Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline |
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 0_2_00409920 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
0_2_00409920 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 2_2_00409920 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
2_2_00409920 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 3_2_00409920 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
3_2_00409920 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 0_2_004088C0 |
0_2_004088C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 2_2_004088C0 |
2_2_004088C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 3_2_004088C0 |
3_2_004088C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: String function: 004032FC appears 42 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: String function: 00403198 appears 66 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: String function: 004045CC appears 39 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: String function: 004031B8 appears 33 times |
|
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: classification engine |
Classification label: clean4.winEXE@3/0@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 0_2_00409920 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
0_2_00409920 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 2_2_00409920 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
2_2_00409920 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 3_2_00409920 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
3_2_00409920 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 0_2_0040A10C FindResourceA,SizeofResource,LoadResource,LockResource, |
0_2_0040A10C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
String found in binary or memory: need to be updated. /RESTARTAPPLICATIONS Instructs Setup to restart applications. /NORESTARTAPPLICATIONS Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked t |
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
String found in binary or memory: need to be updated. /RESTARTAPPLICATIONS Instructs Setup to restart applications. /NORESTARTAPPLICATIONS Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked t |
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
String found in binary or memory: need to be updated. /RESTARTAPPLICATIONS Instructs Setup to restart applications. /NORESTARTAPPLICATIONS Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked t |
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
String found in binary or memory: /LOADINF="filename" |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe" -install |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe" /install |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe" /load |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Automated click: OK |
Source: SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 0_2_00406A50 push 00406A8Dh; ret |
0_2_00406A85 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 0_2_004040B5 push eax; ret |
0_2_004040F1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 0_2_00404185 push 00404391h; ret |
0_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 0_2_00404206 push 00404391h; ret |
0_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 0_2_004042E8 push 00404391h; ret |
0_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 0_2_00404283 push 00404391h; ret |
0_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 0_2_004093EC push 0040941Fh; ret |
0_2_00409417 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 0_2_004085B8 push ecx; mov dword ptr [esp], eax |
0_2_004085BD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 2_2_00406A50 push 00406A8Dh; ret |
2_2_00406A85 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 2_2_004040B5 push eax; ret |
2_2_004040F1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 2_2_00404185 push 00404391h; ret |
2_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 2_2_00404206 push 00404391h; ret |
2_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 2_2_004042E8 push 00404391h; ret |
2_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 2_2_00404283 push 00404391h; ret |
2_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 2_2_004093EC push 0040941Fh; ret |
2_2_00409417 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 2_2_004085B8 push ecx; mov dword ptr [esp], eax |
2_2_004085BD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 3_2_00406A50 push 00406A8Dh; ret |
3_2_00406A85 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 3_2_004040B5 push eax; ret |
3_2_004040F1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 3_2_00404185 push 00404391h; ret |
3_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 3_2_00404206 push 00404391h; ret |
3_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 3_2_004042E8 push 00404391h; ret |
3_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 3_2_00404283 push 00404391h; ret |
3_2_00404389 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 3_2_004093EC push 0040941Fh; ret |
3_2_00409417 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 3_2_004085B8 push ecx; mov dword ptr [esp], eax |
3_2_004085BD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Evasive API call chain: GetSystemTime,DecisionNodes |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 0_2_0040A050 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery, |
0_2_0040A050 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: GetLocaleInfoA, |
0_2_00405694 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: GetLocaleInfoA, |
0_2_004056E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: GetLocaleInfoA, |
2_2_00405694 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: GetLocaleInfoA, |
2_2_004056E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: GetLocaleInfoA, |
3_2_00405694 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: GetLocaleInfoA, |
3_2_004056E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 0_2_004026C4 GetSystemTime, |
0_2_004026C4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.15311.21206.exe |
Code function: 0_2_00404654 GetModuleHandleA,GetVersion,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetProcessDEPPolicy, |
0_2_00404654 |