Windows Analysis Report
kas77c5mDL.exe

Overview

General Information

Sample name: kas77c5mDL.exe
renamed because original name is a hash value
Original sample name: 8059579bea79e8c443e2195994c51bfe.exe
Analysis ID: 1521402
MD5: 8059579bea79e8c443e2195994c51bfe
SHA1: d51b187147993d7fe5d20cb7ff02d8285e021860
SHA256: cbd39ae2915c2b2a99fbd27afff7480aec76d595d88c34def92e4a66bbf396e2
Tags: exeuser-abuse_ch
Infos:

Detection

Score: 7
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: kas77c5mDL.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: kas77c5mDL.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: kas77c5mDL.exe
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00644900 FindFirstFileW,GetLastError,FindClose, 0_2_00644900
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00643E40 FindFirstFileW,FindFirstFileW,FindClose,FindClose, 0_2_00643E40
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00504FC0 FindClose,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError, 0_2_00504FC0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00527D60 GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLastError, 0_2_00527D60
Source: kas77c5mDL.exe String found in binary or memory: http://schemas.micr
Contains functionality to call native functions
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00573140 NtdllDefWindowProc_W, 0_2_00573140
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0051E1A0 NtdllDefWindowProc_W, 0_2_0051E1A0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_004F82C0 NtdllDefWindowProc_W,GlobalAlloc,GlobalLock,GlobalUnlock, 0_2_004F82C0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_004FB360 NtdllDefWindowProc_W, 0_2_004FB360
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0050A430 NtdllDefWindowProc_W,DeleteCriticalSection, 0_2_0050A430
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_004F8970 NtdllDefWindowProc_W, 0_2_004F8970
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_004FB9C0 NtdllDefWindowProc_W, 0_2_004FB9C0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_004F7AF0 NtdllDefWindowProc_W,NtdllDefWindowProc_W,GlobalAlloc,GlobalLock,GlobalUnlock,NtdllDefWindowProc_W, 0_2_004F7AF0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00502A80 NtdllDefWindowProc_W, 0_2_00502A80
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_004FAB70 NtdllDefWindowProc_W, 0_2_004FAB70
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00502BF0 NtdllDefWindowProc_W, 0_2_00502BF0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0050FE20 NtdllDefWindowProc_W, 0_2_0050FE20
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_005DCE20 NtdllDefWindowProc_W, 0_2_005DCE20
Detected potential crypto function
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_004E1490 0_2_004E1490
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0064C030 0_2_0064C030
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0073302F 0_2_0073302F
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_005240E0 0_2_005240E0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00501110 0_2_00501110
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00503130 0_2_00503130
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00621110 0_2_00621110
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_006A61E0 0_2_006A61E0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_005161C0 0_2_005161C0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_007211E0 0_2_007211E0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_006A41C0 0_2_006A41C0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_006A5270 0_2_006A5270
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_006A7230 0_2_006A7230
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0072837E 0_2_0072837E
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0069E350 0_2_0069E350
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00511310 0_2_00511310
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00529330 0_2_00529330
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_006A6420 0_2_006A6420
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0071840E 0_2_0071840E
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00510540 0_2_00510540
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00527530 0_2_00527530
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_004E3530 0_2_004E3530
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_006A5790 0_2_006A5790
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_006A38C0 0_2_006A38C0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0051F8B0 0_2_0051F8B0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0069D890 0_2_0069D890
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0072D961 0_2_0072D961
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0050E910 0_2_0050E910
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00517990 0_2_00517990
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_006A3A70 0_2_006A3A70
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00520AF0 0_2_00520AF0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00510AB0 0_2_00510AB0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0065AB60 0_2_0065AB60
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0069FB10 0_2_0069FB10
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00521C00 0_2_00521C00
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0052DC20 0_2_0052DC20
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0069DCA0 0_2_0069DCA0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_006B2D30 0_2_006B2D30
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_006A6D10 0_2_006A6D10
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0053EDF0 0_2_0053EDF0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_006A3DB0 0_2_006A3DB0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00577DB0 0_2_00577DB0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00535E30 0_2_00535E30
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: String function: 0070B8BD appears 46 times
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: String function: 004E93B0 appears 108 times
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: String function: 0070B8C9 appears 31 times
Sample file is different than original file name gathered from version info
Source: kas77c5mDL.exe Binary or memory string: OriginalFileName vs kas77c5mDL.exe
Source: kas77c5mDL.exe, 00000000.00000000.1686997293.000000000086D000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFileNameSetup.exe@ vs kas77c5mDL.exe
Source: kas77c5mDL.exe, 00000000.00000002.1739950792.000000000086C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFileNameSetup.exe@ vs kas77c5mDL.exe
Source: kas77c5mDL.exe Binary or memory string: OriginalFileNameSetup.exe@ vs kas77c5mDL.exe
Uses 32bit PE files
Source: kas77c5mDL.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: clean7.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00647B80 FormatMessageW,GetLastError, 0_2_00647B80
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0053BD00 GetDiskFreeSpaceExW, 0_2_0053BD00
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_004EA7E0 LoadResource,LockResource,SizeofResource, 0_2_004EA7E0
Source: kas77c5mDL.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\kas77c5mDL.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe File read: C:\Users\user\Desktop\kas77c5mDL.exe Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: msi.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: davhlpr.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: lpk.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: msihnd.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\kas77c5mDL.exe Section loaded: wintypes.dll Jump to behavior
Source: kas77c5mDL.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: kas77c5mDL.exe Static file information: File size 15059585 > 1048576
Source: kas77c5mDL.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2c2000
Source: kas77c5mDL.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: kas77c5mDL.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: kas77c5mDL.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: kas77c5mDL.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: kas77c5mDL.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: kas77c5mDL.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: kas77c5mDL.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: kas77c5mDL.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: kas77c5mDL.exe
Source: kas77c5mDL.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: kas77c5mDL.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: kas77c5mDL.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: kas77c5mDL.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: kas77c5mDL.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0064E070 InitializeCriticalSection,EnterCriticalSection,GetCurrentProcess,GetCurrentThread,SymSetOptions,LoadLibraryA,GetProcAddress,SymInitialize,StackWalk,GetModuleHandleW,SymCleanup,LeaveCriticalSection, 0_2_0064E070
PE file contains sections with non-standard names
Source: kas77c5mDL.exe Static PE information: section name: .didat
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0071044E push ecx; ret 0_2_00710461
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_004FF8A0 push ecx; mov dword ptr [esp], ecx 0_2_004FF8A1
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\kas77c5mDL.exe API coverage: 3.5 %
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00644900 FindFirstFileW,GetLastError,FindClose, 0_2_00644900
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00643E40 FindFirstFileW,FindFirstFileW,FindClose,FindClose, 0_2_00643E40
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00504FC0 FindClose,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError, 0_2_00504FC0
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00527D60 GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLastError, 0_2_00527D60
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_007149B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_007149B3
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0063E400 CreateFileW,GetLastError,OutputDebugStringW,OutputDebugStringW,SetFilePointer,OutputDebugStringW,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers, 0_2_0063E400
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0064E070 InitializeCriticalSection,EnterCriticalSection,GetCurrentProcess,GetCurrentThread,SymSetOptions,LoadLibraryA,GetProcAddress,SymInitialize,StackWalk,GetModuleHandleW,SymCleanup,LeaveCriticalSection, 0_2_0064E070
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0070F32D mov esi, dword ptr fs:[00000030h] 0_2_0070F32D
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0071C8BC mov ecx, dword ptr fs:[00000030h] 0_2_0071C8BC
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_00729E5A mov eax, dword ptr fs:[00000030h] 0_2_00729E5A
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_004F20A0 GetProcessHeap,HeapFree, 0_2_004F20A0
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_007149B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_007149B3
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0070FE1E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_0070FE1E
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0063F600 GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,GetLastError,CloseHandle, 0_2_0063F600
Source: C:\Users\user\Desktop\kas77c5mDL.exe Code function: 0_2_0063E310 GetLocalTime, 0_2_0063E310
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1521402 Sample: kas77c5mDL.exe Startdate: 28/09/2024 Architecture: WINDOWS Score: 7 4 kas77c5mDL.exe 2->4         started       
No contacted IP infos