Source: eOlMJXTCUH.exe |
ReversingLabs: Detection: 47% |
Source: eOlMJXTCUH.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: |
Binary string: \COD_TB\x64\Release\TOP_2.4.6.pdb@@ source: eOlMJXTCUH.exe |
Source: |
Binary string: \COD_TB\x64\Release\TOP_2.4.6.pdb source: eOlMJXTCUH.exe |
Source: |
Binary string: C:\Windows\Start.pdb source: eOlMJXTCUH.exe |
Source: |
Binary string: c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb source: eOlMJXTCUH.exe |
Source: eOlMJXTCUH.exe |
String found in binary or memory: http://103.239.244.218:8898/ |
Source: eOlMJXTCUH.exe |
String found in binary or memory: http://103.239.244.218:8898/1c5b7aafca5f2cef32b8aea1ded2a1e9ed7a8f4b6d7cc93d3f1b914b61ea0731a?datamo |
Source: eOlMJXTCUH.exe |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: eOlMJXTCUH.exe |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: eOlMJXTCUH.exe |
String found in binary or memory: http://top6666.top/top/version.txt |
Source: eOlMJXTCUH.exe |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: eOlMJXTCUH.exe |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: eOlMJXTCUH.exe |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: eOlMJXTCUH.exe |
String found in binary or memory: http://www.eyuyan.com)DVarFileInfo$ |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155C71E0 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,CloseClipboard, |
0_2_00007FF7155C71E0 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155C71E0 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,CloseClipboard, |
0_2_00007FF7155C71E0 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155C7070 _Init_thread_footer,free,OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,GlobalUnlock,CloseClipboard, |
0_2_00007FF7155C7070 |
Source: Yara match |
File source: eOlMJXTCUH.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.eOlMJXTCUH.exe.7ff715608390.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.0.eOlMJXTCUH.exe.7ff71560b5c9.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.eOlMJXTCUH.exe.7ff71560b5c9.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.eOlMJXTCUH.exe.7ff715608390.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.0.eOlMJXTCUH.exe.7ff715608390.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.eOlMJXTCUH.exe.7ff715608390.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.eOlMJXTCUH.exe.7ff7155ffc80.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.0.eOlMJXTCUH.exe.7ff7155ffc80.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.eOlMJXTCUH.exe.7ff7155a0000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.0.eOlMJXTCUH.exe.7ff7155a0000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.2701066643.00007FF7155FF000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000000.1445088590.00007FF7155FE000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: eOlMJXTCUH.exe PID: 2884, type: MEMORYSTR |
Source: eOlMJXTCUH.exe, type: SAMPLE |
Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.0.eOlMJXTCUH.exe.7ff715608390.3.unpack, type: UNPACKEDPE |
Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.0.eOlMJXTCUH.exe.7ff71560b5c9.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.eOlMJXTCUH.exe.7ff71560b5c9.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.eOlMJXTCUH.exe.7ff715608390.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.0.eOlMJXTCUH.exe.7ff715608390.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.eOlMJXTCUH.exe.7ff715608390.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.eOlMJXTCUH.exe.7ff7155ffc80.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.0.eOlMJXTCUH.exe.7ff7155ffc80.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.2.eOlMJXTCUH.exe.7ff7155a0000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: 0.0.eOlMJXTCUH.exe.7ff7155a0000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155DA090 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,memset,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, |
0_2_00007FF7155DA090 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155F9FC0 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,VirtualFree,_stricmp,VirtualFree,VirtualFree,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF7155F9FC0 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155D9930: DeviceIoControl, |
0_2_00007FF7155D9930 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155C8690 |
0_2_00007FF7155C8690 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B6A3F |
0_2_00007FF7155B6A3F |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B7245 |
0_2_00007FF7155B7245 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B8220 |
0_2_00007FF7155B8220 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155CDF00 |
0_2_00007FF7155CDF00 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155D5F00 |
0_2_00007FF7155D5F00 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B62F1 |
0_2_00007FF7155B62F1 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B66E7 |
0_2_00007FF7155B66E7 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B6D5E |
0_2_00007FF7155B6D5E |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B696A |
0_2_00007FF7155B696A |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155C5150 |
0_2_00007FF7155C5150 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B6124 |
0_2_00007FF7155B6124 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B6E05 |
0_2_00007FF7155B6E05 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155CCE10 |
0_2_00007FF7155CCE10 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B61DE |
0_2_00007FF7155B61DE |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155C99F0 |
0_2_00007FF7155C99F0 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B65BC |
0_2_00007FF7155B65BC |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155D21A0 |
0_2_00007FF7155D21A0 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155D51B0 |
0_2_00007FF7155D51B0 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155C2C80 |
0_2_00007FF7155C2C80 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155C147F |
0_2_00007FF7155C147F |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155DA090 |
0_2_00007FF7155DA090 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155D3460 |
0_2_00007FF7155D3460 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B585C |
0_2_00007FF7155B585C |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155CDC50 |
0_2_00007FF7155CDC50 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155CAC30 |
0_2_00007FF7155CAC30 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B650B |
0_2_00007FF7155B650B |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B5CD7 |
0_2_00007FF7155B5CD7 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155D8CA0 |
0_2_00007FF7155D8CA0 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155D78A0 |
0_2_00007FF7155D78A0 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B709B |
0_2_00007FF7155B709B |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155CFCB0 |
0_2_00007FF7155CFCB0 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B9B90 |
0_2_00007FF7155B9B90 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B5F95 |
0_2_00007FF7155B5F95 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155CD390 |
0_2_00007FF7155CD390 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155CC770 |
0_2_00007FF7155CC770 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155D0B50 |
0_2_00007FF7155D0B50 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155D3F20 |
0_2_00007FF7155D3F20 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155CE400 |
0_2_00007FF7155CE400 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155EFC00 |
0_2_00007FF7155EFC00 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B57A5 |
0_2_00007FF7155B57A5 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: String function: 00007FF7155B75E0 appears 47 times |
|
Source: eOlMJXTCUH.exe, 00000000.00000000.1445088590.00007FF7155FE000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameiQVW64.SYSH vs eOlMJXTCUH.exe |
Source: eOlMJXTCUH.exe, 00000000.00000002.2701066643.00007FF7155FF000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameiQVW64.SYSH vs eOlMJXTCUH.exe |
Source: eOlMJXTCUH.exe |
Binary or memory string: OriginalFilenameiQVW64.SYSH vs eOlMJXTCUH.exe |
Source: eOlMJXTCUH.exe, type: SAMPLE |
Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.0.eOlMJXTCUH.exe.7ff715608390.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.0.eOlMJXTCUH.exe.7ff71560b5c9.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.2.eOlMJXTCUH.exe.7ff71560b5c9.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.2.eOlMJXTCUH.exe.7ff715608390.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.0.eOlMJXTCUH.exe.7ff715608390.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.2.eOlMJXTCUH.exe.7ff715608390.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.2.eOlMJXTCUH.exe.7ff7155ffc80.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.0.eOlMJXTCUH.exe.7ff7155ffc80.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.2.eOlMJXTCUH.exe.7ff7155a0000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: 0.0.eOlMJXTCUH.exe.7ff7155a0000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime |
Source: eOlMJXTCUH.exe |
Binary string: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZstring too longbad cast\\\.\Nal[-] \Device\Nal is already in use.[<] Loading vulnerable driver, Name: [-] Can't find TEMP folder[-] Failed to create vulnerable driver file[-] Failed to register and start service for the vulnerable driver[-] Failed to load driver iqvw64e.sysntoskrnl.exe[-] Failed to get ntoskrnl.exe[-] Failed to ClearPiDDBCacheTable[-] Failed to ClearKernelHashBucketList[!] Failed to ClearMmUnloadedDrivers[<] Unloading vulnerable driver[!] Error dumping shit inside the disk[+] Vul driver data destroyed before unlink[-] Failed to translate virtual address 0x[-] Failed to map IO space of 0x[!] Failed to unmap IO space of physical address 0xExAllocatePoolWithTag[!] Failed to find ExAllocatePoolExFreePool[!] Failed to find device_object[!] Failed to find driver_object[!] Failed to find driver_section[!] Failed to find driver name[!] Failed to read driver name[!] Failed to write driver name length[+] MmUnloadedDrivers Cleaned: ExAcquireResourceExclusiveLite[!] Failed to find ExAcquireResourceExclusiveLiteExReleaseResourceLite[!] Failed to find ExReleaseResourceLiteRtlDeleteElementGenericTableAvl[!] Failed to find RtlDeleteElementGenericTableAvlRtlLookupElementGenericTableAvl[!] Failed to find RtlLookupElementGenericTableAvlxxxxxx????xxxxx????xxx????xxxxx????x????xx?x |
Source: eOlMJXTCUH.exe |
Binary string: \Device\Nal |
Source: classification engine |
Classification label: mal68.rans.winEXE@2/0@0/0 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155EF760 _invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,FindResourceExW,LoadResource,LockResource,SizeofResource,FindResourceW,LoadResource,LockResource,SizeofResource,WideCharToMultiByte,WideCharToMultiByte, |
0_2_00007FF7155EF760 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7000:120:WilError_03 |
Source: eOlMJXTCUH.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: eOlMJXTCUH.exe |
ReversingLabs: Detection: 47% |
Source: unknown |
Process created: C:\Users\user\Desktop\eOlMJXTCUH.exe "C:\Users\user\Desktop\eOlMJXTCUH.exe" |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Section loaded: d3dcompiler_43.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: eOlMJXTCUH.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: eOlMJXTCUH.exe |
Static file information: File size 2647552 > 1048576 |
Source: eOlMJXTCUH.exe |
Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x225c00 |
Source: eOlMJXTCUH.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: eOlMJXTCUH.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: eOlMJXTCUH.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: eOlMJXTCUH.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: eOlMJXTCUH.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: eOlMJXTCUH.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: eOlMJXTCUH.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: eOlMJXTCUH.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: \COD_TB\x64\Release\TOP_2.4.6.pdb@@ source: eOlMJXTCUH.exe |
Source: |
Binary string: \COD_TB\x64\Release\TOP_2.4.6.pdb source: eOlMJXTCUH.exe |
Source: |
Binary string: C:\Windows\Start.pdb source: eOlMJXTCUH.exe |
Source: |
Binary string: c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb source: eOlMJXTCUH.exe |
Source: eOlMJXTCUH.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: eOlMJXTCUH.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: eOlMJXTCUH.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: eOlMJXTCUH.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: eOlMJXTCUH.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B8220 InitOnceBeginInitialize,LoadLibraryA,InitOnceComplete,LoadLibraryA,GetProcAddress,abort,InitOnceBeginInitialize,LoadLibraryA,InitOnceComplete,LoadLibraryA,GetProcAddress,abort,InitOnceBeginInitialize,LoadLibraryA,InitOnceComplete,LoadLibraryA,GetProcAddress,abort, |
0_2_00007FF7155B8220 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155D3A91 push 8B48D68Bh; retf |
0_2_00007FF7155D3A9C |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155DA090 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,memset,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, |
0_2_00007FF7155DA090 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155FB400 memset,GetLastError,IsDebuggerPresent,OutputDebugStringW, |
0_2_00007FF7155FB400 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155FB400 memset,GetLastError,IsDebuggerPresent,OutputDebugStringW, |
0_2_00007FF7155FB400 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155DA090 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,memset,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, |
0_2_00007FF7155DA090 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155B8220 InitOnceBeginInitialize,LoadLibraryA,InitOnceComplete,LoadLibraryA,GetProcAddress,abort,InitOnceBeginInitialize,LoadLibraryA,InitOnceComplete,LoadLibraryA,GetProcAddress,abort,InitOnceBeginInitialize,LoadLibraryA,InitOnceComplete,LoadLibraryA,GetProcAddress,abort, |
0_2_00007FF7155B8220 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155D8880 GetProcessHeap,_Init_thread_footer,_Init_thread_footer, |
0_2_00007FF7155D8880 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155FA958 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF7155FA958 |
Source: C:\Users\user\Desktop\eOlMJXTCUH.exe |
Code function: 0_2_00007FF7155FB280 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00007FF7155FB280 |