex Activities
Process Activities
Thread Activities
Memory Activities
System Activities
Process Token Activities
LPC Port Activities
Disassembly |
---|
Code Analysis |
---|