Source: kas77c5mDL.exe |
Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: kas77c5mDL.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: kas77c5mDL.exe |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00644900 FindFirstFileW,GetLastError,FindClose, |
0_2_00644900 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00643E40 FindFirstFileW,FindFirstFileW,FindClose,FindClose, |
0_2_00643E40 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00504FC0 FindClose,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError, |
0_2_00504FC0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00527D60 GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLastError, |
0_2_00527D60 |
Source: kas77c5mDL.exe |
String found in binary or memory: http://schemas.micr |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00573140 NtdllDefWindowProc_W, |
0_2_00573140 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0051E1A0 NtdllDefWindowProc_W, |
0_2_0051E1A0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_004F82C0 NtdllDefWindowProc_W,GlobalAlloc,GlobalLock,GlobalUnlock, |
0_2_004F82C0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_004FB360 NtdllDefWindowProc_W, |
0_2_004FB360 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0050A430 NtdllDefWindowProc_W,DeleteCriticalSection, |
0_2_0050A430 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_004F8970 NtdllDefWindowProc_W, |
0_2_004F8970 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_004FB9C0 NtdllDefWindowProc_W, |
0_2_004FB9C0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_004F7AF0 NtdllDefWindowProc_W,NtdllDefWindowProc_W,GlobalAlloc,GlobalLock,GlobalUnlock,NtdllDefWindowProc_W, |
0_2_004F7AF0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00502A80 NtdllDefWindowProc_W, |
0_2_00502A80 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_004FAB70 NtdllDefWindowProc_W, |
0_2_004FAB70 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00502BF0 NtdllDefWindowProc_W, |
0_2_00502BF0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0050FE20 NtdllDefWindowProc_W, |
0_2_0050FE20 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_005DCE20 NtdllDefWindowProc_W, |
0_2_005DCE20 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_004E1490 |
0_2_004E1490 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0064C030 |
0_2_0064C030 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0073302F |
0_2_0073302F |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_005240E0 |
0_2_005240E0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00501110 |
0_2_00501110 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00503130 |
0_2_00503130 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00621110 |
0_2_00621110 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_006A61E0 |
0_2_006A61E0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_005161C0 |
0_2_005161C0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_007211E0 |
0_2_007211E0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_006A41C0 |
0_2_006A41C0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_006A5270 |
0_2_006A5270 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_006A7230 |
0_2_006A7230 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0072837E |
0_2_0072837E |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0069E350 |
0_2_0069E350 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00511310 |
0_2_00511310 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00529330 |
0_2_00529330 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_006A6420 |
0_2_006A6420 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0071840E |
0_2_0071840E |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00510540 |
0_2_00510540 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00527530 |
0_2_00527530 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_004E3530 |
0_2_004E3530 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_006A5790 |
0_2_006A5790 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_006A38C0 |
0_2_006A38C0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0051F8B0 |
0_2_0051F8B0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0069D890 |
0_2_0069D890 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0072D961 |
0_2_0072D961 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0050E910 |
0_2_0050E910 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00517990 |
0_2_00517990 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_006A3A70 |
0_2_006A3A70 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00520AF0 |
0_2_00520AF0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00510AB0 |
0_2_00510AB0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0065AB60 |
0_2_0065AB60 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0069FB10 |
0_2_0069FB10 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00521C00 |
0_2_00521C00 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0052DC20 |
0_2_0052DC20 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0069DCA0 |
0_2_0069DCA0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_006B2D30 |
0_2_006B2D30 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_006A6D10 |
0_2_006A6D10 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0053EDF0 |
0_2_0053EDF0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_006A3DB0 |
0_2_006A3DB0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00577DB0 |
0_2_00577DB0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00535E30 |
0_2_00535E30 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: String function: 0070B8BD appears 46 times |
|
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: String function: 004E93B0 appears 108 times |
|
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: String function: 0070B8C9 appears 31 times |
|
Source: kas77c5mDL.exe |
Binary or memory string: OriginalFileName vs kas77c5mDL.exe |
Source: kas77c5mDL.exe, 00000000.00000000.1686997293.000000000086D000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFileNameSetup.exe@ vs kas77c5mDL.exe |
Source: kas77c5mDL.exe, 00000000.00000002.1739950792.000000000086C000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFileNameSetup.exe@ vs kas77c5mDL.exe |
Source: kas77c5mDL.exe |
Binary or memory string: OriginalFileNameSetup.exe@ vs kas77c5mDL.exe |
Source: kas77c5mDL.exe |
Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean7.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00647B80 FormatMessageW,GetLastError, |
0_2_00647B80 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0053BD00 GetDiskFreeSpaceExW, |
0_2_0053BD00 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_004EA7E0 LoadResource,LockResource,SizeofResource, |
0_2_004EA7E0 |
Source: kas77c5mDL.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
File read: C:\Users\user\Desktop\kas77c5mDL.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: msi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: davhlpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: lpk.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: msihnd.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: kas77c5mDL.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: kas77c5mDL.exe |
Static file information: File size 15059585 > 1048576 |
Source: kas77c5mDL.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2c2000 |
Source: kas77c5mDL.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: kas77c5mDL.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: kas77c5mDL.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: kas77c5mDL.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: kas77c5mDL.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: kas77c5mDL.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: kas77c5mDL.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: kas77c5mDL.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: kas77c5mDL.exe |
Source: kas77c5mDL.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: kas77c5mDL.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: kas77c5mDL.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: kas77c5mDL.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: kas77c5mDL.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0064E070 InitializeCriticalSection,EnterCriticalSection,GetCurrentProcess,GetCurrentThread,SymSetOptions,LoadLibraryA,GetProcAddress,SymInitialize,StackWalk,GetModuleHandleW,SymCleanup,LeaveCriticalSection, |
0_2_0064E070 |
Source: kas77c5mDL.exe |
Static PE information: section name: .didat |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0071044E push ecx; ret |
0_2_00710461 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_004FF8A0 push ecx; mov dword ptr [esp], ecx |
0_2_004FF8A1 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
API coverage: 3.5 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00644900 FindFirstFileW,GetLastError,FindClose, |
0_2_00644900 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00643E40 FindFirstFileW,FindFirstFileW,FindClose,FindClose, |
0_2_00643E40 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00504FC0 FindClose,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError, |
0_2_00504FC0 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00527D60 GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLastError, |
0_2_00527D60 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_007149B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_007149B3 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0063E400 CreateFileW,GetLastError,OutputDebugStringW,OutputDebugStringW,SetFilePointer,OutputDebugStringW,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers, |
0_2_0063E400 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0064E070 InitializeCriticalSection,EnterCriticalSection,GetCurrentProcess,GetCurrentThread,SymSetOptions,LoadLibraryA,GetProcAddress,SymInitialize,StackWalk,GetModuleHandleW,SymCleanup,LeaveCriticalSection, |
0_2_0064E070 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0070F32D mov esi, dword ptr fs:[00000030h] |
0_2_0070F32D |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0071C8BC mov ecx, dword ptr fs:[00000030h] |
0_2_0071C8BC |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_00729E5A mov eax, dword ptr fs:[00000030h] |
0_2_00729E5A |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_004F20A0 GetProcessHeap,HeapFree, |
0_2_004F20A0 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_007149B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_007149B3 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0070FE1E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_0070FE1E |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0063F600 GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,GetLastError,CloseHandle, |
0_2_0063F600 |
Source: C:\Users\user\Desktop\kas77c5mDL.exe |
Code function: 0_2_0063E310 GetLocalTime, |
0_2_0063E310 |