Source: HitPawInfo.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: HitPawInfo.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: HitPawInfo.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: HitPawInfo.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: HitPawInfo.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: HitPawInfo.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: HitPawInfo.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: HitPawInfo.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: HitPawInfo.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: HitPawInfo.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: HitPawInfo.exe |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: HitPawInfo.exe |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: HitPawInfo.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: HitPawInfo.exe |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: HitPawInfo.exe |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: C:\Users\user\Desktop\HitPawInfo.exe |
Code function: 0_2_00007FF639BD3CA0 |
0_2_00007FF639BD3CA0 |
Source: classification engine |
Classification label: clean2.winEXE@1/0@0/0 |
Source: HitPawInfo.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\HitPawInfo.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HitPawInfo.exe |
Section loaded: pcinfo.dll |
Jump to behavior |
Source: HitPawInfo.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: HitPawInfo.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: HitPawInfo.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: HitPawInfo.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: HitPawInfo.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: HitPawInfo.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: HitPawInfo.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: HitPawInfo.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: HitPawInfo.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: HitPawInfo.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: HitPawInfo.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: HitPawInfo.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: HitPawInfo.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: HitPawInfo.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: HitPawInfo.exe |
Static PE information: real checksum: 0x7d382 should be: 0x7cdc6 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\HitPawInfo.exe |
Code function: 0_2_00007FF639BD5EAC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF639BD5EAC |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\HitPawInfo.exe |
Code function: 0_2_00007FF639BD6090 SetUnhandledExceptionFilter, |
0_2_00007FF639BD6090 |
Source: C:\Users\user\Desktop\HitPawInfo.exe |
Code function: 0_2_00007FF639BD5EAC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF639BD5EAC |
Source: C:\Users\user\Desktop\HitPawInfo.exe |
Code function: 0_2_00007FF639BD59BC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF639BD59BC |
Source: C:\Users\user\Desktop\HitPawInfo.exe |
Code function: 0_2_00007FF639BD5D88 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00007FF639BD5D88 |