Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.4514531527.00000000046A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.4514898457.00000000049A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2275798447.000000000051C000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2276278471.0000000006300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 5532, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 6540, type: MEMORYSTR |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.4514531527.00000000046A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2275798447.000000000051C000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2276278471.0000000006300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 5532, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 6540, type: MEMORYSTR |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 0_2_0040F2B0 FindFirstFileW,GetLastError,FindClose, | 0_2_0040F2B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_0040F2B0 FindFirstFileW,GetLastError,FindClose, | 3_2_0040F2B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046A96A0 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose, | 3_2_046A96A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046A928E __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose, | 3_2_046A928E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046BC322 FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose, | 3_2_046BC322 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046AC388 FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose, | 3_2_046AC388 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046ABD72 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose, | 3_2_046ABD72 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046A7877 FindFirstFileW,FindNextFileW, | 3_2_046A7877 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046A8847 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose, | 3_2_046A8847 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046EE8F9 FindFirstFileExA, | 3_2_046EE8F9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046ABB6B FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose, | 3_2_046ABB6B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046B9B86 FindFirstFileW,FindNextFileW,FindNextFileW, | 3_2_046B9B86 |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.4514531527.00000000046A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2275798447.000000000051C000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2276278471.0000000006300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 5532, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 6540, type: MEMORYSTR |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.4514531527.00000000046A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.4514898457.00000000049A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2275798447.000000000051C000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2276278471.0000000006300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 5532, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 6540, type: MEMORYSTR |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 00000003.00000002.4514531527.00000000046A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 00000003.00000002.4514531527.00000000046A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000003.00000002.4514531527.00000000046A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 00000000.00000002.2275798447.000000000051C000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 00000000.00000002.2276278471.0000000006300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: 00000000.00000002.2276278471.0000000006300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Author: unknown |
Source: 00000000.00000002.2276278471.0000000006300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 5532, type: MEMORYSTR | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 6540, type: MEMORYSTR | Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 0_2_004140C0 | 0_2_004140C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 0_2_00417933 | 0_2_00417933 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 0_2_0040B1B0 | 0_2_0040B1B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 0_2_0040CA40 | 0_2_0040CA40 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 0_2_0041C460 | 0_2_0041C460 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 0_2_0040FC10 | 0_2_0040FC10 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 0_2_00410660 | 0_2_00410660 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 0_2_004C7740 | 0_2_004C7740 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_004140C0 | 3_2_004140C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_00417933 | 3_2_00417933 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_0040B1B0 | 3_2_0040B1B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_0040CA40 | 3_2_0040CA40 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_0041C460 | 3_2_0041C460 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_0040FC10 | 3_2_0040FC10 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_00410660 | 3_2_00410660 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_004C7740 | 3_2_004C7740 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046C742E | 3_2_046C742E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046D7566 | 3_2_046D7566 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046DE5A8 | 3_2_046DE5A8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046D87F0 | 3_2_046D87F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046D706A | 3_2_046D706A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046B4005 | 3_2_046B4005 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046DE11C | 3_2_046DE11C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046D81E8 | 3_2_046D81E8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046F41D9 | 3_2_046F41D9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046BF18B | 3_2_046BF18B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046E6270 | 3_2_046E6270 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046DE34B | 3_2_046DE34B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046F33AB | 3_2_046F33AB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046C7C40 | 3_2_046C7C40 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046D7DB3 | 3_2_046D7DB3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046DDEED | 3_2_046DDEED |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046D5EEB | 3_2_046D5EEB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046C6E9F | 3_2_046C6E9F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046D797E | 3_2_046D797E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046D39D7 | 3_2_046D39D7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046EDA49 | 3_2_046EDA49 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046C7AD7 | 3_2_046C7AD7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046BDBF3 | 3_2_046BDBF3 |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.unpack, type: UNPACKEDPE | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 00000003.00000002.4514531527.00000000046A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 00000003.00000002.4514531527.00000000046A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000003.00000002.4514531527.00000000046A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 00000000.00000002.2275798447.000000000051C000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 00000000.00000002.2276278471.0000000006300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: 00000000.00000002.2276278471.0000000006300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000000.00000002.2276278471.0000000006300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 5532, type: MEMORYSTR | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 6540, type: MEMORYSTR | Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: k7rn7l32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: ntd3ll.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: rstrtmgr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046BCBE1 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress, | 3_2_046BCBE1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 0_2_0040F2B0 FindFirstFileW,GetLastError,FindClose, | 0_2_0040F2B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_0040F2B0 FindFirstFileW,GetLastError,FindClose, | 3_2_0040F2B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046A96A0 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose, | 3_2_046A96A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046A928E __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose, | 3_2_046A928E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046BC322 FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose, | 3_2_046BC322 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046AC388 FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose, | 3_2_046AC388 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046ABD72 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose, | 3_2_046ABD72 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046A7877 FindFirstFileW,FindNextFileW, | 3_2_046A7877 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046A8847 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose, | 3_2_046A8847 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046EE8F9 FindFirstFileExA, | 3_2_046EE8F9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046ABB6B FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose, | 3_2_046ABB6B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046B9B86 FindFirstFileW,FindNextFileW,FindNextFileW, | 3_2_046B9B86 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 0_2_004A6E63 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_004A6E63 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_004A6E63 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 3_2_004A6E63 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046D503C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 3_2_046D503C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046D4A8A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 3_2_046D4A8A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046DBB71 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 3_2_046DBB71 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: 3_2_046D4BD8 SetUnhandledExceptionFilter, | 3_2_046D4BD8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: GetLocaleInfoW,GetLocaleInfoW, | 0_2_0040C5D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: GetLocaleInfoW,GetLocaleInfoW, | 3_2_0040C5D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: GetLocaleInfoA, | 3_2_046AF90C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 3_2_046F24BC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: EnumSystemLocalesW, | 3_2_046E8484 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: GetLocaleInfoW, | 3_2_046F25C3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, | 3_2_046F2690 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: EnumSystemLocalesW, | 3_2_046F201B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: EnumSystemLocalesW, | 3_2_046F20B6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, | 3_2_046F2143 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: GetLocaleInfoW, | 3_2_046F2393 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, | 3_2_046F1D58 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: EnumSystemLocalesW, | 3_2_046F1FD0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.3521.549.exe | Code function: GetLocaleInfoW, | 3_2_046E896D |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.4514531527.00000000046A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.4514898457.00000000049A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2275798447.000000000051C000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2276278471.0000000006300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 5532, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 6540, type: MEMORYSTR |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.6300000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.51c42e.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.46a0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Win32.Evo-gen.3521.549.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.4514531527.00000000046A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.4514898457.00000000049A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2275798447.000000000051C000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2276278471.0000000006300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 5532, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.3521.549.exe PID: 6540, type: MEMORYSTR |