Windows Analysis Report
4V6Beh3FOX.exe

Overview

General Information

Sample name: 4V6Beh3FOX.exe
renamed because original name is a hash value
Original sample name: 942fa054aa449b438d394d6b37d383af.exe
Analysis ID: 1520457
MD5: 942fa054aa449b438d394d6b37d383af
SHA1: 1dd5556529cf575c5d14b74e51f082cff3b33bbf
SHA256: 77a4b26f77a0ce0c304b98002536fe19ecf8cd736ab20c4aad314e4c8b4d947e
Tags: exeuser-abuse_ch

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to detect sleep reduction / modifications
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query network adapater information
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found potential string decryption / allocating functions
May check if the current machine is a sandbox (GetTickCount - Sleep)
PE file contains executable resources (Code or Archives)
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: 4V6Beh3FOX.exe ReversingLabs: Detection: 15%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 81.9% probability
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0045C730 BCryptGenRandom, 0_2_0045C730
Source: 4V6Beh3FOX.exe, 00000000.00000002.2560039260.000000000048C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_6a684240-d
Uses 32bit PE files
Source: 4V6Beh3FOX.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Binary string: D:\SpeedEngineUpgradeTo2019_09_30_15_41_41\3rdparty\curl-7.32.0\vs\vc142\lib\Release\libcurl.pdb source: 4V6Beh3FOX.exe
Source: Binary string: D:\qqspeed2013_Release\__Obj\Win32\Shipping\pdb\Network.pdb source: 4V6Beh3FOX.exe, 00000000.00000000.1294255765.0000000000A0C000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: F:\VCtest\Projects\NEWGZXTEST\KF\Release\GZX.pdb source: 4V6Beh3FOX.exe
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0040E160 Sleep,Sleep,#21,WSAIoctl,EnterCriticalSection,LeaveCriticalSection,EnterCriticalSection,LeaveCriticalSection,#21,#22,#3,#266,#265,WSARecv,#111,EnterCriticalSection,LeaveCriticalSection,#266, 0_2_0040E160
Source: 4V6Beh3FOX.exe String found in binary or memory: http://121.14.75.55:10032/upload
Source: 4V6Beh3FOX.exe String found in binary or memory: http://121.14.75.55:10032/uploadClientLog%u
Source: 4V6Beh3FOX.exe String found in binary or memory: http://27.25.156.102:9999/style.html
Source: 4V6Beh3FOX.exe String found in binary or memory: http://27.25.156.102:9999/style.htmllibcurl.dllt1.dllt2.dlllibcurldllNetworkdllMapCodeinit2.dll
Source: 4V6Beh3FOX.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 4V6Beh3FOX.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: 4V6Beh3FOX.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 4V6Beh3FOX.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 4V6Beh3FOX.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 4V6Beh3FOX.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: 4V6Beh3FOX.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 4V6Beh3FOX.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 4V6Beh3FOX.exe String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: 4V6Beh3FOX.exe String found in binary or memory: http://curl.haxx.se/docs/http-cookies.html
Source: 4V6Beh3FOX.exe String found in binary or memory: http://ocsp.digicert.com0
Source: 4V6Beh3FOX.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: 4V6Beh3FOX.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: 4V6Beh3FOX.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: 4V6Beh3FOX.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: 4V6Beh3FOX.exe String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: 4V6Beh3FOX.exe String found in binary or memory: https://curl.se/docs/hsts.html
Source: 4V6Beh3FOX.exe String found in binary or memory: https://curl.se/docs/http-cookies.html
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0041AE10 memset,memset,SHGetSpecialFolderPathA,_time64,OpenClipboard,GetClipboardData,GlobalSize,malloc,GlobalLock,memset,GlobalUnlock,CloseClipboard,strstr,#296,#296,memset,memset,SendMessageW,#4815,SendMessageW,#8067,#7820,#290,#13656,#1045,#290,#13656,#1045,#13656,#290,#13656,#1045,memset,memcpy,_time64,#296,#4815,#13656,#1045,atoll,atoi,atoi,#2990,#2990,#2990,#296,#4815,SendMessageW,#1045,#1045,#1045,#266, 0_2_0041AE10
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0041AE10 memset,memset,SHGetSpecialFolderPathA,_time64,OpenClipboard,GetClipboardData,GlobalSize,malloc,GlobalLock,memset,GlobalUnlock,CloseClipboard,strstr,#296,#296,memset,memset,SendMessageW,#4815,SendMessageW,#8067,#7820,#290,#13656,#1045,#290,#13656,#1045,#13656,#290,#13656,#1045,memset,memcpy,_time64,#296,#4815,#13656,#1045,atoll,atoi,atoi,#2990,#2990,#2990,#296,#4815,SendMessageW,#1045,#1045,#1045,#266, 0_2_0041AE10
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00410970: memset,CreateFileA,DeviceIoControl,DeviceIoControl,CloseHandle,memset,DeviceIoControl,memmove,malloc,free, 0_2_00410970
Detected potential crypto function
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0040403E 0_2_0040403E
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00413100 0_2_00413100
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00403190 0_2_00403190
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0047A230 0_2_0047A230
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0044F2E0 0_2_0044F2E0
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0041D350 0_2_0041D350
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0045B420 0_2_0045B420
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_004024B0 0_2_004024B0
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00401610 0_2_00401610
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00416740 0_2_00416740
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_004107A0 0_2_004107A0
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00459AE0 0_2_00459AE0
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0041AE10 0_2_0041AE10
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00405FA0 0_2_00405FA0
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00472FB0 0_2_00472FB0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: String function: 00444860 appears 44 times
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: String function: 00444790 appears 40 times
PE file contains executable resources (Code or Archives)
Source: 4V6Beh3FOX.exe Static PE information: Resource name: LIBCURLDLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: 4V6Beh3FOX.exe Static PE information: Resource name: NETWORKDLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Sample file is different than original file name gathered from version info
Source: 4V6Beh3FOX.exe, 00000000.00000000.1294255765.0000000000A0C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameNetwork.dllZ vs 4V6Beh3FOX.exe
Source: 4V6Beh3FOX.exe, 00000000.00000002.2560148015.00000000007AA000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameGZX.exe8 vs 4V6Beh3FOX.exe
Source: 4V6Beh3FOX.exe Binary or memory string: OriginalFilenameGZX.exe8 vs 4V6Beh3FOX.exe
Uses 32bit PE files
Source: 4V6Beh3FOX.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: mal56.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00411750 VirtualQuery,memset,#296,#296,memset,GetCurrentDirectoryA,FindResourceW,SizeofResource,LoadResource,LockResource,fopen,fwrite,fclose,#1045,#1045, 0_2_00411750
Source: 4V6Beh3FOX.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: 4V6Beh3FOX.exe ReversingLabs: Detection: 15%
Source: 4V6Beh3FOX.exe String found in binary or memory: :8085/add
Source: 4V6Beh3FOX.exe String found in binary or memory: iphlpapi.dllif_nametoindexws2_32FreeAddrInfoExWGetAddrInfoExCancelGetAddrInfoExWkernel32LoadLibraryExA\/AddDllDirectoryh1h2h3%10s %512s %u %10s %512s %u "%64[^"]" %u %urt%s %s%s%s %u %s %s%s%s %u "%d%02d%02d %02d:%02d:%02d" %u %u
Source: 4V6Beh3FOX.exe String found in binary or memory: :8085/add
Source: 4V6Beh3FOX.exe String found in binary or memory: B1721829950816Timestampapplication/jsonContent-TypelsjCustom-Header:8085/addhttp://UIN{"id":"UIN","txt":"data"}data:8085/query{"id":"UIN"}vector<bool> too longmap/set<T> too longalnumalnumalphaalphablankblankcntrlcntrldddigitdigitgraphgraphlowerlowerprintprintpunctpunctspacespacessupperupperwwxdigitxdigitabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Section loaded: mfc140u.dll Jump to behavior
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Section loaded: plfl32.dll Jump to behavior
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Section loaded: uxtheme.dll Jump to behavior
Source: 4V6Beh3FOX.exe Static file information: File size 11517952 > 1048576
Source: 4V6Beh3FOX.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0xa58a00
Source: 4V6Beh3FOX.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\SpeedEngineUpgradeTo2019_09_30_15_41_41\3rdparty\curl-7.32.0\vs\vc142\lib\Release\libcurl.pdb source: 4V6Beh3FOX.exe
Source: Binary string: D:\qqspeed2013_Release\__Obj\Win32\Shipping\pdb\Network.pdb source: 4V6Beh3FOX.exe, 00000000.00000000.1294255765.0000000000A0C000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: F:\VCtest\Projects\NEWGZXTEST\KF\Release\GZX.pdb source: 4V6Beh3FOX.exe
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00448140 #115,#116,GetModuleHandleA,GetProcAddress,GetProcAddress,strpbrk,LoadLibraryA,GetProcAddress,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,QueryPerformanceFrequency, 0_2_00448140
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0042C146 push ecx; ret 0_2_0042C159
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_004139D8 GetPrivateProfileIntA,memset,memset,memset,memset,memset,memset,memset, 0_2_004139D8
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00412DA0 IsIconic,memset,#890,SendMessageW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,#1391,#11038, 0_2_00412DA0

Malware Analysis System Evasion
barindex
Contains functionality to detect sleep reduction / modifications
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00415420 0_2_00415420
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00415A90 0_2_00415A90
Contains functionality to query network adapater information
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: malloc,malloc,GetAdaptersInfo,GetAdaptersInfo,free,malloc,GetAdaptersInfo,strstr,strstr,free, 0_2_00410870
May check if the current machine is a sandbox (GetTickCount - Sleep)
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00415A90 0_2_00415A90
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0040F8A0 #115,#111,CreateIoCompletionPort,CreateIoCompletionPort,CreateIoCompletionPort,CloseHandle,GetLastError,GetSystemInfo,CloseHandle,_beginthreadex,_beginthreadex,CloseHandle,_beginthreadex,CloseHandle, 0_2_0040F8A0
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0042C2EB IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_0042C2EB
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00448140 #115,#116,GetModuleHandleA,GetProcAddress,GetProcAddress,strpbrk,LoadLibraryA,GetProcAddress,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,QueryPerformanceFrequency, 0_2_00448140
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_00420DE0 HeapFree,GetProcessHeap,HeapFree, 0_2_00420DE0
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0042C2EB IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_0042C2EB
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0042C47D SetUnhandledExceptionFilter, 0_2_0042C47D
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_004119C0 #10472,SetUnhandledExceptionFilter,GetSystemMenu,#4885,#296,#8464,AppendMenuW,AppendMenuW,AppendMenuW,#1045,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#8062,#14137,#14137,SendMessageW,SendMessageW,SendMessageW,SendMessageW,#14137,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,#14234,#14234,#14234,#14234,#14234,GetClientRect,#8817,#13628,#5419,#5419,#13800,#13800,#5419,#13800,#5419,#13800,#5419,#13800,#5419,#13800,#5419,#13800,#12793,#14234,GetFileAttributesW,CreateDirectoryW,memset,#296,#296,memset,SHGetSpecialFolderPathW,#4815,GetPrivateProfileIntW,GetPrivateProfileIntW,SendMessageW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileStringW,#14137,#14137,_wtoll,_wtoll,GetPrivateProfileStringW,#14137,_wtoll,GetPrivateProfileStringW,#14137,_wtoll,GetPrivateProfileStringW,#14137,_wtoll,GetPrivateProfileStringW,#14137,_wtoll,GetPrivateProfileStringW,#14137,_wtoll,GetPrivateProfileStringW,#14137,_wtoll,GetPrivateProfileStringW,#14137,_wtoll,GetPrivateProfileStringW,#14137,_wtoll,GetPrivateProfileStringW,#14137,#286,#5110,WideCharToMultiByte,WideCharToMultiByte,#5110,WideCharToMultiByte,#1045,GetPrivateProfileStringW,#14137,#14137,_wtoll,_wtoll,GetPrivateProfileStringW,#14137,_wtoll,GetPrivateProfileStringW,_wtoll,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,SendMessageW,GetPrivateProfileIntW,SendMessageW,SendMessageW,SendMessageW,GetPrivateProfileStringW,#14137,_wtoll,GetPrivateProfileStringW,#14137,_wtoll,GetPrivateProfileStringW,#14137,_wtoll,GetPrivateProfileStringW,#14137,_wtoll,GetPrivateProfileStringW,#14137,_wtoll,_wtoll,#296,P_GetDataValue,#4815,_wtoll,P_GetInfo,#290,#4815,#1045,#14234,#14234,#14234,#14234,#14234,#14234,#14234,GetPrivateProfileIntW,SendMessageW,SendMessageW,#1045,SHGetSpecialFolderPathA,SHGetSpecialFolderPathA,SendMessageW,memset,SHGetSpecialFolderPathA,_beginthreadex,CloseHandle,SendMessageW,SetTimer,MessageBoxA,#1045,#1045, 0_2_004119C0
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0042BB39 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_0042BB39
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0042C526 cpuid 0_2_0042C526
Source: C:\Users\user\Desktop\4V6Beh3FOX.exe Code function: 0_2_0042C1DD GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_0042C1DD
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1520457 Sample: 4V6Beh3FOX.exe Startdate: 27/09/2024 Architecture: WINDOWS Score: 56 8 Multi AV Scanner detection for submitted file 2->8 10 AI detected suspicious sample 2->10 5 4V6Beh3FOX.exe 2->5         started        process3 signatures4 12 Contains functionality to detect sleep reduction / modifications 5->12
No contacted IP infos