Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Cleaning_Tool_for_Driver_Select1.17.exe

Overview

General Information

Sample name:Cleaning_Tool_for_Driver_Select1.17.exe
Analysis ID:1525990
MD5:d8033e46e8fd5800faf43f49946e1124
SHA1:f7f2edb906f8e2083065ffa55cabdce2f4e6fe4a
SHA256:44130cd628112217e7c3e6026f08b1f1731997e783ea219b6cd327f48d02dc0f
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Drops PE files
Found dropped PE file which has not been started or loaded
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Cleaning_Tool_for_Driver_Select1.17.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: Binary string: C:\work\Legacy_DriverSelect\DriverSelect\tango_setup\CleaningTool\OceCleaningTool\Release\CleaningTool.pdby source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004860000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr
Source: Binary string: C:\work\Legacy_DriverSelect\DriverSelect\tango_setup\CleaningTool\OceCleaningTool\Release\CleaningTool.pdb source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004860000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: DriverSelect_CleaningTool.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.drString found in binary or memory: http://ocsp.digicert.com0
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.drString found in binary or memory: http://ocsp.digicert.com0A
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.drString found in binary or memory: http://ocsp.digicert.com0X
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.drString found in binary or memory: http://www.digicert.com/CPS0
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCleaningToolH vs Cleaning_Tool_for_Driver_Select1.17.exe
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000002.1399345496.000000000043A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename7z.sfx.exe, vs Cleaning_Tool_for_Driver_Select1.17.exe
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCleaningToolH vs Cleaning_Tool_for_Driver_Select1.17.exe
Source: Cleaning_Tool_for_Driver_Select1.17.exeBinary or memory string: OriginalFilename7z.sfx.exe, vs Cleaning_Tool_for_Driver_Select1.17.exe
Source: Cleaning_Tool_for_Driver_Select1.17.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: clean2.winEXE@1/2@0/0
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeFile created: C:\Users\user\Desktop\DriverSelect_CleaningTool.pdfJump to behavior
Source: Cleaning_Tool_for_Driver_Select1.17.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeFile read: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeJump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32Jump to behavior
Source: Cleaning_Tool_for_Driver_Select1.17.exeStatic file information: File size 3557750 > 1048576
Source: Binary string: C:\work\Legacy_DriverSelect\DriverSelect\tango_setup\CleaningTool\OceCleaningTool\Release\CleaningTool.pdby source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004860000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr
Source: Binary string: C:\work\Legacy_DriverSelect\DriverSelect\tango_setup\CleaningTool\OceCleaningTool\Release\CleaningTool.pdb source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004860000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr
Source: Cleaning_Tool_for_Driver_Select1.17.exeStatic PE information: section name: .sxdata
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeFile created: C:\Users\user\Desktop\DriverSelect_CleaningTool.exeJump to dropped file
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exeDropped PE file which has not been started: C:\Users\user\Desktop\DriverSelect_CleaningTool.exeJump to dropped file

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
DLL Side-Loading		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Cleaning_Tool_for_Driver_Select1.17.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Desktop\DriverSelect_CleaningTool.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1525990
Start date and time:2024-10-04 16:30:46 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 2m 16s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:4
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Cleaning_Tool_for_Driver_Select1.17.exe
Detection:CLEAN
Classification:clean2.winEXE@1/2@0/0
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
  • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com
  • VT rate limit hit for: Cleaning_Tool_for_Driver_Select1.17.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\Desktop\DriverSelect_CleaningTool.exe

Download File
Process:C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):3487384
Entropy (8bit):6.541942120675922
Encrypted:false
SSDEEP:98304:vXUrAXzej9flfuDt1gKHo5gWYjJFnjr7wPjK+sDPv5+e+pTnRac:MUQlm+coKjr+av5+e9c
MD5:C6440B4E4195CDC5B9CDEA7D1BF96781
SHA1:7413029647EB003651F0F3452C95CEB4582F4B6E
SHA-256:F66F7E9E42431C32DD0CAC121705D4C234A4DDF7DABCEC5F73F99D689E7D8689
SHA-512:7ED03ADDDF33C7BDB33541488E16D6F60EE76DD5D8CFFE9798E13CB3446FD23689267746E6F56716FD8D8A935CB54FDC0CBAF0F85F97F24148C9C7BFAE252A20
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
Reputation:low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O_Z.!.Z.!.Z.!...".@.!.....Y.!...$...!...%.N.!...".L.!...$.1.!...%.y.!...'.[.!... .}.!.Z. .k.!...$.S.!.....[.!.Z...X.!...#.[.!.RichZ.!.................PE..L......e.........."....".z'.........6.........'...@..........................p5.....(.5...@.@B................................/.......1..[............5..*...P2.......,.T.....................,......,.@.............'..............................text...Ry'......z'................. ..`.rdata..t.....'......~'.............@..@.data........ 0.......0.............@....rsrc....[....1..\....1.............@..@.reloc.......P2.. ....1.............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\DriverSelect_CleaningTool.pdf

Download File
Process:C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe
File Type:PDF document, version 1.5 (zip deflate encoded)
Category:dropped
Size (bytes):2231145
Entropy (8bit):7.9992631997122094
Encrypted:true
SSDEEP:49152:0ocRKsReVl/aaUvK8c7RDsVMEMHsycTixdL:bsgZUvrc7RDpHsycTixt
MD5:B0CF6BC884394BA1B3CDDEA99B6356B9
SHA1:0D82ABE2E8690AAC107E5351D7680D8BF294F0BF
SHA-256:D10F360383D83ACE7DCFF827F84CA7E30131CDD011BB05CA85BF51EAE3506DF5
SHA-512:27EFD200D62F23EAA6CEE8F5589F4169510F9851881CE27D8991FDF4F9574A7A31A9A7DE50D8E094E449D5C17C2756E5355BDE1E1C89628FD79E9CEA614F1988
Malicious:false
Reputation:low
Preview:%PDF-1.5.%......349 0 obj..<</Linearized 1/L 2231145/H [ 1846 434]/O 354/E 998948/N 26/T 2230156>>..endobj.. ..374 0 obj..<</Length 196/Root 350 0 R/Info 348 0 R/ID[<abcd8f72f286fbe269f32bf93ae4deb2><2B2109D8FFF2241F8054B9B34AEEE3F3>]/Encrypt 351 0 R/Filter/FlateDecode/W[1 3 1]/Index[349 66]/Size 415/Prev 2230156/Type/XRef>>stream..x...N.p....G..TJ[Z.].I..Y.t.@c.05>...../.;.'7Vx.7...v..KN...uf-s....K..p...>..[.....l).5.Dg#z....v.~"....?...d/.c.<...\4....V17...Wp.U.A.<.!...p.M...1$.B.2...:..(.Q0.`.......@..-.%.M...v._m#}..endstream..endobj..

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):7.98342273968473
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:Cleaning_Tool_for_Driver_Select1.17.exe
File size:3'557'750 bytes
MD5:d8033e46e8fd5800faf43f49946e1124
SHA1:f7f2edb906f8e2083065ffa55cabdce2f4e6fe4a
SHA256:44130cd628112217e7c3e6026f08b1f1731997e783ea219b6cd327f48d02dc0f
SHA512:83b738d98836dcf3d911cc3e40dbf13ba4468947888c1dd5019fbd3f76229024ff5b5bd69f1e0db228b1d305b679ccf63df38e9fe1ea2da334afd2776539983b
SSDEEP:49152:mrRkAoNRaQ2Q/a/iHvoKhWjVJ1ZIHJdLC7S0ts0DA/0rGQnxVb81XxVpVS8b:dkQ4CvoxjVaHJRyS0trU/0lnxVMtVS0
TLSH:CBF5331136B6C0FBD1A30930C5D92BB591FB92488F28C8E713CC5E2DE9B46A6D36C56D
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............._..._..._..._..._..._..._..._..._..._..._..._..._..._6.._..._..._..._..._..._..._."b_..._...^..._^.._..._Rich..._.......

File Icon

Icon Hash:b8868baba9aba2d8

Static PE Info

General

Entrypoint:0x428d6c
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:NX_COMPAT
Time Stamp:0x61C87560 [Sun Dec 26 14:00:00 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:0c37465c6cc7ee4c8a90470b8f855cea

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push FFFFFFFFh
push 0042EEE8h
push 00428D66h
mov eax, dword ptr fs:[00000000h]
push eax
mov dword ptr fs:[00000000h], esp
sub esp, 68h
push ebx
push esi
push edi
mov dword ptr [ebp-18h], esp
xor ebx, ebx
mov dword ptr [ebp-04h], ebx
push 00000002h
call dword ptr [0042D15Ch]
pop ecx
or dword ptr [0043854Ch], FFFFFFFFh
or dword ptr [00438550h], FFFFFFFFh
call dword ptr [0042D158h]
mov ecx, dword ptr [00436528h]
mov dword ptr [eax], ecx
call dword ptr [0042D154h]
mov ecx, dword ptr [00436524h]
mov dword ptr [eax], ecx
mov eax, dword ptr [0042D150h]
mov eax, dword ptr [eax]
mov dword ptr [00438548h], eax
call 00007F77BCC9F787h
cmp dword ptr [00434180h], ebx
jne 00007F77BCC9F66Eh
push 00428EFAh
call dword ptr [0042D14Ch]
pop ecx
call 00007F77BCC9F759h
push 00434050h
push 0043404Ch
call 00007F77BCC9F744h
mov eax, dword ptr [00436520h]
mov dword ptr [ebp-6Ch], eax
lea eax, dword ptr [ebp-6Ch]
push eax
push dword ptr [0043651Ch]
lea eax, dword ptr [ebp-64h]
push eax
lea eax, dword ptr [ebp-70h]
push eax
lea eax, dword ptr [ebp-60h]
push eax
call dword ptr [0042D144h]
push 00434048h
push 00434000h
call 00007F77BCC9F711h

Rich Headers

Programming Language:
  • [C++] VS98 (6.0) SP6 build 8804
  • [ C ] VS98 (6.0) SP6 build 8804
  • [ C ] VS2010 SP1 build 40219
  • [EXP] VC++ 6.0 SP5 build 8804

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x32e3c0x8c.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x3a0000x20a8.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x2d0000x26c.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x2b0a00x2b200723a0ad2fca03d73ebccae3889ee3ec9False0.5831804800724638COM executable for DOS6.678219262950551IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x2d0000x6af60x6c002f125f38b19af4fb6464be8f8984398dFalse0.33608217592592593DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset -170141183460469231731687303715884105728.000000, slope 147573943793583390720.0000004.538385377888148IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x340000x45540x2004125b80df9371377a89bbd231281c12eFalse0.3984375data3.5060078110884136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.sxdata0x390000x40x200480f8419371f2eeea1f4e90c192f696cFalse0.02734375data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_LNK_INFO, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x3a0000x20a80x220088a1feeaa234405525a7d8bcdf299fd2False0.28308823529411764data3.16803056864513IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0x3a7c00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.16532258064516128
RT_ICON0x3aaa80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.32094594594594594
RT_DIALOG0x3b1480x45cdataEnglishUnited States0.3942652329749104
RT_DIALOG0x3abf80x12edataEnglishUnited States0.6225165562913907
RT_DIALOG0x3ad280x2f4dataEnglishUnited States0.48148148148148145
RT_DIALOG0x3b0200x126dataEnglishUnited States0.5850340136054422
RT_STRING0x3b6280x3eMatlab v4 mat-file (little endian) C, numeric, rows 0, columns 0EnglishUnited States0.6774193548387096
RT_STRING0x3b5e00x42dataEnglishUnited States0.7121212121212122
RT_STRING0x3b6680x60dataEnglishUnited States0.5625
RT_STRING0x3c0780x30dataEnglishUnited States0.5833333333333334
RT_STRING0x3b6c80x208Matlab v4 mat-file (little endian) h, numeric, rows 0, columns 0EnglishUnited States0.4269230769230769
RT_STRING0x3b8d00xe2Matlab v4 mat-file (little endian) C, numeric, rows 0, columns 0EnglishUnited States0.43805309734513276
RT_STRING0x3b9b80x34dataEnglishUnited States0.6538461538461539
RT_STRING0x3b9f00x30dataEnglishUnited States0.6041666666666666
RT_STRING0x3ba200x6eMatlab v4 mat-file (little endian) , numeric, rows 0, columns 0EnglishUnited States0.6818181818181818
RT_STRING0x3ba900x11adataEnglishUnited States0.5035460992907801
RT_STRING0x3bbb00x6adataEnglishUnited States0.5471698113207547
RT_STRING0x3b5a80x32dataEnglishUnited States0.58
RT_STRING0x3bc200x1eadataEnglishUnited States0.363265306122449
RT_STRING0x3be100x156Matlab v4 mat-file (little endian) U, numeric, rows 0, columns 0EnglishUnited States0.5175438596491229
RT_STRING0x3bf680x56dataEnglishUnited States0.6162790697674418
RT_STRING0x3bfc00xb6dataEnglishUnited States0.5164835164835165
RT_GROUP_ICON0x3abd00x22dataEnglishUnited States1.0
RT_VERSION0x3a5100x2b0dataEnglishUnited States0.4956395348837209

Imports

DLLImport
OLEAUT32.dllSysFreeString, SysAllocStringLen, SysAllocString, VariantClear, SysStringLen
ole32.dllCoCreateInstance, CoInitialize, CoUninitialize, OleInitialize
USER32.dllIsDlgButtonChecked, EndDialog, SetDlgItemTextW, GetFocus, SetFocus, GetKeyState, InvalidateRect, SetWindowTextW, EnableWindow, PostMessageW, MessageBoxW, DialogBoxParamW, CheckDlgButton, GetWindowLongW, GetParent, ShowWindow, MoveWindow, ScreenToClient, GetDlgItem, GetWindowRect, MapDialogRect, MonitorFromWindow, GetMonitorInfoA, SystemParametersInfoW, GetWindowTextLengthW, GetWindowTextW, SendMessageW, LoadStringW, SetClipboardData, EmptyClipboard, CloseClipboard, OpenClipboard, CharUpperW, SetTimer, LoadIconW, SetCursor, LoadCursorW, KillTimer, SetWindowLongW
SHELL32.dllSHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHGetMalloc
MSVCRT.dllwcsstr, wcscmp, strlen, _beginthreadex, _except_handler3, ??1type_info@@UAE@XZ, ?terminate@@YAXXZ, __dllonexit, _onexit, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, free, _CxxThrowException, malloc, memcpy, memmove, memset, _purecall, memcmp, __CxxFrameHandler
KERNEL32.dllGetStartupInfoA, InitializeCriticalSection, ReleaseSemaphore, CreateSemaphoreW, ResetEvent, SetEvent, CreateEventW, WaitForSingleObject, lstrlenW, lstrcatW, IsProcessorFeaturePresent, VirtualFree, VirtualAlloc, SetPriorityClass, WaitForMultipleObjects, DeleteCriticalSection, Sleep, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, GlobalMemoryStatus, GetSystemInfo, GetCurrentProcess, GetProcessAffinityMask, FileTimeToLocalFileTime, FileTimeToSystemTime, CompareFileTime, GlobalFree, GlobalAlloc, SetEndOfFile, WriteFile, ReadFile, SetFilePointer, GetFileSize, GetLogicalDriveStringsW, GetFileInformationByHandle, GetFileAttributesW, GetModuleHandleA, FindNextFileW, FindFirstFileW, FindClose, GetTickCount, GetCurrentDirectoryW, SetLastError, DeleteFileW, CreateDirectoryW, GetModuleHandleW, MoveFileW, RemoveDirectoryW, SetFileAttributesW, CreateFileW, SetFileTime, CloseHandle, GetSystemDirectoryW, FormatMessageW, LocalFree, GetModuleFileNameW, LoadLibraryExW, GlobalUnlock, MultiByteToWideChar, GetLastError, LoadLibraryW, GetProcAddress, FreeLibrary, GetCommandLineW, GetVersionExW, GlobalLock

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:1
Start time:10:31:48
Start date:04/10/2024
Path:C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe"
Imagebase:0x400000
File size:3'557'750 bytes
MD5 hash:D8033E46E8FD5800FAF43F49946E1124
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Disassembly

No disassembly