Source: SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
ReversingLabs: Detection: 63% |
Source: SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_0041F0F0 FindFirstFileA,RemoveDirectoryA,RemoveDirectoryA,DeleteFileA,FindNextFileA,FindClose, |
0_2_0041F0F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_0041ED60 FindClose,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,FindNextFileA,FindNextFileA, |
0_2_0041ED60 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_0040C4BD OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, |
0_2_0040C4BD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_0040C4BD OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, |
0_2_0040C4BD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_0040C39B GlobalAlloc,GlobalLock,RtlMoveMemory,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, |
0_2_0040C39B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_0040DEC4 GetCurrentProcess,OpenProcess,LocalAlloc,NtQueryInformationProcess,LocalFree,CloseHandle, |
0_2_0040DEC4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_0041293F OpenSCManagerA,OpenServiceA,DeleteService,CloseServiceHandle,CloseServiceHandle, |
0_2_0041293F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_00423D60 |
0_2_00423D60 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_004242E0 |
0_2_004242E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_004216A0 |
0_2_004216A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_00422F90 |
0_2_00422F90 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 488 |
Source: SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe, 00000000.00000000.1893032318.000000000043A000.00000008.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamewininit.exeD vs SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Source: SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe, 00000000.00000002.2033501137.000000000077E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamewininit.exeD vs SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Source: SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Binary or memory string: OriginalFilenamewininit.exeD vs SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Source: SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal68.spyw.winEXE@2/5@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: OpenSCManagerA,CreateServiceA,CloseServiceHandle,CloseServiceHandle, |
0_2_0041273E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_0040C6B5 CreateToolhelp32Snapshot,Process32First,CloseHandle,Process32Next,CloseHandle, |
0_2_0040C6B5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_00413144 OpenSCManagerA,OpenServiceA,ChangeServiceConfigA,CloseServiceHandle,CloseServiceHandle, |
0_2_00413144 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7008 |
Source: SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
ReversingLabs: Detection: 63% |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe" |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 488 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_004012AD KiUserExceptionDispatcher,GetSystemMetrics,LoadLibraryA,GetProcAddress,CreateFileA, |
0_2_004012AD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_00424950 push eax; ret |
0_2_0042497E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_0040BA88 push E8000001h; iretd |
0_2_0040BA8D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_00412AB1 OpenSCManagerA,OpenServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle, |
0_2_00412AB1 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: OpenSCManagerA,EnumServicesStatusA,GetProcessHeap,HeapAlloc,EnumServicesStatusA,RtlMoveMemory,OpenServiceA,QueryServiceConfigA,GetProcessHeap,HeapAlloc,QueryServiceConfigA,RtlMoveMemory,GetProcessHeap,HeapFree,CloseServiceHandle,GetProcessHeap,HeapFree,CloseServiceHandle, |
0_2_00414175 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: OpenSCManagerA,EnumServicesStatusA,GlobalAlloc,EnumServicesStatusA,GlobalFree,CloseServiceHandle, |
0_2_00415536 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: OpenSCManagerA,EnumServicesStatusExA,GlobalAlloc,EnumServicesStatusExA,RtlMoveMemory,OpenServiceA,QueryServiceConfigA,GlobalAlloc,QueryServiceConfigA,RtlMoveMemory,GlobalFree,CloseServiceHandle,GlobalFree,CloseServiceHandle, |
0_2_00415BE0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_0041F0F0 FindFirstFileA,RemoveDirectoryA,RemoveDirectoryA,DeleteFileA,FindNextFileA,FindClose, |
0_2_0041F0F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_0041ED60 FindClose,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,FindNextFileA,FindNextFileA, |
0_2_0041ED60 |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.3.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.3.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.3.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.3.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.3.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.3.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.3.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.3.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.3.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.3.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.3.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.3.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.3.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.3.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.3.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.3.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.3.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.3.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.3.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_004012AD KiUserExceptionDispatcher,GetSystemMetrics,LoadLibraryA,GetProcAddress,CreateFileA, |
0_2_004012AD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_004022EE SetUnhandledExceptionFilter, |
0_2_004022EE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18973.13261.exe |
Code function: 0_2_0040234C SetUnhandledExceptionFilter, |
0_2_0040234C |
Source: Amcache.hve.3.dr |
Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe |
Source: Amcache.hve.3.dr |
Binary or memory string: msmpeng.exe |
Source: Amcache.hve.3.dr |
Binary or memory string: c:\program files\windows defender\msmpeng.exe |
Source: Amcache.hve.3.dr |
Binary or memory string: MsMpEng.exe |