Windows Analysis Report
KPT_BMU_Bootload_V1.01.exe

Overview

General Information

Sample name: KPT_BMU_Bootload_V1.01.exe
Analysis ID: 1500507
MD5: 1477bb218c89871c0b1ba576a5eced54
SHA1: 0ef041f120df82af4a532804f5b5a106bf87960c
SHA256: 9f63e34ce432dd1b0c3e00d54650f6f8dfb2b885be8c5c68f57eb0adda66c944

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: KPT_BMU_Bootload_V1.01.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Sample file is different than original file name gathered from version info
Source: KPT_BMU_Bootload_V1.01.exe, 00000000.00000002.3268390187.0000000000408000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameKPT_Bootload.EXED vs KPT_BMU_Bootload_V1.01.exe
Source: KPT_BMU_Bootload_V1.01.exe Binary or memory string: OriginalFilenameKPT_Bootload.EXED vs KPT_BMU_Bootload_V1.01.exe
Uses 32bit PE files
Source: KPT_BMU_Bootload_V1.01.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: clean2.winEXE@1/0@0/0
Source: KPT_BMU_Bootload_V1.01.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\KPT_BMU_Bootload_V1.01.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\KPT_BMU_Bootload_V1.01.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\KPT_BMU_Bootload_V1.01.exe Section loaded: mfc42.dll Jump to behavior
Source: C:\Users\user\Desktop\KPT_BMU_Bootload_V1.01.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\KPT_BMU_Bootload_V1.01.exe Section loaded: controlcan.dll Jump to behavior
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\KPT_BMU_Bootload_V1.01.exe Code function: 0_2_004018C0 IsIconic,#470,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,#755,#2379, 0_2_004018C0
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1500507 Sample: KPT_BMU_Bootload_V1.01.exe Startdate: 28/08/2024 Architecture: WINDOWS Score: 2 4 KPT_BMU_Bootload_V1.01.exe 2->4         started       
No contacted IP infos