Source: file.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004093C8 FindFirstFileW,FindClose, |
0_2_004093C8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00429570 FindFirstFileW,FindNextFileW,FindClose, |
0_2_00429570 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0041E578 FindFirstFileW,FindClose, |
0_2_0041E578 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00408DFC GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
0_2_00408DFC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0041DF90 FindFirstFileW,FindNextFileW,FindClose,GetLastError, |
0_2_0041DF90 |
Source: Amcache.hve.4.dr |
String found in binary or memory: http://upx.sf.net |
Source: file.exe |
String found in binary or memory: https://www.abyssmedia.com |
Source: C:\Users\user\Desktop\file.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 508 |
Source: file.exe, 00000000.00000000.1696205746.0000000000454000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilename" vs file.exe |
Source: file.exe |
Binary or memory string: OriginalFilename" vs file.exe |
Source: file.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: classification engine |
Classification label: mal60.winEXE@3/6@0/0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0042EF38 FindResourceW,LoadResource,LockResource,SizeofResource,FreeResource, |
0_2_0042EF38 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6624:120:WilError_03 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6644 |
Source: unknown |
Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe" |
Source: C:\Users\user\Desktop\file.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\file.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 508 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00432310 push 004323ADh; ret |
0_2_004323A5 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0042F0E0 push 0042F110h; ret |
0_2_0042F108 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0041A9F0 push 0041AA3Eh; ret |
0_2_0041AA36 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004119F8 push ecx; mov dword ptr [esp], eax |
0_2_004119FA |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0041E184 push 0041E1C2h; ret |
0_2_0041E1BA |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0041A2A8 push 0041A39Dh; ret |
0_2_0041A395 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00411ABC push ecx; mov dword ptr [esp], eax |
0_2_00411ABE |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0042EB28 push 0042EB60h; ret |
0_2_0042EB58 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0042DBDC push ecx; mov dword ptr [esp], ecx |
0_2_0042DBE1 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0041744C push 004174CDh; ret |
0_2_004174C5 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0042B544 push 0042B592h; ret |
0_2_0042B58A |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004275FC push 0042775Fh; ret |
0_2_004276DD |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004275FC push 0042775Fh; ret |
0_2_00427757 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00411DA8 push 00411DE0h; ret |
0_2_00411DD8 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004093C8 FindFirstFileW,FindClose, |
0_2_004093C8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00429570 FindFirstFileW,FindNextFileW,FindClose, |
0_2_00429570 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0041E578 FindFirstFileW,FindClose, |
0_2_0041E578 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00408DFC GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
0_2_00408DFC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0041DF90 FindFirstFileW,FindNextFileW,FindClose,GetLastError, |
0_2_0041DF90 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.4.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.4.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.4.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.4.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.4.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.4.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.4.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.4.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.4.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.4.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.4.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Users\user\Desktop\file.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetUserDefaultUILanguage,GetLocaleInfoW, |
0_2_00409500 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetUserDefaultLCID,GetLocaleInfoW,GetUserDefaultLCID,GetTimeFormatW, |
0_2_0041B8F0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_00419880 |
Source: C:\Users\user\Desktop\file.exe |
Code function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_004089A0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00419A68 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetUserDefaultLCID,GetLocaleInfoW,GetUserDefaultLCID,GetDateFormatW,GetUserDefaultLCID,GetDateFormatW,GetUserDefaultLCID,GetDateFormatW,GetLastError, |
0_2_0041B374 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_00416CE4 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_00416D30 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetUserDefaultLCID,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
0_2_0041AD3C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0041B8F0 GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetUserDefaultLCID,GetLocaleInfoW,GetUserDefaultLCID,GetTimeFormatW, |
0_2_0041B8F0 |
Source: Amcache.hve.4.dr |
Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe |
Source: Amcache.hve.4.dr |
Binary or memory string: msmpeng.exe |
Source: Amcache.hve.4.dr |
Binary or memory string: c:\program files\windows defender\msmpeng.exe |
Source: Amcache.hve.4.dr |
Binary or memory string: MsMpEng.exe |