Edit tour

Windows Analysis Report
lst_setup_v4_0_5 (1).exe

Overview

General Information

Sample Name:	lst_setup_v4_0_5 (1).exe
Analysis ID:	705365
MD5:	f25d8c4f2d37c4000acc420f6384c791
SHA1:	570a248e3b64f4dd156df4dee56e24ab136887ba
SHA256:	43ef2155c942998e3f0d83ec242d48f273fd01f3c0fd6d7ec3decabc9eeaee5a
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Uses 32bit PE files

Drops files with a non-matching file extension (content does not match file extension)

PE file contains strange resources

Drops PE files

PE file contains sections with non-standard names

Queries keyboard layouts

PE file contains more sections than normal

Found dropped PE file which has not been started or loaded

Classification

Process Tree

System is w10x64_ra

lst_setup_v4_0_5 (1).exe (PID: 7060 cmdline: "C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe" MD5: F25D8C4F2D37C4000ACC420F6384C791)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
lst_setup_v4_0_5 (1).exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.1544765192.0000000000401000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\eyup\AppData\Local\Temp\AITMP227\Uninstall.exe	Virustotal: Detection: 14%			Perma Link
Source: C:\Users\eyup\AppData\Local\Temp\AITMP227\Uninstall.exe	Metadefender: Detection: 20%			Perma Link

Source: lst_setup_v4_0_5 (1).exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: lst_setup_v4_0_5 (1).exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: lst_setup_v4_0_5 (1).exe	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: lst_setup_v4_0_5 (1).exe	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: lst_setup_v4_0_5 (1).exe	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: lst_setup_v4_0_5 (1).exe	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: lst_setup_v4_0_5 (1).exe	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: lst_setup_v4_0_5 (1).exe	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: lst_setup_v4_0_5 (1).exe	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: lst_setup_v4_0_5 (1).exe	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: lst_setup_v4_0_5 (1).exe	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: lst_setup_v4_0_5 (1).exe	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: lst_setup_v4_0_5 (1).exe	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: lst_setup_v4_0_5 (1).exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: lst_setup_v4_0_5 (1).exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: lst_setup_v4_0_5 (1).exe

Static PE information: Number of sections : 11 > 10

Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe

File read: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe

Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe

File created: C:\Program Files (x86)\INNOTAS

Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe

File created: C:\Users\eyup\AppData\Local\Temp\AITMP227

Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe

File written: C:\Users\eyup\AppData\Local\Temp\AITMP227\aisetup.ini

Source: classification engine

Classification label: mal48.winEXE@1/17@0/0

Source: Yara match	File source: lst_setup_v4_0_5 (1).exe, type: SAMPLE
Source: Yara match	File source: 00000000.00000000.1544765192.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY

Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe

File read: C:\Users\eyup\AppData\Local\Temp\AITMP227\aisetup.ini

Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe

Window found: window name: TButton

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: lst_setup_v4_0_5 (1).exe

Static file information: File size 27480795 > 1048576

Source: lst_setup_v4_0_5 (1).exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: lst_setup_v4_0_5 (1).exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x278200

Source: lst_setup_v4_0_5 (1).exe

Static PE information: section name: .didata

Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\acntCX10Sydney_r.bpl	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bcbsmp270.bpl	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bcbsmpc270.bpl	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bindengine270.bpl	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\LST.ENG	Jump to dropped file

Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\borlndmm.dll	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bcbsmpc270.bpl	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Users\eyup\AppData\Local\Temp\AITMP227\Uninstall.exe	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\Uninstall.exe (copy)	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bindengine270.bpl	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\acntCX10Sydney_r.bpl	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\cc32270mt.dll	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\cc32c270mt.dll	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\LST.ENG	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bcbsmp270.bpl	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	File created: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\LST.exe	Jump to dropped file

Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe

Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX

Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe

Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04090409

Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	Dropped PE file which has not been started: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\borlndmm.dll	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	Dropped PE file which has not been started: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bcbsmpc270.bpl	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	Dropped PE file which has not been started: C:\Users\eyup\AppData\Local\Temp\AITMP227\Uninstall.exe	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	Dropped PE file which has not been started: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\Uninstall.exe (copy)	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	Dropped PE file which has not been started: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bindengine270.bpl	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	Dropped PE file which has not been started: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\cc32270mt.dll	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	Dropped PE file which has not been started: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\acntCX10Sydney_r.bpl	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	Dropped PE file which has not been started: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\cc32c270mt.dll	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	Dropped PE file which has not been started: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\LST.ENG	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	Dropped PE file which has not been started: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bcbsmp270.bpl	Jump to dropped file
Source: C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe	Dropped PE file which has not been started: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\LST.exe	Jump to dropped file

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	11 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	2 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	11 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
lst_setup_v4_0_5 (1).exe	6%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	705365
Start date and time:	2022-09-19 10:52:57 +02:00
Joe Sandbox Product:	CloudBasic
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	lst_setup_v4_0_5 (1).exe
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.winEXE@1/17@0/0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): backgroundTaskHost.exe
Excluded IPs from analysis (whitelisted): 20.190.159.73, 40.126.31.71, 40.126.31.73, 40.126.31.69, 20.190.159.4, 20.190.159.71, 20.190.159.64, 20.190.159.23
Excluded domains from analysis (whitelisted): prda.aadg.msidentity.com, login.live.com, arc.msn.com, login.msa.msidentity.com, www.tm.a.prd.aadg.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
VT rate limit hit for: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bcbsmpc270.bpl
VT rate limit hit for: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bindengine270.bpl
VT rate limit hit for: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\borlndmm.dll
VT rate limit hit for: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\cc32270mt.dll
VT rate limit hit for: C:\Program Files (x86)\INNOTAS\LoRaSetupTool\cc32c270mt.dll

Created / dropped Files

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\LST.ENG

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	28198400
Entropy (8bit):	5.383096450683326
Encrypted:	false
SSDEEP:
MD5:	808E3682A7FEFD719CBB6E501EB203D0
SHA1:	E478AEC7B6CC5EAE0AAD8D1529AC2910D2C9359A
SHA-256:	4DB95288650C8D1A7AE727D750B7283F6840E5610421AB22D6B543852ABC509D
SHA-512:	B6471B0CFA667146246F2899CD979DE96E74F6E7D7F6E07696B24F7B2B0D6582F2B8587DB9696EA06906EB21E130C64D2A940D2540EB6A65AC3246F2A8C364BE
Malicious:	false
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Gzfb.........................................@................................................................. ..l............P.......................@..................................................................$....................text............................... ..`.itext.............................. ..`.data...<...........................@....bss.....5...............................idata..............................@....didata.$...........................@....edata..l.... ......................@..@.rdata..E....0......................@..@.reloc.......@......................@..B.rsrc........P......................@..@....................F..............@..@........................................................

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\LST.exe

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	28723200
Entropy (8bit):	5.44507410589209
Encrypted:	false
SSDEEP:
MD5:	046C4E437E41E52F1B286F38BE91DD14
SHA1:	177D35EE4A7FE3D26E63FC6AD3ECC96847870492
SHA-256:	E4A503DF1E69C2E64B50AACB77A61DDB5297663ACA5A4F85B18ADA60EF042C0B
SHA-512:	5F344E631A96F3A2980A07F8F860FAE2CAAB065B466F387059AE7DEF8E310FA9BB607AE794B6E3C18639DEE71C86444906FAB5868948889161FDFD408D1FF7D0
Malicious:	false
Reputation:	low
Preview:	MZP.....................@.......jr......................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....Ufb.............................;............@.............................................. ...................`..........{....p......................`...>...........................p.......................................................text............................... ..`.data...............................@....tls.........`.......B..............@....rdata.......p.......D..............@..P.idata...............F..............@..@.edata.......`......................@..@

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\Uninstall.exe (copy)

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Category:	dropped
Size (bytes):	614912
Entropy (8bit):	7.885964608571698
Encrypted:	false
SSDEEP:
MD5:	8AAFA112EF5FDC35F3242986F5DF6FEB
SHA1:	DBD09C2FC0D111CB8623659552D4DDC57CB18E60
SHA-256:	190474CD3AD662AB796EE93ABBBFAE52C2E2E3C7A13C708D76AABF1085D8B676
SHA-512:	607677B36865EA88B6F4D94A8C181AE1436A5B1ED1C7BABBC1CB6E6BC4A7DCCB237812C8DD189E5B077D2E70B63808247AB2D7CD5D3B2675F0273EBA8D564BA4
Malicious:	false
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...9..b.....................P...P.. j$..`...p$...@...........................$..................@.................... ._...d.$.`....p$.dM...................................................k$..............................p .....................UPX0.....P..............................UPX1.........`......................@....rsrc....P...p$..P..................@..............................................................................................................................................................................................................................................................................................................................................................................3.96.UPX!....

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\acntCX10Sydney_r.bpl

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	3065856
Entropy (8bit):	6.74018075033716
Encrypted:	false
SSDEEP:
MD5:	7B50B02B838893C8E351571BA21236AE
SHA1:	216324148D2735E486D39439F0ECDD422A783D9A
SHA-256:	E19B8BE7988895E3BFBB9D510421B3DAAF0AF296A725B9767A90B42B80F55FE5
SHA-512:	B1E4EC1DD54CADAF312A0F9A25CC7DCFDD24C2BB31B6E66BDFC24B5430F228C1F7468D961F91BEDE1E883373BE213C5A6DD6536CEA012104C511BE72E36C7846
Malicious:	false
Reputation:	low
Preview:	MZP.....................@.......jr......................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....6._...........#..............................@.........................../......................................."..A...0 ......)...................... -......................................................................................text............................... ..`.data............x..................@....tls......... ....... .............@....idata.......0 ....... .............@..@.edata...P...."..B....".............@..@.rsrc.........).......(.............@..@

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bcbsmp270.bpl

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	167840
Entropy (8bit):	6.282269955195159
Encrypted:	false
SSDEEP:
MD5:	30A83B9D1F23DEE7AFDE805CF57132E9
SHA1:	D24D8827D517B93171496B187B02B0EDDD797BC5
SHA-256:	2A91DD557B00962AAFDABD11B6A69759A33E8C08EE95600845A6D4E5C36FEAE6
SHA-512:	952FBD34CD52B3CDC3840C350C628745C656CE87944F5621DACFC24004A638F1B454364319931F9C18E20CA49271E59EC7A55AB760BAE4B25D9BFB71D908AD02
Malicious:	false
Reputation:	low
Preview:	MZP.....................@.......jr......................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....V0`...........#..... ...@...............0....@.................................`................................@...2...........................t..........,#..........t".."....................................................................text.... .......................... ..`.data....@...0...4..................@....tls.........p.......N..............@....idata...............P..............@..@.edata...@...@...4..................@..@.rsrc................D..............@..@

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bcbsmpc270.bpl

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	218528
Entropy (8bit):	6.523906081351003
Encrypted:	false
SSDEEP:
MD5:	BC076B46ABA5C4C10A9F382B7278DA89
SHA1:	8B426098525C7104989AEFFF84C5A5F3FF3E8A95
SHA-256:	D5B4FB55E6416294D7C4CC490A34F64B5EC928FB4653009F12A98814A62020D5
SHA-512:	6114FBFE1390849CA3CBD3A6C1F03DBCFCE269382BA99D4782F6E186CAC8A7EE489F9D6196127DBE3E558F06F150A8499297EC9F07D34AEC8D5BE0F6E91D85BD
Malicious:	false
Reputation:	low
Preview:	MZP.....................@.......jr......................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....V0`...........!.........0......@.............@..........................p......-@...................................C... ..H....0...............:.......@..8,.............."....................................................................text............................... ..`.data....0..........................@....idata....... ......................@..@.edata...P.......D..................@..@.rsrc........0......................@..@.reloc...0...@......................@..P

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bindengine270.bpl

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	1705888
Entropy (8bit):	6.513579558350069
Encrypted:	false
SSDEEP:
MD5:	116C75C7952025D51B2AC972EB524F8A
SHA1:	B0084B2E4C74B47B96EBAFBB8BEF584D9E028218
SHA-256:	5FC990528570B40218BAACCDFB797D6183444A9011790890D7B3F67D63C06132
SHA-512:	CC9F29B33E02FA62772EEE0FB2BFDB889B329854C6674DB83DD2847775C991E4EA209E2AE398F938215029831529099A3B619EE8172499D598F2A5823BF4EF45
Malicious:	false
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...vE0`..........................................@..........................`...............................................0...a...0...(......................4u..............)....................................6...............................text............................... ..`.itext.............................. ..`.data...............................@....bss......... ...........................idata...a...0...b..................@....edata...............Z..............@..@.rdata..n............L..............@..@.reloc..4u.......v...N..............@..B.rsrc....(...0...(..................@..@.............`......................@..@................................................................................................

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\borlndmm.dll

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	72608
Entropy (8bit):	6.4629192525922265
Encrypted:	false
SSDEEP:
MD5:	B138C0432AC1A0B741348948A6B306F3
SHA1:	EEF0A57A893DC5E87222DC7F290148AE44D9E053
SHA-256:	B2F48D0A663F5EE5A036EBD7B985F4DD7FD20F12580380A8A444234C8FFBBCD7
SHA-512:	0D47F7CD1A992C6D68F102DB2210296F6848833D36C08E872E7E966B3761F42A657A52971E5616F514AF318A6DC6CEC12166A658B357259094A9BF0A261FD0E5
Malicious:	false
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....V0`.....................>...... ..............P.................................................................p..e....P..F...............................0....................................................P.......`..$....................text...L........................... ..`.itext..H........................... ..`.data...h...........................@....bss.....W...............................idata..F....P......................@....didata.$....`......................@....edata..e....p......................@..@.rdata..E...........................@..@.reloc..0...........................@..B.rsrc...............................@..@....................................@..@........................................................

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\cc32270mt.dll

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	1059744
Entropy (8bit):	6.671726162039532
Encrypted:	false
SSDEEP:
MD5:	2FE9F12C9CAFD8D062F99A4193EFE65C
SHA1:	DCF4AE051E58FF64CFE80A32E658990678244301
SHA-256:	756DCC7940B57FB6BA9EAE0A4D51AA0D71454E997EC800967F218DF4BBB4B3A0
SHA-512:	745695499D867CBE7AFFCB4417ADF663EFA79CF4CCB3B3833158C0332FD4BDDF8634E5CDEE2F740E922C793E4110008E70CEE13D265CB19BF33D5AC83078D6B4
Malicious:	false
Reputation:	low
Preview:	MZP.....................@.......jr......................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L...T."`...........#.....p.........................2.........................0......y...........................................(................................i..........,...9....................................................................text....p.......p.................. ..`.data................v..............@....tls.....0...P...$...b..............@....idata... ..........................@..@.edata..............................@..@.rsrc...............................@..@

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\cc32c270mt.dll

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	1902496
Entropy (8bit):	6.045672354928036
Encrypted:	false
SSDEEP:
MD5:	4E89FDB634F097C2A215BE0EBC1702BB
SHA1:	9AAA4246DDA8FE8DD0FEB122AC3E6C59D454D14B
SHA-256:	055FB74E5B8921D64A565D2080F6A9B01D7A8F9130BD430D4DD9775538726EA8
SHA-512:	D6A7877F39D28525FB87DA05521EA3026DF8B33BAD43411E78F3FF0E509113586F61C2293E8E3F853D7370DBA2B437BCEF475099CC9242A3C03EF10301EB5BCA
Malicious:	false
Reputation:	low
Preview:	MZP.....................@.......jr......................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....."`...........#.....P...P...............`.....2.................................X...................................#...........0.......................@..............P[..9....................................................................text....P.......L.................. ..`.data....P...`...f...R..............@....tls.....0.......&..................@....idata... ..........................@..@.edata...0.......$..................@..@.rsrc........0......................@..@

C:\Users\eyup\AppData\Local\Temp\AITMP227\Englishai.lng

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	8768
Entropy (8bit):	5.020687261832037
Encrypted:	false
SSDEEP:
MD5:	92319FFAC6A7773659EC222752858B3D
SHA1:	A12A299E3F361EF5C30EF62A4B24F4391C27A8B2
SHA-256:	D8382C3546AD899CA9DC3B874DF4E2074A097771BF7082C906DA413ACA2AF45C
SHA-512:	988A56774C797903097E0BB1A0007130AB5352D3F3073CA24D4C8894BDB6DF7689DF1693282DD607D62FE60EE24E5E0CC70686109CEB21BFA6E97FEF323EF9B6
Malicious:	false
Reputation:	low
Preview:	.[Info]..id=1033..lng=en..translator=http://www.actualinstaller.com....[Buttons]..0=< &Back..1=&Next >..2=&Cancel..3=&Install..4=E&xit..5=&Yes..6=&No..7=&Browse.....8=&Finish..9=&Extract..10=OK..11=I &Agree..12=Print..13=Exit....[Title]..0=<AppNameVersion> Setup....[Language]..0=Welcome to <AppName> Setup..1=Select the setup language:....[Welcome]..0=Welcome to <AppName> Setup..1=This will install <AppNameVersion> on your computer.<#><#>Click Next to continue, or Cancel to exit Setup...2=Copyright . %s..3=Options....[LicenseAgreement]..0=License Agreement..1=Please read the following important information before continuing...2=Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation...3=If you accept the terms of the agreement, click "I Agree" to continue...4=I accept the agreement..5=By installing this product, you agree to our..6=License Agreement....[Readme]..0=Readme Information..1=Please read additional inf

C:\Users\eyup\AppData\Local\Temp\AITMP227\L(Default).rtf

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	ISO-8859 text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	8379
Entropy (8bit):	4.592181449295644
Encrypted:	false
SSDEEP:
MD5:	50ABC0559BD3547BE9DBC4D0D07741ED
SHA1:	1F42F560E75C23F8EFD4672572CDB4AF3F564009
SHA-256:	6031800D722DF96FEF96DCC7196D9E2EF8892C47C91EDD7C951BFD40C519651D
SHA-512:	271E0437C450C686ACD781585A6E70D451B80B5F668E5FA2ACCB7BBC023C6E434D4889387A4DAD4ACB51C37575A4CF674A784A6EB0831D32B4CB7796F37E8DB5
Malicious:	false
Reputation:	low
Preview:	Software .berlassungsvertrag....zwischen der INNOTAS ELEKTRONIK GmbH (im folgenden Innotas) und dem Kunden, der die zur Installation bereit gestellte Software nutzen wird......1 Vertragsgegenstand....Innotas r.umt dem Kunden das nicht ausschlie.liche und nicht .bertragbare Recht ein, die auf diesem Datentr.ger zur Installation bereit gestellte Software (im folgenden Software) in unver.nderter Form zu den nachfolgenden Bestimmungen zu nutzen......2 Liefergegenstand....Innotas liefert dem Kunden die Software, sowie alle notwendigen Informationen und Hilfen zum Installieren und Betreiben der Software.....Die Software entspricht der Funktionsbeschreibung der Dokumentation. Dar.ber hinaus gehende Eigenschaften des Programms werden nicht geschuldet.....Dem Kunden sind die wesentlichen Leistungs- und Funktionsmerkmale der Software bekannt. Er hat sich aufgrund dieser Informationen f.r die Software entschieden. Innotas haftet nicht daf.r, dass die Software den W.nschen und Bed.rfnissen des Ku

C:\Users\eyup\AppData\Local\Temp\AITMP227\Uninstall.exe

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Category:	dropped
Size (bytes):	614912
Entropy (8bit):	7.885964608571698
Encrypted:	false
SSDEEP:
MD5:	8AAFA112EF5FDC35F3242986F5DF6FEB
SHA1:	DBD09C2FC0D111CB8623659552D4DDC57CB18E60
SHA-256:	190474CD3AD662AB796EE93ABBBFAE52C2E2E3C7A13C708D76AABF1085D8B676
SHA-512:	607677B36865EA88B6F4D94A8C181AE1436A5B1ED1C7BABBC1CB6E6BC4A7DCCB237812C8DD189E5B077D2E70B63808247AB2D7CD5D3B2675F0273EBA8D564BA4
Malicious:	true
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...9..b.....................P...P.. j$..`...p$...@...........................$..................@.................... ._...d.$.`....p$.dM...................................................k$..............................p .....................UPX0.....P..............................UPX1.........`......................@....rsrc....P...p$..P..................@..............................................................................................................................................................................................................................................................................................................................................................................3.96.UPX!....

C:\Users\eyup\AppData\Local\Temp\AITMP227\aidatafile.zip

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	23743023
Entropy (8bit):	7.969593225218257
Encrypted:	false
SSDEEP:
MD5:	FA35C9D4474B68D7EC23C364A3EE2B83
SHA1:	2FB7BE1A3E1C6C6C08C5F6500A9FEAA2A1BF1217
SHA-256:	E21C7E94F013015D06B327774C8B5542C2FA66A3B8288B03AAFD1C9F8DE75236
SHA-512:	FE676913F1D6EF1B51412408476C2C15D96F74D50FC5E38D54CDA0BF838BCB0F8A85A24BAE18AF52723DF791F320CD6F7CF5B1FF4361181B1096214F74A8D1BC
Malicious:	false
Reputation:	low
Preview:	PK...........Q....._..........0..xT../.f2I&..0h.."...-.T.Cn.H.;.H.....4..P..Ih...TP....-m..H1..Hb....j.j.E.q.6.FE..{.Z{....\|..<....z..].m].&g....c.ff>.c.L......z]M#......1;..pu....W...T/mJjh....bY.2g.#iQUR....YWY.T........;.E........X...E.~.L.d......k..X...J....8p......p...;.E.G}HK.QFV.:...!.$... ....L.6./.&.vF......U+..@c........4c.7WV8(....W \|dLH>.Fs....G...$1x}..\|Ke..z>v.FD...vs..g..b........q1o.....q..WU[O..u...3...._.\....._BI....;~._6...}.....w...f....%.m,.P9....:.....l...6V~......m,.0.0......n@......ja.{.`.+c7...u.,@.....`C...)xN.L...x......a-.c<..4.......;........+-c7..h..`,,c..)E..0............?..#~.p#.F...x....X.<....O.V...8..X-..&....+c.......A..dq......V.....-..@-...?.h....?..,.q.$.$.......X..P...-.d...z...\|..p....X@. .0...(.....2..V.>.....}.e.V...8...E.?.Q.9F..g.. .......`A....^.4...0.....O;..x...<....{&..@M.{..8...-.G....c.V#.Y.9@..a3...."<....%`..A.c.+.A8.....".C.G....@X.p....Y.a..[.K...\|..E#<..<`..9...I......}4N...Q..!.)..

C:\Users\eyup\AppData\Local\Temp\AITMP227\ailogo.bmp

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	PC bitmap, Windows 3.x format, 494 x 135 x 24
Category:	dropped
Size (bytes):	200394
Entropy (8bit):	1.9529244566216357
Encrypted:	false
SSDEEP:
MD5:	22C4A8AEE84CDE39B2126C4ACB7B7D59
SHA1:	051BC6C2FEFE8AF51DE4F9C0FD151537B2C279DF
SHA-256:	8D7AFE922D00729AEEA775B37D46EAC204254101AFD64F3A3C32C0376DC8C5B1
SHA-512:	49F4945BCC76D996F0298B7BD25AC393228C4022AC8228C4877780E62A6A9DBDD2DD02B7EFD62C5932E29FE78C8CF7566C067FBC50936672086C26BB1995D48B
Malicious:	false
Reputation:	low
Preview:	BM........6...(.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\eyup\AppData\Local\Temp\AITMP227\aisetup.ini

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2801
Entropy (8bit):	5.424167701905947
Encrypted:	false
SSDEEP:
MD5:	B3F281050211208A5A93B43FC7AE321C
SHA1:	5ACFD62CDF4310EAE175A95E0D7F885BB156905E
SHA-256:	D79FD912B3631A7B2B148AFA612A77C0CB771C5A812CF9476F27711C179B1AD6
SHA-512:	433B48FD422FE23EAC6D9AFEA5E99F7A2C02224E50D5EECC14C7276C50BB4DFA3CC4953EA33443DB299D3F52211D6D501C55FDE532CE26FD9B40D9B01C161753
Malicious:	false
Reputation:	low
Preview:	.[Setup]..TrialMsg1=Dieses Setup-Programm wurde mit der Testversion von Actual Installer Pro erstellt.<#>Die Weitergabe dieses Programms ist verboten.<#><#>Diese Meldung erscheint nicht bei Setups, die mit der lizenzierten Version erstellt wurden...TrialMsg2=Danke f.r das Testen von Actual Installer!<#>Dieses Setup-Programm kann nur zu Testzwecken verwendet werden und l.uft in 5 Tagen ab.<#><#>M.chten Sie Actual Installer Pro registrieren um diese Nachricht zu entfernen?..TrialLng=German..AIVer=9.0..BDID=220425..GUID={A61D2F6E-BC4C-44E5-9EFF-7C5FBBA37603}..AppName=LoRaSetupTool..AppVersion=4.0.5.0..AppDescription=LoRa Setup Tool for Innotas LoRa Device..CompanyName=INNOTAS..WebSite=www.innotas-elektronik.de..SupportLink=www.innotas-elektronik.de..PackageType=0..InstallLevel=1..UpgradeMode=0..RunAsAdmin=0..IfInstalled=0..Windows Server 2003=1..Windows XP=1..Windows Vista=1..Windows 7=1..Windows 8=1..Windows 8.1=1..Windows 10=1..Windows 11=1..Enab=0..SystemType=0..Internet=0..Archiv

C:\Users\eyup\AppData\Local\Temp\AITMP227\aisetup.zip

Download File

Process:	C:\Users\eyup\Desktop\lst_setup_v4_0_5 (1).exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	625311
Entropy (8bit):	7.998840900257631
Encrypted:	true
SSDEEP:
MD5:	EF5EB37DD4594FD7665487D692DBAFE4
SHA1:	FCB93AC450F93963F12B256FCE2BA9855641AD0D
SHA-256:	D10BFAF6E902D3545E7E7AA5344047662E31B84C19FC42113D8374BA000CCBB3
SHA-512:	2EB63671FDA8D6F4CB2F1C060E9860DD6DF88684EB96295D2F788F7271F0DCF0AA7E56344893B53ECE4E4A639974D1DF0D4B811917EADA6E93B368B1983F02C9
Malicious:	false
Reputation:	low
Preview:	PK........4aRT8......@"......Englishai.lng.Y.N#...n...G....^....Y...Y.....%..3m..{....g.Hy..B..{z..0...i..3....~U..?..kO.._.-.%.;.n...a"T...W6.N.d.\q...d2...<..:...tR=n.._?..ie..N......vk7......n.%[.\."o...V.o....o.[...Wa.C8.....'.'Vt:.v.(..,...v.8.....pfw'.....&=.u64B.....H.o..%........(..X.,..Z}d....]q5,...=..T..iV......E...f.............HZ6.y.I..Z......E...?..#.;.e....:..IU.m......../...u15r8r._.g..]qS8..z..T(+.c............gF...0.y.'R.....8..(4.f.=...,)...Y.e.....K6..c<ME.m...[......+.....nDG..I....7@..j..,%.o..T.M.w0.{M&.6.A.iZ......Y..W.......S`...=w`..T.#..&....2..y>...D.....#......6U...L.A.!.~..4. .....w?.L..NM......N...Fdl E.YRc...<!.b.S.}bo......v.N;...jz.n.Q....Rm.&... .3S....k~!,..$...L..=..Ha0.....P?.im.B..[4p..2..{..~M...2....HO0..T..'........4..*..z......\i.k...xC..AR{....<.'T_...g.s.........>.L...w.s`a&.....P..4....K3D...>=%......qK......8..-....<.+.B..5..zw..p.D.c.\|.>eP...MF2..B...62T...M.!..@Q.KKg.......UR..R`...

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.936779196146855
TrID:	Win32 Executable (generic) a (10002005/4) 98.04% Inno Setup installer (109748/4) 1.08% InstallShield setup (43055/19) 0.42% Win32 EXE PECompact compressed (generic) (41571/9) 0.41% Win16/32 Executable Delphi generic (2074/23) 0.02%
File name:	lst_setup_v4_0_5 (1).exe
File size:	27480795
MD5:	f25d8c4f2d37c4000acc420f6384c791
SHA1:	570a248e3b64f4dd156df4dee56e24ab136887ba
SHA256:	43ef2155c942998e3f0d83ec242d48f273fd01f3c0fd6d7ec3decabc9eeaee5a
SHA512:	0f82ae6844f7aeb878db9100ea8f2ed273915393b7a50efed1819d9517de6c9a88dbc19b96c207cd2adc29cac060fa5d29777385984e8e8b90ec353c45903941
SSDEEP:	786432:t630y4nhVhyEc9s/HHvH1Qqe/Nab6WN4SrWox:cXi0fUtQqiNab6WNOox
TLSH:	57572323B28E603ED07B597A5A3B96549C3F7B737912DC0B6BF4094C8F351406A3A61B
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	f8f89c9ed19beee4

Static PE Info

General

Entrypoint:	0x67b6bc
Entrypoint Section:	.itext
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:
Time Stamp:	0x62163739 [Wed Feb 23 13:31:37 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	c280ac91129594a710dd65b002fb715a

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFF0h
push ebx
mov eax, 00672868h
call 00007F47844D020Ch
mov ebx, dword ptr [006855DCh]
mov eax, dword ptr [ebx]
call 00007F47846D4723h
mov eax, dword ptr [ebx]
mov dl, 01h
call 00007F47846D6462h
mov ecx, dword ptr [006857C4h]
mov eax, dword ptr [ebx]
mov edx, dword ptr [006455ACh]
call 00007F47846D471Fh
mov ecx, dword ptr [00685824h]
mov eax, dword ptr [ebx]
mov edx, dword ptr [006412ACh]
call 00007F47846D470Ch
mov ecx, dword ptr [00685560h]
mov eax, dword ptr [ebx]
mov edx, dword ptr [0064503Ch]
call 00007F47846D46F9h
mov eax, dword ptr [ebx]
call 00007F47846D484Eh
pop ebx
call 00007F47844CB1A0h
lea eax, dword ptr [eax+00h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x291000	0x5b	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x28c000	0x3eae	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2cb000	0x39400	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x294000	0x361f8	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x293000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x28cb70	0x990	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x290000	0xa02	.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2781e4	0x278200	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0x27a000	0x172c	0x1800	False	0.529296875	data	6.27702726242023	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x27c000	0x98e0	0x9a00	False	0.5418526785714286	data	6.06717162264256	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0x286000	0x597c	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x28c000	0x3eae	0x4000	False	0.305908203125	data	5.208438026981605	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didata	0x290000	0xa02	0xc00	False	0.3092447916666667	data	3.7326262722053856	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0x291000	0x5b	0x200	False	0.158203125	data	1.0513386533762583	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0x292000	0x40	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x293000	0x5d	0x200	False	0.189453125	data	1.3469418663574548	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x294000	0x361f8	0x36200	False	0.5797939520785219	data	6.7304308543404305	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x2cb000	0x39400	0x39400	False	0.4921491198144105	data	6.133591775783793	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_CURSOR	0x2cc134	0x134	data	English	United States
RT_CURSOR	0x2cc268	0x134	data	English	United States
RT_CURSOR	0x2cc39c	0x134	data	English	United States
RT_CURSOR	0x2cc4d0	0x134	data	English	United States
RT_CURSOR	0x2cc604	0x134	data	English	United States
RT_CURSOR	0x2cc738	0x134	data	English	United States
RT_CURSOR	0x2cc86c	0x134	data	English	United States
RT_BITMAP	0x2cc9a0	0x1d0	data	English	United States
RT_BITMAP	0x2ccb70	0x1e4	data	English	United States
RT_BITMAP	0x2ccd54	0x1d0	data	English	United States
RT_BITMAP	0x2ccf24	0x1d0	data	English	United States
RT_BITMAP	0x2cd0f4	0x1d0	data	English	United States
RT_BITMAP	0x2cd2c4	0x1d0	data	English	United States
RT_BITMAP	0x2cd494	0x1d0	data	English	United States
RT_BITMAP	0x2cd664	0x1d0	data	English	United States
RT_BITMAP	0x2cd834	0x1d0	data	English	United States
RT_BITMAP	0x2cda04	0x1d0	data	English	United States
RT_BITMAP	0x2cdbd4	0xc0	GLS_BINARY_LSB_FIRST	English	United States
RT_BITMAP	0x2cdc94	0xe0	GLS_BINARY_LSB_FIRST	English	United States
RT_BITMAP	0x2cdd74	0xe0	GLS_BINARY_LSB_FIRST	English	United States
RT_BITMAP	0x2cde54	0xe0	GLS_BINARY_LSB_FIRST	English	United States
RT_BITMAP	0x2cdf34	0xc0	GLS_BINARY_LSB_FIRST	English	United States
RT_BITMAP	0x2cdff4	0xc0	GLS_BINARY_LSB_FIRST	English	United States
RT_BITMAP	0x2ce0b4	0xe0	GLS_BINARY_LSB_FIRST	English	United States
RT_BITMAP	0x2ce194	0xc0	GLS_BINARY_LSB_FIRST	English	United States
RT_BITMAP	0x2ce254	0xe0	GLS_BINARY_LSB_FIRST	English	United States
RT_BITMAP	0x2ce334	0xc0	GLS_BINARY_LSB_FIRST	English	United States
RT_BITMAP	0x2ce3f4	0xe0	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x2ce4d4	0xea8	data	English	United States
RT_ICON	0x2cf37c	0x8a8	data	English	United States
RT_ICON	0x2cfc24	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x2d018c	0x8695	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States
RT_ICON	0x2d8824	0x10828	dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0	English	United States
RT_ICON	0x2e904c	0x94a8	data	English	United States
RT_ICON	0x2f24f4	0x25a8	data	English	United States
RT_ICON	0x2f4a9c	0x10a8	data	English	United States
RT_ICON	0x2f5b44	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_STRING	0x2f5fac	0x298	data
RT_STRING	0x2f6244	0x364	data
RT_STRING	0x2f65a8	0x3fc	data
RT_STRING	0x2f69a4	0x24c	data
RT_STRING	0x2f6bf0	0xc0	data
RT_STRING	0x2f6cb0	0x100	data
RT_STRING	0x2f6db0	0x254	data
RT_STRING	0x2f7004	0x3d0	data
RT_STRING	0x2f73d4	0x3d4	data
RT_STRING	0x2f77a8	0x464	data
RT_STRING	0x2f7c0c	0x2f4	data
RT_STRING	0x2f7f00	0x3bc	data
RT_STRING	0x2f82bc	0x438	data
RT_STRING	0x2f86f4	0x504	data
RT_STRING	0x2f8bf8	0x384	data
RT_STRING	0x2f8f7c	0x3c0	data
RT_STRING	0x2f933c	0x450	data
RT_STRING	0x2f978c	0x138	data
RT_STRING	0x2f98c4	0xcc	data
RT_STRING	0x2f9990	0x1f8	data
RT_STRING	0x2f9b88	0x40c	data
RT_STRING	0x2f9f94	0x384	data
RT_STRING	0x2fa318	0x318	data
RT_STRING	0x2fa630	0x31c	data
RT_RCDATA	0x2fa94c	0x10	data
RT_RCDATA	0x2fa95c	0x690	data
RT_RCDATA	0x2fafec	0x2	data	English	United States
RT_RCDATA	0x2faff0	0x7428	Delphi compiled form 'TForm1'
RT_RCDATA	0x302418	0x1076	Delphi compiled form 'TForm2'
RT_RCDATA	0x303490	0x42f	Delphi compiled form 'TForm3'
RT_GROUP_CURSOR	0x3038c0	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x3038d4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x3038e8	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x3038fc	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x303910	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x303924	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x303938	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_ICON	0x30394c	0x84	data	English	United States
RT_VERSION	0x3039d0	0x20c	data	English	United States
RT_MANIFEST	0x303bdc	0x686	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey
user32.dll	MessageBoxA, CharNextW, LoadStringW
kernel32.dll	Sleep, VirtualFree, VirtualAlloc, lstrlenW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, RemoveDirectoryW, CreateDirectoryW, WriteFile, GetStdHandle, CloseHandle
kernel32.dll	GetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary
user32.dll	SetClassLongW, GetClassLongW, SetWindowLongW, GetWindowLongW, CreateWindowExW, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetCapture, SetActiveWindow, SendMessageTimeoutW, SendMessageA, SendMessageW, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsIconic, IsDialogMessageA, IsDialogMessageW, IsChild, InvalidateRect, InsertMenuItemW, InsertMenuW, HideCaret, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowDC, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetScrollBarInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageExtraInfo, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassInfoExW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FlashWindow, FindWindowExW, FindWindowW, FillRect, ExitWindowsEx, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EndMenu, EndDeferWindowPos, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DeferWindowPos, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, CreateAcceleratorTableW, CopyImage, CopyIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BeginPaint, BeginDeferWindowPos, AdjustWindowRectEx, ActivateKeyboardLayout
gdi32.dll	UnrealizeObject, StretchDIBits, StretchBlt, StartPage, StartDocW, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, RemoveFontResourceW, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyBezierTo, PolyBezier, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExcludeClipRect, EnumFontsW, EnumFontFamiliesExW, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateICW, CreateHalftonePalette, CreateFontIndirectW, CreateDIBitmap, CreateDIBSection, CreateDCW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, Chord, BitBlt, ArcTo, Arc, AngleArc, AddFontResourceW, AbortDoc
version.dll	VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
kernel32.dll	WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, VerSetConditionMask, VerifyVersionInfoW, UnmapViewOfFile, TryEnterCriticalSection, SwitchToThread, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesW, SetEvent, SetErrorMode, SetEndOfFile, SetCurrentDirectoryW, ResumeThread, ResetEvent, RemoveDirectoryW, ReadFile, RaiseException, QueryDosDeviceW, IsDebuggerPresent, MulDiv, MapViewOfFile, LockResource, LocalFree, LocalFileTimeToFileTime, LoadResource, LoadLibraryW, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, HeapSize, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GlobalUnlock, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetWindowsDirectoryW, GetVolumeInformationW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetUserDefaultUILanguage, GetTimeZoneInformation, GetTickCount, GetThreadPriority, GetThreadLocale, GetTempPathW, GetSystemTimes, GetSystemDirectoryW, GetSystemDefaultUILanguage, GetSystemDefaultLangID, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLogicalDrives, GetLogicalDriveStringsW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesExW, GetFileAttributesW, GetExitCodeThread, GetExitCodeProcess, GetEnvironmentVariableW, GetDriveTypeW, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCommandLineW, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, FindNextFileW, FindFirstFileW, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumSystemLocalesW, EnumResourceNamesW, EnumCalendarInfoW, EnterCriticalSection, DosDateTimeToFileTime, DeleteFileW, DeleteCriticalSection, CreateThread, CreateFileMappingW, CreateFileW, CreateEventW, CreateDirectoryW, CopyFileW, CompareStringW, CloseHandle
advapi32.dll	RegUnLoadKeyW, RegSetValueExW, RegSaveKeyW, RegRestoreKeyW, RegReplaceKeyW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegLoadKeyW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegConnectRegistryW, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid, AdjustTokenPrivileges
kernel32.dll	Sleep
oleaut32.dll	SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
oleaut32.dll	GetErrorInfo, RegisterTypeLib, LoadTypeLib, SysFreeString
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateGuid, StringFromCLSID, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID
comctl32.dll	InitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_GetImageInfo, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Copy, ImageList_LoadImageW, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
user32.dll	EnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow
msvcrt.dll	memset, memcpy
shell32.dll	ShellExecuteExW, ShellExecuteW, Shell_NotifyIconW
wininet.dll	InternetOpenUrlW, InternetOpenW, InternetCloseHandle
shell32.dll	SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetMalloc, SHGetDesktopFolder, SHChangeNotify, SHBrowseForFolderW
comdlg32.dll	GetSaveFileNameW, GetOpenFileNameW
winspool.drv	OpenPrinterW, EnumPrintersW, DocumentPropertiesW, ClosePrinter
winspool.drv	GetDefaultPrinterW

Exports

Name	Ordinal	Address
TMethodImplementationIntercept	1	0x460844

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report lst_setup_v4_0_5 (1).exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Created / dropped Files

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\LST.ENG

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\LST.exe

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\Uninstall.exe (copy)

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\acntCX10Sydney_r.bpl

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bcbsmp270.bpl

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bcbsmpc270.bpl

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\bindengine270.bpl

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\borlndmm.dll

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\cc32270mt.dll

C:\Program Files (x86)\INNOTAS\LoRaSetupTool\cc32c270mt.dll

C:\Users\eyup\AppData\Local\Temp\AITMP227\Englishai.lng

C:\Users\eyup\AppData\Local\Temp\AITMP227\L(Default).rtf

C:\Users\eyup\AppData\Local\Temp\AITMP227\Uninstall.exe

C:\Users\eyup\AppData\Local\Temp\AITMP227\aidatafile.zip

C:\Users\eyup\AppData\Local\Temp\AITMP227\ailogo.bmp

C:\Users\eyup\AppData\Local\Temp\AITMP227\aisetup.ini

C:\Users\eyup\AppData\Local\Temp\AITMP227\aisetup.zip

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Windows Analysis Report
lst_setup_v4_0_5 (1).exe