Windows Analysis Report
EXPLORER.EXE.exe

Overview

General Information

Sample name:	EXPLORER.EXE.exe
Analysis ID:	1525468
MD5:	2e5dc3f90227ea0fd2e0d23d8b330ddf
SHA1:	779d453a60404f03c3aab508be972f609b6fa879
SHA256:	12bf9fe2a68acb56eb01ca97388a1269b391f07831fd37a1371852ed5df44444
Tags:	exePreftuser-smica83

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (creates a PE file in dynamic memory)

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Contains functionality to modify clipboard data

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to retrieve information about pressed keystrokes

Detected potential crypto function

Found potential string decryption / allocating functions

Potential key logger detected (key state polling based)

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: EXPLORER.EXE.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: EXPLORER.EXE.exe	ReversingLabs: Detection: 42%
Source: EXPLORER.EXE.exe	Virustotal: Detection: 59%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 96.6% probability

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Unpacked PE file: 0.2.EXPLORER.EXE.exe.400000.0.unpack

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0000000140145940 GetAsyncKeyState,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,lstrcpyA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_0000000140145940

Contains functionality to modify clipboard data

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0000000140145940 GetAsyncKeyState,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,lstrcpyA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_0000000140145940

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_00000001400E00A4 GetSystemMetrics,GetAsyncKeyState,WindowFromPoint,ScreenToClient,SendMessageA,ScreenToClient,

0_2_00000001400E00A4

Potential key logger detected (key state polling based)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014005098C MessageBeep,GetKeyState,GetKeyState,GetKeyState,SendMessageA,GetKeyState,SendMessageA,GetKeyState,SendMessageA,SendMessageA,SendMessageA,GetKeyState,SendMessageA,GetKeyState,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,	0_2_000000014005098C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140114F8C GetKeyState,GetKeyState,GetKeyState,	0_2_0000000140114F8C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400159A4 GetKeyState,GetKeyState,GetKeyState,SendMessageA,	0_2_00000001400159A4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014009E3C0 GetKeyState,GetKeyState,GetKeyState,GetParent,GetParent,SendMessageA,ScreenToClient,GetCursorPos,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SetWindowPos,SendMessageA,SendMessageA,GetParent,	0_2_000000014009E3C0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014013EA78 GetParent,ScreenToClient,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow,	0_2_000000014013EA78

Detected potential crypto function

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0040EC78	0_2_0040EC78
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00403838	0_2_00403838
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00407C98	0_2_00407C98
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_004051FC	0_2_004051FC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0040AAF0	0_2_0040AAF0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00400740	0_2_00400740
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0040AFC0	0_2_0040AFC0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140054054	0_2_0000000140054054
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140080090	0_2_0000000140080090
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D8088	0_2_00000001400D8088
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400400EC	0_2_00000001400400EC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400380F4	0_2_00000001400380F4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140124158	0_2_0000000140124158
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140100148	0_2_0000000140100148
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014001C178	0_2_000000014001C178
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A8198	0_2_00000001400A8198
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400481D8	0_2_00000001400481D8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401981D0	0_2_00000001401981D0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401742B8	0_2_00000001401742B8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014013C2B0	0_2_000000014013C2B0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014012C33C	0_2_000000014012C33C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D4340	0_2_00000001400D4340
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014009035C	0_2_000000014009035C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014019844C	0_2_000000014019844C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A4464	0_2_00000001400A4464
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401745E4	0_2_00000001401745E4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401A05F0	0_2_00000001401A05F0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014011C638	0_2_000000014011C638
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014007C650	0_2_000000014007C650
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401606C0	0_2_00000001401606C0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A06F8	0_2_00000001400A06F8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401007D8	0_2_00000001401007D8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140118838	0_2_0000000140118838
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140104874	0_2_0000000140104874
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014013C8CC	0_2_000000014013C8CC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400DC8D4	0_2_00000001400DC8D4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014008CA04	0_2_000000014008CA04
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140124AA0	0_2_0000000140124AA0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140054B9C	0_2_0000000140054B9C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140140BFC	0_2_0000000140140BFC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400E8C04	0_2_00000001400E8C04
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401A0C4C	0_2_00000001401A0C4C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140174C9C	0_2_0000000140174C9C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140158C9C	0_2_0000000140158C9C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140078CA0	0_2_0000000140078CA0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140068CB4	0_2_0000000140068CB4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400BCCC4	0_2_00000001400BCCC4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400FCCD4	0_2_00000001400FCCD4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140134D48	0_2_0000000140134D48
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400ACD60	0_2_00000001400ACD60
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140090DE4	0_2_0000000140090DE4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400ECE24	0_2_00000001400ECE24
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A8E58	0_2_00000001400A8E58
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400E4E64	0_2_00000001400E4E64
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014010CF78	0_2_000000014010CF78
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401310A0	0_2_00000001401310A0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140115184	0_2_0000000140115184
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400351AC	0_2_00000001400351AC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401451AC	0_2_00000001401451AC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140169268	0_2_0000000140169268
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400692F0	0_2_00000001400692F0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400792EC	0_2_00000001400792EC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014011D340	0_2_000000014011D340
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400C5348	0_2_00000001400C5348
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400F53C8	0_2_00000001400F53C8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014005943C	0_2_000000014005943C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014003944C	0_2_000000014003944C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400514CC	0_2_00000001400514CC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A94D8	0_2_00000001400A94D8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401314FC	0_2_00000001401314FC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401254E8	0_2_00000001401254E8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140105510	0_2_0000000140105510
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400F162C	0_2_00000001400F162C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140139680	0_2_0000000140139680
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014008D694	0_2_000000014008D694
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400B1714	0_2_00000001400B1714
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A1748	0_2_00000001400A1748
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400E1754	0_2_00000001400E1754
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140149780	0_2_0000000140149780
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014013D788	0_2_000000014013D788
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400457C0	0_2_00000001400457C0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400317E0	0_2_00000001400317E0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014005980C	0_2_000000014005980C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400B58DC	0_2_00000001400B58DC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401418CC	0_2_00000001401418CC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A58E8	0_2_00000001400A58E8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140105924	0_2_0000000140105924
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140021938	0_2_0000000140021938
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401A5984	0_2_00000001401A5984
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401699D0	0_2_00000001401699D0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400E5A0C	0_2_00000001400E5A0C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014005DA4C	0_2_000000014005DA4C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014013DA9C	0_2_000000014013DA9C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014012DA84	0_2_000000014012DA84
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D5AE0	0_2_00000001400D5AE0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140065AF0	0_2_0000000140065AF0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D5C1C	0_2_00000001400D5C1C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140171C2C	0_2_0000000140171C2C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140115CDC	0_2_0000000140115CDC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140085CF8	0_2_0000000140085CF8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400F1D10	0_2_00000001400F1D10
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140095D80	0_2_0000000140095D80
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140139DEC	0_2_0000000140139DEC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140131E48	0_2_0000000140131E48
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400B5E90	0_2_00000001400B5E90
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014010DED4	0_2_000000014010DED4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140121F04	0_2_0000000140121F04
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140039F48	0_2_0000000140039F48
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400B1F5C	0_2_00000001400B1F5C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400C5F8C	0_2_00000001400C5F8C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140142110	0_2_0000000140142110
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400AE170	0_2_00000001400AE170
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014013A1C4	0_2_000000014013A1C4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400821FC	0_2_00000001400821FC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014009A1F8	0_2_000000014009A1F8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D6210	0_2_00000001400D6210
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014007A2D8	0_2_000000014007A2D8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400DA2EC	0_2_00000001400DA2EC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A6304	0_2_00000001400A6304
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014009E3C0	0_2_000000014009E3C0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140162420	0_2_0000000140162420
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401AE40C	0_2_00000001401AE40C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140086488	0_2_0000000140086488
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014000E4E0	0_2_000000014000E4E0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401264F4	0_2_00000001401264F4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400F6524	0_2_00000001400F6524
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140062578	0_2_0000000140062578
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400525FC	0_2_00000001400525FC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014015A6A0	0_2_000000014015A6A0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014002A6E8	0_2_000000014002A6E8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014010675C	0_2_000000014010675C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400B2758	0_2_00000001400B2758
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014019E774	0_2_000000014019E774
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401427A8	0_2_00000001401427A8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014016E7C4	0_2_000000014016E7C4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140066824	0_2_0000000140066824
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014008E858	0_2_000000014008E858
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D2868	0_2_00000001400D2868
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140152868	0_2_0000000140152868
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140146894	0_2_0000000140146894
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401768D4	0_2_00000001401768D4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400968DC	0_2_00000001400968DC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A68E8	0_2_00000001400A68E8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400F2A80	0_2_00000001400F2A80
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140136AA8	0_2_0000000140136AA8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014014AB1C	0_2_000000014014AB1C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140122B40	0_2_0000000140122B40
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400EAB50	0_2_00000001400EAB50
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140126B98	0_2_0000000140126B98
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400AAB88	0_2_00000001400AAB88
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140116BC0	0_2_0000000140116BC0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140082C0C	0_2_0000000140082C0C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014012AC4C	0_2_000000014012AC4C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014012ECB8	0_2_000000014012ECB8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400F6CE4	0_2_00000001400F6CE4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140146D0C	0_2_0000000140146D0C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014010AD60	0_2_000000014010AD60
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014007ED88	0_2_000000014007ED88
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400EEE0C	0_2_00000001400EEE0C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A2E90	0_2_00000001400A2E90
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140176ED0	0_2_0000000140176ED0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014016AF14	0_2_000000014016AF14
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D2F5C	0_2_00000001400D2F5C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014004EF74	0_2_000000014004EF74
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A70A4	0_2_00000001400A70A4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401330D4	0_2_00000001401330D4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D7198	0_2_00000001400D7198
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400BB1FC	0_2_00000001400BB1FC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400671FC	0_2_00000001400671FC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140093250	0_2_0000000140093250
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401572A0	0_2_00000001401572A0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400BF374	0_2_00000001400BF374
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400FF38C	0_2_00000001400FF38C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400B340C	0_2_00000001400B340C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014015343C	0_2_000000014015343C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014010B580	0_2_000000014010B580
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014004F594	0_2_000000014004F594
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400DB5C0	0_2_00000001400DB5C0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400375C0	0_2_00000001400375C0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014002F5C4	0_2_000000014002F5C4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140137624	0_2_0000000140137624
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014011F690	0_2_000000014011F690
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401776C0	0_2_00000001401776C0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400336C4	0_2_00000001400336C4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014006B700	0_2_000000014006B700
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014011776C	0_2_000000014011776C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140017794	0_2_0000000140017794
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014004B7EC	0_2_000000014004B7EC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400E7940	0_2_00000001400E7940
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014005F934	0_2_000000014005F934
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400F39E8	0_2_00000001400F39E8

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: String function: 00000001400BCC44 appears 97 times
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: String function: 0000000140098F30 appears 61 times
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: String function: 0000000140004B34 appears 80 times
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: String function: 0000000140002B70 appears 38 times
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: String function: 00000001400076E0 appears 237 times

Sample file is different than original file name gathered from version info

Source: EXPLORER.EXE.exe, 00000000.00000002.1393780933.0000000140288000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameEXPLORER.EXE.MUIj% vs EXPLORER.EXE.exe
Source: EXPLORER.EXE.exe	Binary or memory string: OriginalFilenameEXPLORER.EXE.MUIj% vs EXPLORER.EXE.exe

Source: classification engine

Classification label: mal68.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_000000014003CAC0 GetVersionExA,CoInitializeEx,CoCreateInstance,

0_2_000000014003CAC0

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0000000140014264 FindResourceA,LoadResource,LockResource,FreeResource,

0_2_0000000140014264

Source: EXPLORER.EXE.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: EXPLORER.EXE.exe	ReversingLabs: Detection: 42%
Source: EXPLORER.EXE.exe	Virustotal: Detection: 59%

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

File read: C:\Users\user\Desktop\EXPLORER.EXE.exe

Jump to behavior

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: EXPLORER.EXE.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: EXPLORER.EXE.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: EXPLORER.EXE.exe

Static file information: File size 2791424 > 1048576

Source: EXPLORER.EXE.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1bc400

Source: EXPLORER.EXE.exe

Static PE information: More than 200 imports for USER32.dll

Source: EXPLORER.EXE.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Data Obfuscation

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Unpacked PE file: 0.2.EXPLORER.EXE.exe.400000.0.unpack

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0000000140039024 LoadLibraryW,GetProcAddress,GetLastError,DeactivateActCtx,SetLastError,

0_2_0000000140039024

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00412945 push rsi; ret	0_2_00412946
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_004165BD push rcx; retf 003Fh	0_2_004165BE
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014010D541 push rcx; ret	0_2_000000014010D542

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140094878 GetParent,IsIconic,GetParent,GetDlgCtrlID,	0_2_0000000140094878
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140114B5C IsIconic,GetWindowRect,IsIconic,GetSystemMetrics,OffsetRect,GetSystemMetrics,IsIconic,GetSystemMetrics,GetSystemMetrics,	0_2_0000000140114B5C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140114B5C IsIconic,GetWindowRect,IsIconic,GetSystemMetrics,OffsetRect,GetSystemMetrics,IsIconic,GetSystemMetrics,GetSystemMetrics,	0_2_0000000140114B5C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140114B5C IsIconic,GetWindowRect,IsIconic,GetSystemMetrics,OffsetRect,GetSystemMetrics,IsIconic,GetSystemMetrics,GetSystemMetrics,	0_2_0000000140114B5C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014011562C IsWindowVisible,IsWindowVisible,GetWindowRect,IsIconic,CopyRect,MonitorFromPoint,GetMonitorInfoA,CopyRect,CopyRect,SystemParametersInfoA,OffsetRect,GetSystemMetrics,GetSystemMetrics,	0_2_000000014011562C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140115954 IsIconic,PostMessageA,	0_2_0000000140115954
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014011609C IsWindowVisible,ScreenToClient,IsIconic,GetSystemMetrics,PtInRect,PtInRect,GetSystemMetrics,PtInRect,	0_2_000000014011609C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401168BC GetFocus,IsChild,SendMessageA,IsChild,SendMessageA,GetFocus,IsIconic,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,IsWindowVisible,	0_2_00000001401168BC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140116BC0 IsWindowVisible,GetWindowRect,PtInRect,GetAsyncKeyState,ScreenToClient,PtInRect,SendMessageA,IsWindow,GetWindowRect,PtInRect,SendMessageA,ScreenToClient,PtInRect,GetParent,SendMessageA,GetFocus,WindowFromPoint,SendMessageA,GetSystemMenu,IsMenu,EnableMenuItem,EnableMenuItem,IsZoomed,IsIconic,EnableMenuItem,TrackPopupMenu,SendMessageA,	0_2_0000000140116BC0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140002E00 IsIconic,	0_2_0000000140002E00
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014003EF44 IsWindowVisible,IsIconic,	0_2_000000014003EF44
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400E2FD4 SetForegroundWindow,IsIconic,PostMessageA,IsIconic,	0_2_00000001400E2FD4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400E2FD4 SetForegroundWindow,IsIconic,PostMessageA,IsIconic,	0_2_00000001400E2FD4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D7198 GetClientRect,IsRectEmpty,IsWindow,IsIconic,BeginDeferWindowPos,GetClientRect,IsRectEmpty,GetWindowRect,GetParent,IsRectEmpty,EqualRect,EndDeferWindowPos,	0_2_00000001400D7198
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014007F5A8 SetRectEmpty,RedrawWindow,ReleaseCapture,SetCapture,ReleaseCapture,SetCapture,GetParent,SendMessageA,UpdateWindow,GetParent,SendMessageA,IsWindow,IsIconic,IsZoomed,IsWindow,UpdateWindow,	0_2_000000014007F5A8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140017760 IsIconic,	0_2_0000000140017760

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Jump to behavior

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_000000014019A694 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,

0_2_000000014019A694

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0000000140196A38 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_0000000140196A38

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_000000014006C43C OutputDebugStringA,ActivateActCtx,GetLastError,DeactivateActCtx,SetLastError,

0_2_000000014006C43C

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0000000140039024 LoadLibraryW,GetProcAddress,GetLastError,DeactivateActCtx,SetLastError,

0_2_0000000140039024

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140196A38 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_0000000140196A38
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140192D94 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_0000000140192D94

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0040E850 cpuid

0_2_0040E850

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: GetModuleHandleW,GetProcAddress,EncodePointer,DecodePointer,GetLocaleInfoW,

0_2_000000014001E3DC

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0000000140193434 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_0000000140193434

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_000000014003CAC0 GetVersionExA,CoInitializeEx,CoCreateInstance,

0_2_000000014003CAC0

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

AV Detection

Antivirus / Scanner detection for submitted sample

Source: EXPLORER.EXE.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: EXPLORER.EXE.exe	ReversingLabs: Detection: 42%
Source: EXPLORER.EXE.exe	Virustotal: Detection: 59%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 96.6% probability

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Unpacked PE file: 0.2.EXPLORER.EXE.exe.400000.0.unpack

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0000000140145940 GetAsyncKeyState,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,lstrcpyA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_0000000140145940

Contains functionality to modify clipboard data

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0000000140145940 GetAsyncKeyState,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,lstrcpyA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_0000000140145940

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_00000001400E00A4 GetSystemMetrics,GetAsyncKeyState,WindowFromPoint,ScreenToClient,SendMessageA,ScreenToClient,

0_2_00000001400E00A4

Potential key logger detected (key state polling based)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014005098C MessageBeep,GetKeyState,GetKeyState,GetKeyState,SendMessageA,GetKeyState,SendMessageA,GetKeyState,SendMessageA,SendMessageA,SendMessageA,GetKeyState,SendMessageA,GetKeyState,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,	0_2_000000014005098C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140114F8C GetKeyState,GetKeyState,GetKeyState,	0_2_0000000140114F8C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400159A4 GetKeyState,GetKeyState,GetKeyState,SendMessageA,	0_2_00000001400159A4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014009E3C0 GetKeyState,GetKeyState,GetKeyState,GetParent,GetParent,SendMessageA,ScreenToClient,GetCursorPos,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SetWindowPos,SendMessageA,SendMessageA,GetParent,	0_2_000000014009E3C0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014013EA78 GetParent,ScreenToClient,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow,	0_2_000000014013EA78

Detected potential crypto function

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0040EC78	0_2_0040EC78
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00403838	0_2_00403838
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00407C98	0_2_00407C98
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_004051FC	0_2_004051FC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0040AAF0	0_2_0040AAF0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00400740	0_2_00400740
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0040AFC0	0_2_0040AFC0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140054054	0_2_0000000140054054
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140080090	0_2_0000000140080090
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D8088	0_2_00000001400D8088
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400400EC	0_2_00000001400400EC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400380F4	0_2_00000001400380F4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140124158	0_2_0000000140124158
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140100148	0_2_0000000140100148
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014001C178	0_2_000000014001C178
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A8198	0_2_00000001400A8198
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400481D8	0_2_00000001400481D8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401981D0	0_2_00000001401981D0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401742B8	0_2_00000001401742B8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014013C2B0	0_2_000000014013C2B0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014012C33C	0_2_000000014012C33C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D4340	0_2_00000001400D4340
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014009035C	0_2_000000014009035C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014019844C	0_2_000000014019844C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A4464	0_2_00000001400A4464
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401745E4	0_2_00000001401745E4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401A05F0	0_2_00000001401A05F0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014011C638	0_2_000000014011C638
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014007C650	0_2_000000014007C650
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401606C0	0_2_00000001401606C0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A06F8	0_2_00000001400A06F8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401007D8	0_2_00000001401007D8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140118838	0_2_0000000140118838
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140104874	0_2_0000000140104874
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014013C8CC	0_2_000000014013C8CC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400DC8D4	0_2_00000001400DC8D4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014008CA04	0_2_000000014008CA04
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140124AA0	0_2_0000000140124AA0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140054B9C	0_2_0000000140054B9C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140140BFC	0_2_0000000140140BFC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400E8C04	0_2_00000001400E8C04
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401A0C4C	0_2_00000001401A0C4C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140174C9C	0_2_0000000140174C9C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140158C9C	0_2_0000000140158C9C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140078CA0	0_2_0000000140078CA0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140068CB4	0_2_0000000140068CB4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400BCCC4	0_2_00000001400BCCC4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400FCCD4	0_2_00000001400FCCD4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140134D48	0_2_0000000140134D48
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400ACD60	0_2_00000001400ACD60
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140090DE4	0_2_0000000140090DE4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400ECE24	0_2_00000001400ECE24
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A8E58	0_2_00000001400A8E58
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400E4E64	0_2_00000001400E4E64
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014010CF78	0_2_000000014010CF78
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401310A0	0_2_00000001401310A0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140115184	0_2_0000000140115184
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400351AC	0_2_00000001400351AC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401451AC	0_2_00000001401451AC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140169268	0_2_0000000140169268
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400692F0	0_2_00000001400692F0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400792EC	0_2_00000001400792EC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014011D340	0_2_000000014011D340
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400C5348	0_2_00000001400C5348
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400F53C8	0_2_00000001400F53C8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014005943C	0_2_000000014005943C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014003944C	0_2_000000014003944C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400514CC	0_2_00000001400514CC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A94D8	0_2_00000001400A94D8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401314FC	0_2_00000001401314FC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401254E8	0_2_00000001401254E8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140105510	0_2_0000000140105510
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400F162C	0_2_00000001400F162C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140139680	0_2_0000000140139680
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014008D694	0_2_000000014008D694
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400B1714	0_2_00000001400B1714
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A1748	0_2_00000001400A1748
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400E1754	0_2_00000001400E1754
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140149780	0_2_0000000140149780
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014013D788	0_2_000000014013D788
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400457C0	0_2_00000001400457C0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400317E0	0_2_00000001400317E0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014005980C	0_2_000000014005980C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400B58DC	0_2_00000001400B58DC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401418CC	0_2_00000001401418CC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A58E8	0_2_00000001400A58E8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140105924	0_2_0000000140105924
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140021938	0_2_0000000140021938
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401A5984	0_2_00000001401A5984
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401699D0	0_2_00000001401699D0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400E5A0C	0_2_00000001400E5A0C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014005DA4C	0_2_000000014005DA4C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014013DA9C	0_2_000000014013DA9C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014012DA84	0_2_000000014012DA84
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D5AE0	0_2_00000001400D5AE0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140065AF0	0_2_0000000140065AF0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D5C1C	0_2_00000001400D5C1C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140171C2C	0_2_0000000140171C2C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140115CDC	0_2_0000000140115CDC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140085CF8	0_2_0000000140085CF8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400F1D10	0_2_00000001400F1D10
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140095D80	0_2_0000000140095D80
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140139DEC	0_2_0000000140139DEC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140131E48	0_2_0000000140131E48
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400B5E90	0_2_00000001400B5E90
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014010DED4	0_2_000000014010DED4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140121F04	0_2_0000000140121F04
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140039F48	0_2_0000000140039F48
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400B1F5C	0_2_00000001400B1F5C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400C5F8C	0_2_00000001400C5F8C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140142110	0_2_0000000140142110
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400AE170	0_2_00000001400AE170
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014013A1C4	0_2_000000014013A1C4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400821FC	0_2_00000001400821FC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014009A1F8	0_2_000000014009A1F8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D6210	0_2_00000001400D6210
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014007A2D8	0_2_000000014007A2D8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400DA2EC	0_2_00000001400DA2EC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A6304	0_2_00000001400A6304
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014009E3C0	0_2_000000014009E3C0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140162420	0_2_0000000140162420
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401AE40C	0_2_00000001401AE40C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140086488	0_2_0000000140086488
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014000E4E0	0_2_000000014000E4E0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401264F4	0_2_00000001401264F4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400F6524	0_2_00000001400F6524
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140062578	0_2_0000000140062578
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400525FC	0_2_00000001400525FC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014015A6A0	0_2_000000014015A6A0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014002A6E8	0_2_000000014002A6E8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014010675C	0_2_000000014010675C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400B2758	0_2_00000001400B2758
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014019E774	0_2_000000014019E774
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401427A8	0_2_00000001401427A8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014016E7C4	0_2_000000014016E7C4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140066824	0_2_0000000140066824
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014008E858	0_2_000000014008E858
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D2868	0_2_00000001400D2868
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140152868	0_2_0000000140152868
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140146894	0_2_0000000140146894
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401768D4	0_2_00000001401768D4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400968DC	0_2_00000001400968DC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A68E8	0_2_00000001400A68E8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400F2A80	0_2_00000001400F2A80
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140136AA8	0_2_0000000140136AA8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014014AB1C	0_2_000000014014AB1C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140122B40	0_2_0000000140122B40
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400EAB50	0_2_00000001400EAB50
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140126B98	0_2_0000000140126B98
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400AAB88	0_2_00000001400AAB88
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140116BC0	0_2_0000000140116BC0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140082C0C	0_2_0000000140082C0C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014012AC4C	0_2_000000014012AC4C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014012ECB8	0_2_000000014012ECB8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400F6CE4	0_2_00000001400F6CE4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140146D0C	0_2_0000000140146D0C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014010AD60	0_2_000000014010AD60
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014007ED88	0_2_000000014007ED88
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400EEE0C	0_2_00000001400EEE0C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A2E90	0_2_00000001400A2E90
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140176ED0	0_2_0000000140176ED0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014016AF14	0_2_000000014016AF14
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D2F5C	0_2_00000001400D2F5C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014004EF74	0_2_000000014004EF74
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400A70A4	0_2_00000001400A70A4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401330D4	0_2_00000001401330D4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D7198	0_2_00000001400D7198
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400BB1FC	0_2_00000001400BB1FC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400671FC	0_2_00000001400671FC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140093250	0_2_0000000140093250
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401572A0	0_2_00000001401572A0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400BF374	0_2_00000001400BF374
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400FF38C	0_2_00000001400FF38C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400B340C	0_2_00000001400B340C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014015343C	0_2_000000014015343C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014010B580	0_2_000000014010B580
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014004F594	0_2_000000014004F594
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400DB5C0	0_2_00000001400DB5C0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400375C0	0_2_00000001400375C0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014002F5C4	0_2_000000014002F5C4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140137624	0_2_0000000140137624
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014011F690	0_2_000000014011F690
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401776C0	0_2_00000001401776C0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400336C4	0_2_00000001400336C4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014006B700	0_2_000000014006B700
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014011776C	0_2_000000014011776C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140017794	0_2_0000000140017794
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014004B7EC	0_2_000000014004B7EC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400E7940	0_2_00000001400E7940
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014005F934	0_2_000000014005F934
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400F39E8	0_2_00000001400F39E8

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: String function: 00000001400BCC44 appears 97 times
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: String function: 0000000140098F30 appears 61 times
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: String function: 0000000140004B34 appears 80 times
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: String function: 0000000140002B70 appears 38 times
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: String function: 00000001400076E0 appears 237 times

Sample file is different than original file name gathered from version info

Source: EXPLORER.EXE.exe, 00000000.00000002.1393780933.0000000140288000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameEXPLORER.EXE.MUIj% vs EXPLORER.EXE.exe
Source: EXPLORER.EXE.exe	Binary or memory string: OriginalFilenameEXPLORER.EXE.MUIj% vs EXPLORER.EXE.exe

Source: classification engine

Classification label: mal68.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_000000014003CAC0 GetVersionExA,CoInitializeEx,CoCreateInstance,

0_2_000000014003CAC0

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0000000140014264 FindResourceA,LoadResource,LockResource,FreeResource,

0_2_0000000140014264

Source: EXPLORER.EXE.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: EXPLORER.EXE.exe	ReversingLabs: Detection: 42%
Source: EXPLORER.EXE.exe	Virustotal: Detection: 59%

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

File read: C:\Users\user\Desktop\EXPLORER.EXE.exe

Jump to behavior

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: EXPLORER.EXE.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: EXPLORER.EXE.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: EXPLORER.EXE.exe

Static file information: File size 2791424 > 1048576

Source: EXPLORER.EXE.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1bc400

Source: EXPLORER.EXE.exe

Static PE information: More than 200 imports for USER32.dll

Source: EXPLORER.EXE.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Data Obfuscation

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Unpacked PE file: 0.2.EXPLORER.EXE.exe.400000.0.unpack

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0000000140039024 LoadLibraryW,GetProcAddress,GetLastError,DeactivateActCtx,SetLastError,

0_2_0000000140039024

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00412945 push rsi; ret	0_2_00412946
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_004165BD push rcx; retf 003Fh	0_2_004165BE
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014010D541 push rcx; ret	0_2_000000014010D542

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140094878 GetParent,IsIconic,GetParent,GetDlgCtrlID,	0_2_0000000140094878
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140114B5C IsIconic,GetWindowRect,IsIconic,GetSystemMetrics,OffsetRect,GetSystemMetrics,IsIconic,GetSystemMetrics,GetSystemMetrics,	0_2_0000000140114B5C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140114B5C IsIconic,GetWindowRect,IsIconic,GetSystemMetrics,OffsetRect,GetSystemMetrics,IsIconic,GetSystemMetrics,GetSystemMetrics,	0_2_0000000140114B5C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140114B5C IsIconic,GetWindowRect,IsIconic,GetSystemMetrics,OffsetRect,GetSystemMetrics,IsIconic,GetSystemMetrics,GetSystemMetrics,	0_2_0000000140114B5C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014011562C IsWindowVisible,IsWindowVisible,GetWindowRect,IsIconic,CopyRect,MonitorFromPoint,GetMonitorInfoA,CopyRect,CopyRect,SystemParametersInfoA,OffsetRect,GetSystemMetrics,GetSystemMetrics,	0_2_000000014011562C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140115954 IsIconic,PostMessageA,	0_2_0000000140115954
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014011609C IsWindowVisible,ScreenToClient,IsIconic,GetSystemMetrics,PtInRect,PtInRect,GetSystemMetrics,PtInRect,	0_2_000000014011609C
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001401168BC GetFocus,IsChild,SendMessageA,IsChild,SendMessageA,GetFocus,IsIconic,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,IsWindowVisible,	0_2_00000001401168BC
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140116BC0 IsWindowVisible,GetWindowRect,PtInRect,GetAsyncKeyState,ScreenToClient,PtInRect,SendMessageA,IsWindow,GetWindowRect,PtInRect,SendMessageA,ScreenToClient,PtInRect,GetParent,SendMessageA,GetFocus,WindowFromPoint,SendMessageA,GetSystemMenu,IsMenu,EnableMenuItem,EnableMenuItem,IsZoomed,IsIconic,EnableMenuItem,TrackPopupMenu,SendMessageA,	0_2_0000000140116BC0
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140002E00 IsIconic,	0_2_0000000140002E00
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014003EF44 IsWindowVisible,IsIconic,	0_2_000000014003EF44
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400E2FD4 SetForegroundWindow,IsIconic,PostMessageA,IsIconic,	0_2_00000001400E2FD4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400E2FD4 SetForegroundWindow,IsIconic,PostMessageA,IsIconic,	0_2_00000001400E2FD4
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_00000001400D7198 GetClientRect,IsRectEmpty,IsWindow,IsIconic,BeginDeferWindowPos,GetClientRect,IsRectEmpty,GetWindowRect,GetParent,IsRectEmpty,EqualRect,EndDeferWindowPos,	0_2_00000001400D7198
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_000000014007F5A8 SetRectEmpty,RedrawWindow,ReleaseCapture,SetCapture,ReleaseCapture,SetCapture,GetParent,SendMessageA,UpdateWindow,GetParent,SendMessageA,IsWindow,IsIconic,IsZoomed,IsWindow,UpdateWindow,	0_2_000000014007F5A8
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140017760 IsIconic,	0_2_0000000140017760

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Jump to behavior

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_000000014019A694 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,

0_2_000000014019A694

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0000000140196A38 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_0000000140196A38

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_000000014006C43C OutputDebugStringA,ActivateActCtx,GetLastError,DeactivateActCtx,SetLastError,

0_2_000000014006C43C

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0000000140039024 LoadLibraryW,GetProcAddress,GetLastError,DeactivateActCtx,SetLastError,

0_2_0000000140039024

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140196A38 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_0000000140196A38
Source: C:\Users\user\Desktop\EXPLORER.EXE.exe	Code function: 0_2_0000000140192D94 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_0000000140192D94

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0040E850 cpuid

0_2_0040E850

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: GetModuleHandleW,GetProcAddress,EncodePointer,DecodePointer,GetLocaleInfoW,

0_2_000000014001E3DC

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_0000000140193434 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_0000000140193434

Source: C:\Users\user\Desktop\EXPLORER.EXE.exe

Code function: 0_2_000000014003CAC0 GetVersionExA,CoInitializeEx,CoCreateInstance,

0_2_000000014003CAC0

ID:	1525468
Product:	CloudBasic
Start time:	09:18:11
Start date:	04.10.2024
Sample:	EXPLORER.EXE.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	2e5dc3f90227ea0fd2e0d23d8b330ddf
SHA1:	779d453a60404f03c3aab508be972f609b6fa879
SHA256:	12bf9fe2a68acb56eb01ca97388a1269b391f07831fd37a1371852ed5df44444
Filetype:	Win64 Executable GUI (202006/5) 92.65%

Windows Analysis Report
EXPLORER.EXE.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report EXPLORER.EXE.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
EXPLORER.EXE.exe