Source: file.exe |
Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000D60DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose, |
3_2_000D60DD |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000D63F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose, |
3_2_000D63F9 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000DEB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose, |
3_2_000DEB60 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000D6CA9 GetFileAttributesW,FindFirstFileW,FindClose, |
3_2_000D6CA9 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000DF56F FindFirstFileW,FindClose, |
3_2_000DF56F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000DF5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
3_2_000DF5FA |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000E1B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
3_2_000E1B2F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000E1C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
3_2_000E1C8A |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000E1F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, |
3_2_000E1F94 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 46.183.218.37 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 46.183.218.37 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 46.183.218.37 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 46.183.218.37 |
Source: file.exe, 00000003.00000002.2537954444.0000000000E20000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://46.183.218.37/ |
Source: file.exe, 00000003.00000003.1803668616.0000000000F05000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2538244077.0000000000F05000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2403832167.0000000000E8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.1483001479.0000000000F05000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2403629641.0000000000E8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000002.2538171597.0000000000E8F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://46.183.218.37/community/wiki-self-signed/name-signed.php |
Source: unknown |
Network traffic detected: HTTP traffic on port 49713 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49713 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000E6B0C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, |
3_2_000E6B0C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000E6D07 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, |
3_2_000E6D07 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000E6B0C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, |
3_2_000E6B0C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000D2B37 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState, |
3_2_000D2B37 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FF7FF NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,6FCFCB00,6FCFC2F0,SetCapture,ClientToScreen,6FCFC530,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
3_2_000FF7FF |
Source: C:\Users\user\Desktop\file.exe |
Code function: This is a third-party compiled AutoIt script. |
3_2_00093D19 |
Source: file.exe |
String found in binary or memory: This is a third-party compiled AutoIt script. |
|
Source: file.exe, 00000003.00000000.1281622742.000000000013E000.00000002.00000001.01000000.00000004.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_97758e61-2 |
Source: file.exe, 00000003.00000000.1281622742.000000000013E000.00000002.00000001.01000000.00000004.sdmp |
String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_5c844094-2 |
Source: file.exe |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_17a53d1c-7 |
Source: file.exe |
String found in binary or memory: CSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
memstr_a5c52a71-8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_00093742 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow, |
3_2_00093742 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_001000AF NtdllDialogWndProc_W, |
3_2_001000AF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_00100133 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W, |
3_2_00100133 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_0010044C NtdllDialogWndProc_W, |
3_2_0010044C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FE9AF NtdllDialogWndProc_W,CallWindowProcW, |
3_2_000FE9AF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000AAAFC NtdllDialogWndProc_W, |
3_2_000AAAFC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000AAB4F NtdllDialogWndProc_W, |
3_2_000AAB4F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FEC7C NtdllDialogWndProc_W, |
3_2_000FEC7C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FECD4 6FCFC580,6FCFC6F0,ReleaseCapture,SetWindowTextW,SendMessageW,NtdllDialogWndProc_W, |
3_2_000FECD4 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FEEEB PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W, |
3_2_000FEEEB |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000AB11F NtdllDialogWndProc_W,74D2C8D0,NtdllDialogWndProc_W, |
3_2_000AB11F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FF1D7 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W, |
3_2_000FF1D7 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FF2D0 SendMessageW,NtdllDialogWndProc_W, |
3_2_000FF2D0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FF351 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W, |
3_2_000FF351 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000AB385 GetParent,NtdllDialogWndProc_W, |
3_2_000AB385 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000AB55D NtdllDialogWndProc_W,GetClientRect,GetCursorPos,ScreenToClient, |
3_2_000AB55D |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FF5AB NtdllDialogWndProc_W, |
3_2_000FF5AB |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FF5DA NtdllDialogWndProc_W, |
3_2_000FF5DA |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FF609 NtdllDialogWndProc_W, |
3_2_000FF609 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FF654 NtdllDialogWndProc_W, |
3_2_000FF654 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FF689 ClientToScreen,6FCFC5D0,NtdllDialogWndProc_W, |
3_2_000FF689 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000AB715 NtdllDialogWndProc_W, |
3_2_000AB715 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FF7C3 GetWindowLongW,NtdllDialogWndProc_W, |
3_2_000FF7C3 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FF7FF NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,6FCFCB00,6FCFC2F0,SetCapture,ClientToScreen,6FCFC530,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
3_2_000FF7FF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000CAF64 GetCurrentProcess,OpenProcessToken,743B7ED0,CloseHandle,CreateProcessWithLogonW,743B7F30, |
3_2_000CAF64 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000A3200 |
3_2_000A3200 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000A3B70 |
3_2_000A3B70 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000C410F |
3_2_000C410F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000B02A4 |
3_2_000B02A4 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000C038E |
3_2_000C038E |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_0009E3B0 |
3_2_0009E3B0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000C467F |
3_2_000C467F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000B06D9 |
3_2_000B06D9 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FAACE |
3_2_000FAACE |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000C4BEF |
3_2_000C4BEF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000BCCC1 |
3_2_000BCCC1 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_00096F07 |
3_2_00096F07 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_0009AF50 |
3_2_0009AF50 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000BB043 |
3_2_000BB043 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000AB11F |
3_2_000AB11F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000BD1B9 |
3_2_000BD1B9 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000F31BC |
3_2_000F31BC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000B123A |
3_2_000B123A |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000C724D |
3_2_000C724D |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000D13CA |
3_2_000D13CA |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000993F0 |
3_2_000993F0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000AF563 |
3_2_000AF563 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000DB6CC |
3_2_000DB6CC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000996C0 |
3_2_000996C0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000977B0 |
3_2_000977B0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000FF7FF |
3_2_000FF7FF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000C79C9 |
3_2_000C79C9 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000AFA57 |
3_2_000AFA57 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_00099B60 |
3_2_00099B60 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000AFE6F |
3_2_000AFE6F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000B9ED0 |
3_2_000B9ED0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_00097FA3 |
3_2_00097FA3 |
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 000AEC2F appears 68 times |
|
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 000BF8A0 appears 35 times |
|
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 000B6AC0 appears 42 times |
|
Source: file.exe |
Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal72.evad.winEXE@1/0@0/1 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000CAB84 AdjustTokenPrivileges,CloseHandle, |
3_2_000CAB84 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000CB134 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError, |
3_2_000CB134 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000D6532 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle, |
3_2_000D6532 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000EC18C CoInitializeSecurity,_memset,_memset,CoCreateInstanceEx,CoTaskMemFree,CoSetProxyBlanket, |
3_2_000EC18C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_0009406B CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource, |
3_2_0009406B |
Source: file.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000A288A push 66000A23h; retn 0010h |
3_2_000A28E1 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000B6B05 push ecx; ret |
3_2_000B6B18 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000BBDAA push edi; ret |
3_2_000BBDAC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000BBEC3 push esi; ret |
3_2_000BBEC5 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000F8111 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, |
3_2_000F8111 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000AEB42 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
3_2_000AEB42 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000B123A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
3_2_000B123A |
Source: C:\Users\user\Desktop\file.exe |
User Timer Set: Timeout: 750ms |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
User Timer Set: Timeout: 750ms |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
User Timer Set: Timeout: 750ms |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
User Timer Set: Timeout: 750ms |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\file.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000D60DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose, |
3_2_000D60DD |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000D63F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose, |
3_2_000D63F9 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000DEB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose, |
3_2_000DEB60 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000D6CA9 GetFileAttributesW,FindFirstFileW,FindClose, |
3_2_000D6CA9 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000DF56F FindFirstFileW,FindClose, |
3_2_000DF56F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000DF5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
3_2_000DF5FA |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000E1B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
3_2_000E1B2F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000E1C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
3_2_000E1C8A |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000E1F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, |
3_2_000E1F94 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000ADDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo, |
3_2_000ADDC0 |
Source: file.exe, 00000003.00000002.2538200594.0000000000E9C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2403832167.0000000000E99000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2403920605.0000000000E25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.1803722667.0000000000E96000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2403681761.0000000000E97000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: C:\Users\user\Desktop\file.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_00093D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW, |
3_2_00093D19 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000C3920 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW, |
3_2_000C3920 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000CA66C GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,RtlAllocateHeap,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity, |
3_2_000CA66C |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000B8189 SetUnhandledExceptionFilter, |
3_2_000B8189 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000B81AC SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
3_2_000B81AC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_00093D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW, |
3_2_00093D19 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000CA66C GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,RtlAllocateHeap,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity, |
3_2_000CA66C |
Source: file.exe |
Binary or memory string: Shell_TrayWnd |
Source: file.exe |
Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000E091D GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,__wsplitpath,_wcscat,_wcscat,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,_wcscpy,SetCurrentDirectoryW, |
3_2_000E091D |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000C1E8E __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte, |
3_2_000C1E8E |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000ADDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo, |
3_2_000ADDC0 |
Source: file.exe |
Binary or memory string: WIN_81 |
Source: file.exe |
Binary or memory string: WIN_XP |
Source: file.exe |
Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 12, 0USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytep |
Source: file.exe |
Binary or memory string: WIN_XPe |
Source: file.exe |
Binary or memory string: WIN_VISTA |
Source: file.exe |
Binary or memory string: WIN_7 |
Source: file.exe |
Binary or memory string: WIN_8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000E8C4F socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket, |
3_2_000E8C4F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000E923B socket,WSAGetLastError,bind,WSAGetLastError,closesocket, |
3_2_000E923B |
Source: C:\Users\user\Desktop\file.exe |
Code function: 3_2_000C58C5 RpcBindingSetOption,_LocaleUpdate::_LocaleUpdate,_memset,WideCharToMultiByte,GetLastError,_memset, |
3_2_000C58C5 |