Source: FSJs1TlAyf.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715206920 FindFirstFileExW,FindClose, |
0_2_00007FF715206920 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715220974 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_00007FF715220974 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715216208 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF715216208 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715216208 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF715216208 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715210D6C |
0_2_00007FF715210D6C |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71521AFEC |
0_2_00007FF71521AFEC |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715211BF4 |
0_2_00007FF715211BF4 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71521F9D8 |
0_2_00007FF71521F9D8 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71520FDD0 |
0_2_00007FF71520FDD0 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715222DDC |
0_2_00007FF715222DDC |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71520783C |
0_2_00007FF71520783C |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715216054 |
0_2_00007FF715216054 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715212028 |
0_2_00007FF715212028 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71521D818 |
0_2_00007FF71521D818 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715205890 |
0_2_00007FF715205890 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71521705C |
0_2_00007FF71521705C |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF7152110F8 |
0_2_00007FF7152110F8 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF7152098F0 |
0_2_00007FF7152098F0 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715228718 |
0_2_00007FF715228718 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71520FFBC |
0_2_00007FF71520FFBC |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71520F814 |
0_2_00007FF71520F814 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715208FF0 |
0_2_00007FF715208FF0 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715207314 |
0_2_00007FF715207314 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715222950 |
0_2_00007FF715222950 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71520717D |
0_2_00007FF71520717D |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715214970 |
0_2_00007FF715214970 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715220974 |
0_2_00007FF715220974 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71521D198 |
0_2_00007FF71521D198 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF7152101A4 |
0_2_00007FF7152101A4 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715216208 |
0_2_00007FF715216208 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71520F9FC |
0_2_00007FF71520F9FC |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71521F9D8 |
0_2_00007FF71521F9D8 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF7152249D8 |
0_2_00007FF7152249D8 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715224C54 |
0_2_00007FF715224C54 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715218C60 |
0_2_00007FF715218C60 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71521CCE8 |
0_2_00007FF71521CCE8 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715216208 |
0_2_00007FF715216208 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715207B48 |
0_2_00007FF715207B48 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF7152253D0 |
0_2_00007FF7152253D0 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71520FBE8 |
0_2_00007FF71520FBE8 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF7152123F4 |
0_2_00007FF7152123F4 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: String function: 00007FF715201C40 appears 44 times |
|
Source: classification engine |
Classification label: clean5.winEXE@2/1@0/0 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF7152065C0 GetLastError,FormatMessageW,WideCharToMultiByte, |
0_2_00007FF7152065C0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5676:120:WilError_03 |
Source: FSJs1TlAyf.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
File read: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\FSJs1TlAyf.exe "C:\Users\user\Desktop\FSJs1TlAyf.exe" |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: FSJs1TlAyf.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: FSJs1TlAyf.exe |
Static file information: File size 1908755 > 1048576 |
Source: FSJs1TlAyf.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: FSJs1TlAyf.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: FSJs1TlAyf.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: FSJs1TlAyf.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: FSJs1TlAyf.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: FSJs1TlAyf.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: FSJs1TlAyf.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: FSJs1TlAyf.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: FSJs1TlAyf.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: FSJs1TlAyf.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: FSJs1TlAyf.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: FSJs1TlAyf.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: FSJs1TlAyf.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: FSJs1TlAyf.exe |
Static PE information: real checksum: 0x6b0ea0 should be: 0x1e112c |
Source: FSJs1TlAyf.exe |
Static PE information: section name: _RDATA |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715202EF0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
0_2_00007FF715202EF0 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Check user administrative privileges: GetTokenInformation,DecisionNodes |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
API coverage: 7.8 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715206920 FindFirstFileExW,FindClose, |
0_2_00007FF715206920 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715220974 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_00007FF715220974 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715216208 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF715216208 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715216208 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF715216208 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71520A79C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF71520A79C |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715222540 GetProcessHeap, |
0_2_00007FF715222540 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71520A79C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF71520A79C |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71520A944 SetUnhandledExceptionFilter, |
0_2_00007FF71520A944 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71520A184 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF71520A184 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715219B90 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF715219B90 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF715228560 cpuid |
0_2_00007FF715228560 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF71520A680 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00007FF71520A680 |
Source: C:\Users\user\Desktop\FSJs1TlAyf.exe |
Code function: 0_2_00007FF7152249D8 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation, |
0_2_00007FF7152249D8 |