Source: file.exe |
ReversingLabs: Detection: 55% |
Source: file.exe |
Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_00412408 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
1_2_00412408 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_00438877 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
1_2_00438877 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0040280D FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
1_2_0040280D |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003F399B GetFileAttributesW,FindFirstFileW,FindClose, |
1_2_003F399B |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003F1A73 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
1_2_003F1A73 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0041CAE7 FindFirstFileW,FindNextFileW,FindClose, |
1_2_0041CAE7 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0040BCB3 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
1_2_0040BCB3 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0041DE7C FindFirstFileW,FindClose, |
1_2_0041DE7C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0040BF17 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
1_2_0040BF17 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_00402285 InternetQueryDataAvailable,InternetReadFile, |
1_2_00402285 |
Source: file.exe |
String found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0 |
Source: file.exe |
String found in binary or memory: http://crl.globalsign.net/Root.crl0 |
Source: file.exe |
String found in binary or memory: http://crl.globalsign.net/Timestamping1.crl0 |
Source: file.exe |
String found in binary or memory: http://crl.globalsign.net/primobject.crl0N |
Source: file.exe |
String found in binary or memory: http://crl.globalsign.net/root.crl0 |
Source: file.exe |
String found in binary or memory: http://secure.globalsign.net/cacert/ObjectSign.crt09 |
Source: file.exe |
String found in binary or memory: http://secure.globalsign.net/cacert/PrimObject.crt0 |
Source: file.exe |
String found in binary or memory: http://www.autoitscript.com/autoit3/0 |
Source: file.exe |
String found in binary or memory: http://www.globalsign.net/repository/0 |
Source: file.exe |
String found in binary or memory: http://www.globalsign.net/repository/03 |
Source: file.exe |
String found in binary or memory: http://www.globalsign.net/repository09 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0041A0FC OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, |
1_2_0041A0FC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0041A0FC OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, |
1_2_0041A0FC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0042D8E9 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard, |
1_2_0042D8E9 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_004042E1 GetParent,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,PostMessageW,PostMessageW,PostMessageW, |
1_2_004042E1 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0043C7D6 SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
1_2_0043C7D6 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003F1BD5: GetFullPathNameW,__swprintf,_wcslen,CreateDirectoryW,CreateFileW,_memset,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle, |
1_2_003F1BD5 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_00406219 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, |
1_2_00406219 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003F33A3 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState, |
1_2_003F33A3 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003DA137 |
1_2_003DA137 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003D2136 |
1_2_003D2136 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003E427D |
1_2_003E427D |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0040F3A6 |
1_2_0040F3A6 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0040655F |
1_2_0040655F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003D2508 |
1_2_003D2508 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003C35F0 |
1_2_003C35F0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003C98F0 |
1_2_003C98F0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003CF730 |
1_2_003CF730 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003D3721 |
1_2_003D3721 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003E088F |
1_2_003E088F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003C98F0 |
1_2_003C98F0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003D28F0 |
1_2_003D28F0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003DC8CE |
1_2_003DC8CE |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003D1903 |
1_2_003D1903 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0043EA2B |
1_2_0043EA2B |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0040EACF |
1_2_0040EACF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003E3BA1 |
1_2_003E3BA1 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_00402D2D |
1_2_00402D2D |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003D1D98 |
1_2_003D1D98 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003E0DE0 |
1_2_003E0DE0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0040CE8D |
1_2_0040CE8D |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_00404EB7 |
1_2_00404EB7 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003E1F2C |
1_2_003E1F2C |
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 003D14F7 appears 36 times |
|
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 004059E6 appears 65 times |
|
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 003D6B90 appears 39 times |
|
Source: file.exe, 00000001.00000000.1843449360.000000000046B000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamewritelJ vs file.exe |
Source: file.exe |
Binary or memory string: OriginalFilenamewritelJ vs file.exe |
Source: file.exe |
Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal52.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003F33A3 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState, |
1_2_003F33A3 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_00424AEB OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle, |
1_2_00424AEB |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0041D606 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode, |
1_2_0041D606 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0043557E CreateToolhelp32Snapshot,Process32FirstW,__wsplitpath,_wcscat,__wcsicoll,Process32NextW,CloseHandle, |
1_2_0043557E |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0042E0F6 CoInitialize,CoCreateInstance,CoUninitialize, |
1_2_0042E0F6 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003F3044 __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx, |
1_2_003F3044 |
Source: file.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: file.exe |
ReversingLabs: Detection: 55% |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dui70.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: duser.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: explorerframe.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: thumbcache.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dataexchange.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dcomp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: msftedit.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.globalization.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: bcp47mrm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: globinputhost.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: assignedaccessruntime.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.fileexplorer.common.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: linkinfo.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: structuredquery.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: atlthunk.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.storage.search.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iconcodecservice.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: twinapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ntshrui.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: actxprxy.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: networkexplorer.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Window detected: Number of UI elements: 13 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_004221AF push edi; ret |
1_2_004221B1 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003ED53C push 74003ECFh; iretd |
1_2_003ED541 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003D6BD5 push ecx; ret |
1_2_003D6BE8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0043A2EA IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, |
1_2_0043A2EA |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003F43FF GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
1_2_003F43FF |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
API coverage: 1.1 % |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_00412408 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
1_2_00412408 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_00438877 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
1_2_00438877 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0040280D FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
1_2_0040280D |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003F399B GetFileAttributesW,FindFirstFileW,FindClose, |
1_2_003F399B |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003F1A73 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
1_2_003F1A73 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0041CAE7 FindFirstFileW,FindNextFileW,FindClose, |
1_2_0041CAE7 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0040BCB3 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
1_2_0040BCB3 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0041DE7C FindFirstFileW,FindClose, |
1_2_0041DE7C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0040BF17 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
1_2_0040BF17 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003CE700 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary, |
1_2_003CE700 |
Source: file.exe, 00000001.00000002.3095650650.0000000001894000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D: |
Source: C:\Users\user\Desktop\file.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003CD7A0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW, |
1_2_003CD7A0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003E37FA __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock, |
1_2_003E37FA |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003DA128 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
1_2_003DA128 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003DF170 SetUnhandledExceptionFilter, |
1_2_003DF170 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003D7CCD _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
1_2_003D7CCD |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003CD7A0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW, |
1_2_003CD7A0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003F43FF GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
1_2_003F43FF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003F3321 __wcsicoll,mouse_event,__wcsicoll,mouse_event, |
1_2_003F3321 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0040602A GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity, |
1_2_0040602A |
Source: file.exe |
Binary or memory string: IDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript PausedblankinfoquestionstopwarningAutoIt - |
Source: file.exe |
Binary or memory string: Shell_TrayWnd |
Source: file.exe, 00000001.00000002.3095443639.0000000000442000.00000002.00000001.01000000.00000003.sdmp, file.exe, 00000001.00000000.1843414149.0000000000442000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: I@ASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript PausedblankinfoquestionstopwarningAutoIt - |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_00432095 _memset,_memset,GetLocalTime,__swprintf,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW, |
1_2_00432095 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003DE284 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte, |
1_2_003DE284 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_003CE700 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary, |
1_2_003CE700 |
Source: file.exe |
Binary or memory string: WIN_XP |
Source: file.exe |
Binary or memory string: WIN_XPe |
Source: file.exe |
Binary or memory string: WIN_VISTA |
Source: file.exe |
Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 8, 1USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte! |
Source: file.exe |
Binary or memory string: WIN_7 |
Source: file.exe |
Binary or memory string: WIN_8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_0042C06C OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject, |
1_2_0042C06C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_004365D3 socket,WSAGetLastError,bind,WSAGetLastError,closesocket, |
1_2_004365D3 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 1_2_00424EFB socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket, |
1_2_00424EFB |