Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
ReversingLabs: Detection: 50% |
Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00408840 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA, |
0_2_00408840 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00470FD3 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA, |
0_2_00470FD3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00411700 FindNextFileA,FindClose,FindFirstFileA,FindClose, |
0_2_00411700 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00419BC0 FindFirstFileA,FindClose, |
0_2_00419BC0 |
Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
String found in binary or memory: http://www.eyuyan.com)DVarFileInfo$ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0042DCD0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard, |
0_2_0042DCD0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0042DCD0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard, |
0_2_0042DCD0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0042DE30 OpenClipboard,GetClipboardData,CloseClipboard,GlobalSize,GlobalLock,GlobalUnlock,CloseClipboard, |
0_2_0042DE30 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00418050 IsWindowEnabled,TranslateAcceleratorA,IsChild,GetFocus,PostMessageA,PostMessageA,SendMessageA,IsChild,IsWindow,IsWindowVisible,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetParent,SendMessageA,WinHelpA,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,IsWindow, |
0_2_00418050 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0042C530 GetKeyState,GetKeyState,GetKeyState,CopyRect, |
0_2_0042C530 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_004756AD GetKeyState,GetKeyState,GetKeyState,GetKeyState, |
0_2_004756AD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00473B86 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA, |
0_2_00473B86 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00419D70 GetKeyState,GetKeyState,GetKeyState,GetKeyState, |
0_2_00419D70 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0043C040 |
0_2_0043C040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0041C110 |
0_2_0041C110 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_004621C0 |
0_2_004621C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0044A2E0 |
0_2_0044A2E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0043E2F3 |
0_2_0043E2F3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_004542B0 |
0_2_004542B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00436450 |
0_2_00436450 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0041A430 |
0_2_0041A430 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_004404B0 |
0_2_004404B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0044C4B9 |
0_2_0044C4B9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_004385E0 |
0_2_004385E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0044E600 |
0_2_0044E600 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0044C976 |
0_2_0044C976 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00428930 |
0_2_00428930 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00448AF0 |
0_2_00448AF0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0045CC50 |
0_2_0045CC50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0044CC61 |
0_2_0044CC61 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00458D30 |
0_2_00458D30 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0045EDA0 |
0_2_0045EDA0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0044CE14 |
0_2_0044CE14 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00472E27 |
0_2_00472E27 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0045AF60 |
0_2_0045AF60 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0046CFEE |
0_2_0046CFEE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00449030 |
0_2_00449030 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_004230E0 |
0_2_004230E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_004690F6 |
0_2_004690F6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0044D08E |
0_2_0044D08E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0043F0A0 |
0_2_0043F0A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_004530BE |
0_2_004530BE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00445120 |
0_2_00445120 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0045D1D0 |
0_2_0045D1D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00413200 |
0_2_00413200 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0045330E |
0_2_0045330E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00445430 |
0_2_00445430 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0044D4C0 |
0_2_0044D4C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0044B760 |
0_2_0044B760 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_004597D0 |
0_2_004597D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00445860 |
0_2_00445860 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0044D990 |
0_2_0044D990 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0040F9A0 |
0_2_0040F9A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00449AF0 |
0_2_00449AF0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0044DBC0 |
0_2_0044DBC0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0043BB80 |
0_2_0043BB80 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00411D10 |
0_2_00411D10 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00453E10 |
0_2_00453E10 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0043BEB0 |
0_2_0043BEB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0044BFA0 |
0_2_0044BFA0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: String function: 00462F28 appears 94 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: String function: 00444B60 appears 77 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: String function: 004448E0 appears 39 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: String function: 00444750 appears 81 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: String function: 00471EE8 appears 44 times |
|
Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal56.winEXE@1/0@1/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00474040 FindResourceA,LoadResource,LockResource, |
0_2_00474040 |
Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
ReversingLabs: Detection: 50% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0047435D GetModuleHandleA,LoadLibraryA,GetProcAddress,#17,#17,FreeLibrary, |
0_2_0047435D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00462F28 push eax; ret |
0_2_00462F46 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00461690 push eax; ret |
0_2_004616BE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00414D40 DestroyCursor,IsWindowVisible,IsIconic,IsZoomed,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMenu,DeleteMenu,GetSystemMenu, |
0_2_00414D40 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00419240 IsIconic,IsZoomed,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,SystemParametersInfoA,IsWindow,ShowWindow, |
0_2_00419240 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00415410 IsIconic, |
0_2_00415410 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0040F9A0 IsWindow,IsIconic,SetActiveWindow,IsWindow,IsWindow,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,SetParent,SetWindowPos,IsWindow,SendMessageA,SendMessageA,DestroyAcceleratorTable,IsWindow,IsWindow,IsWindow,IsWindow,IsWindow,GetParent,GetFocus,IsWindow,SendMessageA,IsWindow,GetFocus,SetFocus, |
0_2_0040F9A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0045FCDF IsIconic,GetWindowPlacement,GetWindowRect, |
0_2_0045FCDF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00408840 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA, |
0_2_00408840 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00470FD3 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA, |
0_2_00470FD3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00411700 FindNextFileA,FindClose,FindFirstFileA,FindClose, |
0_2_00411700 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_00419BC0 FindFirstFileA,FindClose, |
0_2_00419BC0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0047435D GetModuleHandleA,LoadLibraryA,GetProcAddress,#17,#17,FreeLibrary, |
0_2_0047435D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_004372B0 GetProcessHeap,OleInitialize,GetModuleFileNameA,SetCurrentDirectoryA,LoadCursorA,GetStockObject,GetCurrentThreadId, |
0_2_004372B0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0046BDFD SetUnhandledExceptionFilter, |
0_2_0046BDFD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0046BE0F SetUnhandledExceptionFilter, |
0_2_0046BE0F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0046348A GetLocalTime,GetSystemTime,GetTimeZoneInformation, |
0_2_0046348A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0046348A GetLocalTime,GetSystemTime,GetTimeZoneInformation, |
0_2_0046348A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe |
Code function: 0_2_0047AB8E GetVersion,GetProcessVersion,LoadCursorA,LoadCursorA,LoadCursorA, |
0_2_0047AB8E |