Edit tour

Windows Analysis Report
AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Overview

General Information

Sample name:	AutoClick Smart cortesia de bb-fans.jimdo.com.exe
Analysis ID:	1502469
MD5:	e064db65f591ebb637aa2ca532b7ec35
SHA1:	33fc69dce99767997a4ee0cc3398cdf82bbc6417
SHA256:	ff4234e650d0ba4b296f099c3bb00995f64d43570da258906208e1e1681a45ad
Tags:	exe
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Uses Windows timers to delay execution

Allocates memory with a write watch (potentially for evading sandboxes)

Detected potential crypto function

Program does not show much activity (idle)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Classification

Process Tree

System is w10x64

AutoClick Smart cortesia de bb-fans.jimdo.com.exe (PID: 7256 cmdline: "C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe" MD5: E064DB65F591EBB637AA2CA532B7EC35)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe	ReversingLabs: Detection: 18%
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Virustotal: Detection: 34%			Perma Link

Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe

File opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\MSVCR80.dll

Jump to behavior

Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:

Binary string: C:\Users\AntHoniO\AppData\Local\Temporary Projects\22\obj\Debug\22.pdb source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe	String found in binary or memory: http://www.bb-fans.jimdo.com
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Code function: 0_2_00007FFD9B8F170D

0_2_00007FFD9B8F170D

Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000000.1649312176.0000000000C30000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilename22.exe( vs AutoClick Smart cortesia de bb-fans.jimdo.com.exe
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Binary or memory string: OriginalFilename22.exe( vs AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal52.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Mutant created: NULL

Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe	ReversingLabs: Detection: 18%
Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Virustotal: Detection: 34%

Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dll

Jump to behavior

Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe

File opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\MSVCR80.dll

Jump to behavior

Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: C:\Users\AntHoniO\AppData\Local\Temporary Projects\22\obj\Debug\22.pdb source: AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Uses Windows timers to delay execution

Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 100ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 1ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 100ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 1ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 100ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 1ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 100ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 1ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 100ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 1ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 100ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 1ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 100ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 1ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 100ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 1ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 100ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 1ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 100ms	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	User Timer Set: Timeout: 1ms	Jump to behavior

Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Memory allocated: 1260000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Memory allocated: 3340000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Memory allocated: 1B340000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Virtualization/Sandbox Evasion	OS Credential Dumping	11 Virtualization/Sandbox Evasion	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	12 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
AutoClick Smart cortesia de bb-fans.jimdo.com.exe	18%	ReversingLabs	Win32.Infostealer.Tinba
AutoClick Smart cortesia de bb-fans.jimdo.com.exe	34%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
http://www.fontbureau.com	0%	URL Reputation	safe
http://www.fontbureau.com	0%	URL Reputation	safe
http://www.fontbureau.com/designersG	0%	URL Reputation	safe
http://www.fontbureau.com/designers/?	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.fontbureau.com/designers?	0%	URL Reputation	safe
http://www.fontbureau.com/designers?	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.fontbureau.com/designers	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.fontbureau.com/designers/cabarga.htmlN	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.fontbureau.com/designers/frere-user.html	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.fontbureau.com/designers8	0%	URL Reputation	safe
http://www.fonts.com	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.apache.org/licenses/LICENSE-2.0	0%	Avira URL Cloud	safe
http://www.bb-fans.jimdo.com	0%	Avira URL Cloud	safe
http://www.bb-fans.jimdo.com	2%	Virustotal		Browse
http://www.apache.org/licenses/LICENSE-2.0	0%	Virustotal		Browse

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/LICENSE-2.0	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designersG	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/?	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/bThe	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.bb-fans.jimdo.com	AutoClick Smart cortesia de bb-fans.jimdo.com.exe	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers?	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.tiro.com	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.goodfont.co.kr	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.typography.netD	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fonts.com	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.kr	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	AutoClick Smart cortesia de bb-fans.jimdo.com.exe, 00000000.00000002.2889507835.000000001D0C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502469
Start date and time:	2024-09-01 17:55:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 41s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	AutoClick Smart cortesia de bb-fans.jimdo.com.exe
Detection:	MAL
Classification:	mal52.evad.winEXE@1/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 98% Number of executed functions: 11 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target AutoClick Smart cortesia de bb-fans.jimdo.com.exe, PID 7256 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	4.4023387390467965
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.79% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01%
File name:	AutoClick Smart cortesia de bb-fans.jimdo.com.exe
File size:	126'976 bytes
MD5:	e064db65f591ebb637aa2ca532b7ec35
SHA1:	33fc69dce99767997a4ee0cc3398cdf82bbc6417
SHA256:	ff4234e650d0ba4b296f099c3bb00995f64d43570da258906208e1e1681a45ad
SHA512:	e0b2b4835ec0230562c3990fc40dc60c37e4eea8fe83f483fe77771a0cac8d5752d0c14f6e357d0d44331db15c455dd50246935ebab6a2bfec5838049f8fd5a9
SSDEEP:	768:6k9e6e13yV2OWJfbneATpD4yp5Mte+Pb0xthHnJhJ1dOtdLQeKW81Y/sKlYsi:6k92ZLtThLmSWXQercc8
TLSH:	8CC32F43E2B4F5BDD6E58678882A88AD86330D12422E91566CD7FF37BD72401E50F27E
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$+O.....................0........... ........@.. .......................@............@................................

File Icon


Icon Hash:	498a80a2a2808241

Static PE Info

General

Entrypoint:	0x41cabe
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x4F2B240B [Fri Feb 3 00:02:19 2012 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1ca64	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x20000	0x7c0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x22000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1e000	0x1c	.sdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1aac4	0x1b000	2f4669a001312e0d536bbc79a4e06b15	False	0.21157045717592593	data	4.750413041323677	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.sdata	0x1e000	0x7b	0x1000	30411a68b4198fb916acea70accdfeea	False	0.036865234375	data	0.3025132428027854	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x20000	0x7c0	0x1000	6d51ca95c315372fee2a525171bf1ddd	False	0.136962890625	data	1.8755961838976858	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x22000	0xc	0x1000	a6b2e16bb149bd2d20cef5d1b6f25698	False	0.00830078125	data	0.015920183265625623	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x20388	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	0.15994623655913978
RT_ICON	0x20670	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	0.3344594594594595
RT_GROUP_ICON	0x20798	0x22	data	1.0294117647058822
RT_VERSION	0x20118	0x26c	data	0.45645161290322583

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 1, 2024 17:56:16.317195892 CEST	53	54672	1.1.1.1	192.168.2.4

Target ID:	0
Start time:	11:55:55
Start date:	01/09/2024
Path:	C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\AutoClick Smart cortesia de bb-fans.jimdo.com.exe"
Imagebase:	0xc10000
File size:	126'976 bytes
MD5 hash:	E064DB65F591EBB637AA2CA532B7EC35
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Function 00007FFD9B8F170D Relevance: 5.2, Instructions: 5190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2890249046.00007FFD9B8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8f0000_AutoClick Smart cortesia de bb-fans.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d54928f36499eb6814787c45a518369594e6c6448073bcc969eacc24aee9f0
Instruction ID: 8fa4ccd56483b9301b9132ea66ef1c5a22be27d4b1f7e52e6b849cdacdc744dd
Opcode Fuzzy Hash: 09d54928f36499eb6814787c45a518369594e6c6448073bcc969eacc24aee9f0
Instruction Fuzzy Hash: 6DA39D7461DB888FD7B1EB18C8A4F9AB7E1FF99305F4509A9D08DC7261CB74A840CB52

Function 00007FFD9B8F132E Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2890249046.00007FFD9B8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8f0000_AutoClick Smart cortesia de bb-fans.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 045fdb39bc87929b84cb1666cfabd77dae8c28413be51ba2e705fa6ea11c7639
Instruction ID: 90e0203d40c260eb1c5dacfb98e4ff7d02151035354c7f8f4d6e4695dac3851a
Opcode Fuzzy Hash: 045fdb39bc87929b84cb1666cfabd77dae8c28413be51ba2e705fa6ea11c7639
Instruction Fuzzy Hash: E4B1B87561DB888FDBB1EB18C4A9BDAB7E1FFAD701F410969908DC3251DB34A841CB42

Function 00007FFD9B8F0A98 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2890249046.00007FFD9B8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8f0000_AutoClick Smart cortesia de bb-fans.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58fbb60521678787e3c9c96919d5b53418cbcd040ed77cdfc169461c57de3626
Instruction ID: bdadd858bf2cb393a8f80190cc8869d74d8ce1b0e75be66bd3caf2f7d0ef1122
Opcode Fuzzy Hash: 58fbb60521678787e3c9c96919d5b53418cbcd040ed77cdfc169461c57de3626
Instruction Fuzzy Hash: 71B19770619A8D8FDBA5DF68C854BE97FE1FF19340F45016AE84DCB2A2DB349940CB41

Function 00007FFD9B8F9265 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2890249046.00007FFD9B8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8f0000_AutoClick Smart cortesia de bb-fans.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b90da8d09627d12a452e09ca09dd10148300aeff57c1b0c3728dd94bf43a396c
Instruction ID: b35dcfd16bfd29c805c0c054d0bd38074c27070314e0d80d28563e3a7085d869
Opcode Fuzzy Hash: b90da8d09627d12a452e09ca09dd10148300aeff57c1b0c3728dd94bf43a396c
Instruction Fuzzy Hash: B6B13574618B888FD7A0EF5CC489B5AB7E1FFAD311F45496AA08DD7221CB70E844CB12

Function 00007FFD9B8F04A0 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2890249046.00007FFD9B8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8f0000_AutoClick Smart cortesia de bb-fans.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c74022a3e7ce36642a46bcf4435e0ce6ec3532820bc8b91733e54ee0544babd
Instruction ID: d53a5843eaec30bd101510cca463d9d4bf8e5dc2620da969f4672547c18be3ff
Opcode Fuzzy Hash: 7c74022a3e7ce36642a46bcf4435e0ce6ec3532820bc8b91733e54ee0544babd
Instruction Fuzzy Hash: BE91027061DBC98FD7A1DB68C455B5ABBE1FF99340F4448AEE08DC72A1DA74A844C702

Function 00007FFD9B8F95F1 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2890249046.00007FFD9B8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8f0000_AutoClick Smart cortesia de bb-fans.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91a0bf9596a0570973083a01e1676b106494f1aa4613aa62edfa53ba99a3d837
Instruction ID: e84d6b3070c5742c512e5ff7bc29b4ef4e45c8115bbeb7b36b9fc15be907926d
Opcode Fuzzy Hash: 91a0bf9596a0570973083a01e1676b106494f1aa4613aa62edfa53ba99a3d837
Instruction Fuzzy Hash: 6F51AB3061DB888FD790EF28C499B6ABBE0FF99351F44496DE489C7262DA34D944CB42

Function 00007FFD9B8F022A Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2890249046.00007FFD9B8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8f0000_AutoClick Smart cortesia de bb-fans.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be6c35af01ea169dd9746aa899b5c913d8e1555853143b77cda7dcdfdf4f7834
Instruction ID: 52c2adfe6d59c31207daca681983ce19035816ba3829237aacf1eed4b0bd5ecc
Opcode Fuzzy Hash: be6c35af01ea169dd9746aa899b5c913d8e1555853143b77cda7dcdfdf4f7834
Instruction Fuzzy Hash: 9A411D62B2E7CA0FE392DB1888715647BF1FF99240F4605BAE48DC71B3EC286D418761

Function 00007FFD9B8F077D Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2890249046.00007FFD9B8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8f0000_AutoClick Smart cortesia de bb-fans.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fba1f99729c86aef89bc63061bca645badc1d6cac7f4a0168a1ed08bda75e0a8
Instruction ID: 0c3249a2c8cd9165d2dc235a93df4a853337441dd885d1a1b0a735740a8835da
Opcode Fuzzy Hash: fba1f99729c86aef89bc63061bca645badc1d6cac7f4a0168a1ed08bda75e0a8
Instruction Fuzzy Hash: 3E318470A0DB894FE781DF58C890B59BBE1FF99304F8518A9F08DC7296CAA5EC01C702

Function 00007FFD9B8F1159 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2890249046.00007FFD9B8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8f0000_AutoClick Smart cortesia de bb-fans.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd444dd7eabfd179339e5bfcc4a8d7f3caa4e6236862b227ce7957b56a632cd0
Instruction ID: 956f2ff4350d843dd8541bcfeba2be9deeaa473a0e131eeb07671c411412308c
Opcode Fuzzy Hash: cd444dd7eabfd179339e5bfcc4a8d7f3caa4e6236862b227ce7957b56a632cd0
Instruction Fuzzy Hash: 7F11817160DB894FD781DB6CC890669BBE1FF9A300F4505BAE48DC72A3DA649940CB12

Function 00007FFD9B8F0179 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2890249046.00007FFD9B8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8f0000_AutoClick Smart cortesia de bb-fans.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39cf0b1b0f086c627d8446619acefcc33eb374f35a3d1d6bac2255a72c9b236a
Instruction ID: 5303a5b90b0bb4c3bcd0d52cecab73830d7becba9f54757315d450f2960eb83c
Opcode Fuzzy Hash: 39cf0b1b0f086c627d8446619acefcc33eb374f35a3d1d6bac2255a72c9b236a
Instruction Fuzzy Hash: 4101C060E5DB8E5FDB029F2488616F93FB0EF0A200F4545B6F89DCB193DA34AA44C752

Function 00007FFD9B8F03F1 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2890249046.00007FFD9B8F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffd9b8f0000_AutoClick Smart cortesia de bb-fans.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e866d20f9652ba4b83bcf04c4f46ce06395b69a7ac655e4eaac492bae17060f5
Instruction ID: e75fba1e255854dd75b304b4594359f998959d0f16625e40e4e65ed22d21ab34
Opcode Fuzzy Hash: e866d20f9652ba4b83bcf04c4f46ce06395b69a7ac655e4eaac492bae17060f5
Instruction Fuzzy Hash: D9018461A5DB8C5FD781DF1888507157FF0FF59244F8A06AAF4CCD72A2E7289944C712

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report AutoClick Smart cortesia de bb-fans.jimdo.com.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

UDP Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: AutoClick Smart cortesia de bb-fans.jimdo.com.exePID: 7256, Parent PID: 2580

General

Chronological Activities

Disassembly

Analysis Process: AutoClick Smart cortesia de bb-fans.jimdo.com.exePID: 7256, Parent PID: 2580COMMON

Executed Functions

Function 00007FFD9B8F170D Relevance: 5.2, Instructions: 5190COMMON

Function 00007FFD9B8F132E Relevance: .3, Instructions: 303COMMON

Function 00007FFD9B8F0A98 Relevance: .3, Instructions: 298COMMON

Function 00007FFD9B8F9265 Relevance: .3, Instructions: 294COMMON

Windows Analysis Report
AutoClick Smart cortesia de bb-fans.jimdo.com.exe