| Source: Submited Sample |
Integrated Neural Analysis Model: Matched 92.5% probability |
| Source: Infor IDF Auxiliary Machine.exe |
Joe Sandbox ML: detected |
| Source: Infor IDF Auxiliary Machine.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| Source: Infor IDF Auxiliary Machine.exe, 00000000.00000002.2043765965.0000000000430000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://java.sun.com |
| Source: Infor IDF Auxiliary Machine.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_004166FC |
0_2_004166FC |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_0040C8E0 |
0_2_0040C8E0 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_0041ACE1 |
0_2_0041ACE1 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_00408E5D |
0_2_00408E5D |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_00413F00 |
0_2_00413F00 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: String function: 004166B0 appears 58 times |
|
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: String function: 00401A0A appears 54 times |
|
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: String function: 00415728 appears 187 times |
|
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: String function: 00411F19 appears 38 times |
|
| Source: Infor IDF Auxiliary Machine.exe |
Binary or memory string: OriginalFilename vs Infor IDF Auxiliary Machine.exe |
| Source: Infor IDF Auxiliary Machine.exe, 00000000.00000002.2043765965.000000000043C000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameconsole.exe@ vs Infor IDF Auxiliary Machine.exe |
| Source: Infor IDF Auxiliary Machine.exe, 00000000.00000000.2042309173.000000000043C000.00000080.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameconsole.exe@ vs Infor IDF Auxiliary Machine.exe |
| Source: Infor IDF Auxiliary Machine.exe |
Binary or memory string: OriginalFilenameconsole.exe@ vs Infor IDF Auxiliary Machine.exe |
| Source: Infor IDF Auxiliary Machine.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| Source: Infor IDF Auxiliary Machine.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| Source: classification engine |
Classification label: mal60.evad.winEXE@2/0@0/0 |
| Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7324:120:WilError_03 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
| Source: unknown |
Process created: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe "C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe" |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Unpacked PE file: 0.2.Infor IDF Auxiliary Machine.exe.400000.0.unpack .text:EW;.rsrc:EW; vs .text:ER;.rsrc:EW; |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_0041F805 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
0_2_0041F805 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_0042D04C push eax; ret |
0_2_0042D0A1 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_00428018 push eax; retn 0042h |
0_2_00428019 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_004283D8 push esp; iretd |
0_2_004283D9 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_004166EB push ecx; ret |
0_2_004166FB |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_00415728 push eax; ret |
0_2_00415746 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_0041C880 push eax; ret |
0_2_0041C894 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_0041C880 push eax; ret |
0_2_0041C8BC |
| Source: Infor IDF Auxiliary Machine.exe |
Static PE information: section name: .text entropy: 7.970208954906549 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
API coverage: 9.2 % |
| Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
| Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_0041E627 VirtualQuery,GetSystemInfo,VirtualQuery,VirtualAlloc,VirtualProtect, |
0_2_0041E627 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
API call chain: ExitProcess graph end node |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_0041F805 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
0_2_0041F805 |
| Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_0041C9CE SetUnhandledExceptionFilter, |
0_2_0041C9CE |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_0041C9BA SetUnhandledExceptionFilter, |
0_2_0041C9BA |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: GetLocaleInfoA, |
0_2_0041E70A |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: GetLastError,GetLocaleInfoA,GetLocaleInfoA,MultiByteToWideChar, |
0_2_0041F8FE |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: GetLocaleInfoA,_strncpy, |
0_2_0041D992 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: GetLocaleInfoA,MultiByteToWideChar, |
0_2_0041F9BA |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: GetLastError,WideCharToMultiByte,GetLocaleInfoA, |
0_2_0041FA2E |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: _strlen,_strlen,EnumSystemLocalesA, |
0_2_0041DEE8 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: _strlen,EnumSystemLocalesA, |
0_2_0041DEB1 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: _strlen,EnumSystemLocalesA, |
0_2_0041DF6E |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: GetLocaleInfoA,_TranslateName,_TranslateName,IsValidLocale,_strcat, |
0_2_0041DFC3 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_0041E429 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, |
0_2_0041E429 |
| Source: C:\Users\user\Desktop\Infor IDF Auxiliary Machine.exe |
Code function: 0_2_00414FC6 EntryPoint,GetVersionExA,GetModuleHandleA,_fast_error_exit,_fast_error_exit,GetCommandLineA, |
0_2_00414FC6 |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet