Source: file.exe |
Static PE information: certificate valid |
Source: file.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: file.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: file.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: file.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: file.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: file.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: file.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: file.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: file.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: file.exe |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: file.exe |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: file.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: file.exe |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: file.exe |
String found in binary or memory: http://www.cabal.com0/ |
Source: file.exe |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: file.exe |
Binary or memory string: DirectInput8Create |
|
Source: file.exe |
Static PE information: section name: |
Source: file.exe |
Static PE information: section name: |
Source: file.exe |
Static PE information: section name: |
Source: file.exe |
Static PE information: section name: |
Source: file.exe |
Static PE information: section name: |
Source: file.exe |
Static PE information: section name: |
Source: file.exe |
Static PE information: Number of sections : 11 > 10 |
Source: file.exe, 00000000.00000002.2922449901.00000001412FF000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameSnake.exeD vs file.exe |
Source: file.exe |
Binary or memory string: OriginalFilenameSnake.exeD vs file.exe |
Source: classification engine |
Classification label: sus23.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\file.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dinput8.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: d3dx9_43.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: d3d9.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: libogg.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: libvorbis.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: fmod64.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: file.exe |
Static PE information: certificate valid |
Source: file.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: file.exe |
Static file information: File size 10156848 > 1048576 |
Source: file.exe |
Static PE information: Raw size of is bigger than: 0x100000 < 0x47ca00 |
Source: file.exe |
Static PE information: Raw size of .boot is bigger than: 0x100000 < 0x415a00 |
Source: initial sample |
Static PE information: section where entry point is pointing to: .boot |
Source: file.exe |
Static PE information: section name: |
Source: file.exe |
Static PE information: section name: |
Source: file.exe |
Static PE information: section name: |
Source: file.exe |
Static PE information: section name: |
Source: file.exe |
Static PE information: section name: |
Source: file.exe |
Static PE information: section name: |
Source: file.exe |
Static PE information: section name: .themida |
Source: file.exe |
Static PE information: section name: .boot |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127B103 push rdx; retf |
0_2_000000014127B10E |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127A54E push rdi; retf |
0_2_000000014127A556 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0000000141279955 push FFFFFFE8h; retf |
0_2_000000014127995A |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127BD27 push rsp; retf |
0_2_000000014127BD36 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127A92D push rdx; retf |
0_2_000000014127A92E |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0000000141278588 push rdi; ret |
0_2_000000014127858E |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127998B push rdi; retf |
0_2_000000014127999A |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0000000141279961 push rcx; retf |
0_2_0000000141279962 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0000000141277D75 push rdi; retf |
0_2_0000000141277D76 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127B571 push rdi; retf |
0_2_000000014127B572 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00000001412771C3 push rdi; retf |
0_2_00000001412771C6 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127BDCF push FFFFFFA8h; ret |
0_2_000000014127BDD6 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127A1A3 pushfq ; ret |
0_2_000000014127A1A8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127BDB7 pushfq ; ret |
0_2_000000014127BDBE |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0000000141277DC0 push rdi; retf |
0_2_0000000141277DC1 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127A3E5 push rax; retf |
0_2_000000014127A3E6 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127B7E9 push rdi; retf |
0_2_000000014127B7EA |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127B43B push D74EDD55h; retf |
0_2_000000014127B441 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127886C pushfq ; ret |
0_2_0000000141278886 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127907B push rax; retf |
0_2_0000000141279082 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00000001412794CF push rcx; retf |
0_2_00000001412794DE |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127B0D7 push rdi; retf |
0_2_000000014127B0E6 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00000001412770D3 push FFFFFF85h; retf |
0_2_00000001412770E2 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127A712 push rcx; retf |
0_2_000000014127A716 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00000001412776FF push rdi; retf |
0_2_0000000141277702 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0000000141278F4E push rbp; ret |
0_2_0000000141278F4F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0000000141278F55 push rdx; retf |
0_2_0000000141278F82 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127AB55 push rbx; ret |
0_2_000000014127AB56 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127B35D push rdx; retf |
0_2_000000014127B35E |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127AB35 push rcx; retf |
0_2_000000014127AB3A |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_000000014127BF39 push rdx; retf |
0_2_000000014127BF42 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |