Click to jump to signature section
Source: download.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED |
Source: download.exe | Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_0040AEF4 FindFirstFileW,FindClose, |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
Source: C:\Users\user\Desktop\download.exe | Code function: 1_2_0040AEF4 FindFirstFileW,FindClose, |
Source: C:\Users\user\Desktop\download.exe | Code function: 1_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
Source: C:\Users\user\Desktop\download.exe | Code function: 2_2_0040AEF4 FindFirstFileW,FindClose, |
Source: C:\Users\user\Desktop\download.exe | Code function: 2_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
Source: download.exe | String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdline |
Source: download.exe | String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU |
Source: download.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI, RELOCS_STRIPPED |
Source: download.exe, 00000000.00000003.251830348.0000000002258000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamekernel32j% vs download.exe |
Source: download.exe, 00000000.00000000.220189376.00000000004C6000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFileName vs download.exe |
Source: download.exe, 00000001.00000000.225614313.00000000004C6000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFileName vs download.exe |
Source: download.exe, 00000001.00000003.246708963.0000000002248000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamekernel32j% vs download.exe |
Source: download.exe, 00000002.00000002.243058852.00000000004C6000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFileName vs download.exe |
Source: download.exe, 00000002.00000003.242637775.0000000002228000.00000004.00001000.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamekernel32j% vs download.exe |
Source: download.exe | Binary or memory string: OriginalFileName vs download.exe |
Source: download.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: download.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\Desktop\download.exe | Code function: 1_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\Desktop\download.exe | Code function: 2_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004323DC |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004255DC |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_0040E9C4 |
Source: C:\Users\user\Desktop\download.exe | Code function: 1_2_004323DC |
Source: C:\Users\user\Desktop\download.exe | Code function: 1_2_004255DC |
Source: C:\Users\user\Desktop\download.exe | Code function: 1_2_0040E9C4 |
Source: C:\Users\user\Desktop\download.exe | Code function: 2_2_004323DC |
Source: C:\Users\user\Desktop\download.exe | Code function: 2_2_004255DC |
Source: C:\Users\user\Desktop\download.exe | Code function: 2_2_0040E9C4 |
Source: C:\Users\user\Desktop\download.exe | Code function: String function: 00427848 appears 63 times |
Source: C:\Users\user\Desktop\download.exe | Code function: String function: 0040CC60 appears 51 times |
Source: C:\Users\user\Desktop\download.exe | Code function: String function: 0040873C appears 54 times |
Source: C:\Users\user\Desktop\download.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: C:\Users\user\Desktop\download.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Source: C:\Users\user\Desktop\download.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Source: C:\Users\user\Desktop\download.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Source: C:\Users\user\Desktop\download.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Source: C:\Users\user\Desktop\download.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Source: C:\Users\user\Desktop\download.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Source: unknown | Process created: C:\Users\user\Desktop\download.exe "C:\Users\user\Desktop\download.exe" -install |
Source: unknown | Process created: C:\Users\user\Desktop\download.exe "C:\Users\user\Desktop\download.exe" /install |
Source: unknown | Process created: C:\Users\user\Desktop\download.exe "C:\Users\user\Desktop\download.exe" /load |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\Desktop\download.exe | Code function: 1_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\Desktop\download.exe | Code function: 2_2_004AF110 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004AF9F0 FindResourceW,SizeofResource,LoadResource,LockResource, |
Source: download.exe | String found in binary or memory: Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file af |
Source: download.exe | String found in binary or memory: Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file af |
Source: download.exe | String found in binary or memory: Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file af |
Source: download.exe | String found in binary or memory: /LOADINF="filename" |
Source: classification engine | Classification label: clean5.winEXE@3/0@0/0 |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_0041A4DC GetDiskFreeSpaceW, |
Source: C:\Users\user\Desktop\download.exe | Automated click: OK |
Source: C:\Users\user\Desktop\download.exe | Automated click: OK |
Source: C:\Users\user\Desktop\download.exe | Automated click: OK |
Source: download.exe | Static file information: File size 1735928 > 1048576 |
Source: download.exe | Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004B5000 push 004B50DEh; ret |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004B5980 push 004B5A48h; ret |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_00458000 push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_0049B03C push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004A00F8 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_00458084 push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004B1084 push 004B10ECh; ret |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004A1094 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_0041A0B4 push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004270BC push 00427104h; ret |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_00458108 push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004321C8 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004A21D8 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_0049E1B8 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_0049A260 push 0049A378h; ret |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_00455268 push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004252D4 push ecx; mov dword ptr [esp], eax |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004592FC push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_0045B284 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_00430358 push ecx; mov dword ptr [esp], eax |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_00430370 push ecx; mov dword ptr [esp], eax |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_00459394 push ecx; mov dword ptr [esp], ecx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004A1428 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_0049B424 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004A24D8 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004224F0 push 004225F4h; ret |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004304F0 push ecx; mov dword ptr [esp], eax |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_00499490 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_00458564 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_00458574 push ecx; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_00457574 push ecx; mov dword ptr [esp], ecx |
Source: download.exe | Static PE information: section name: .didata |
Source: C:\Users\user\Desktop\download.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\download.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\download.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004AF91C GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery, |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_0040AEF4 FindFirstFileW,FindClose, |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
Source: C:\Users\user\Desktop\download.exe | Code function: 1_2_0040AEF4 FindFirstFileW,FindClose, |
Source: C:\Users\user\Desktop\download.exe | Code function: 1_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
Source: C:\Users\user\Desktop\download.exe | Code function: 2_2_0040AEF4 FindFirstFileW,FindClose, |
Source: C:\Users\user\Desktop\download.exe | Code function: 2_2_0040A928 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\download.exe | Code function: GetUserDefaultUILanguage,GetLocaleInfoW, |
Source: C:\Users\user\Desktop\download.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\download.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\download.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\download.exe | Code function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Users\user\Desktop\download.exe | Code function: GetUserDefaultUILanguage,GetLocaleInfoW, |
Source: C:\Users\user\Desktop\download.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\download.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\download.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\download.exe | Code function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Users\user\Desktop\download.exe | Code function: GetUserDefaultUILanguage,GetLocaleInfoW, |
Source: C:\Users\user\Desktop\download.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\download.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\download.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\download.exe | Code function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_00405AE0 cpuid |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_004B5114 GetModuleHandleW,GetVersion,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetProcessDEPPolicy, |
Source: C:\Users\user\Desktop\download.exe | Code function: 0_2_0041C3D8 GetLocalTime, |