Click to jump to signature section
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Avira: detected |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | ReversingLabs: Detection: 76% |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Virustotal: Detection: 82% | Perma Link |
Source: Submited Sample | Integrated Neural Analysis Model: Matched 80.2% probability |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Joe Sandbox ML: detected |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: Network traffic | Suricata IDS: 2036835 - Severity 1 - ET MALWARE Win32/Darkme Trojan Checkin M1 : 192.168.2.5:49704 -> 45.94.31.53:2022 |
Source: Network traffic | Suricata IDS: 2036835 - Severity 1 - ET MALWARE Win32/Darkme Trojan Checkin M1 : 192.168.2.5:49783 -> 45.94.31.53:2022 |
Source: Network traffic | Suricata IDS: 2036835 - Severity 1 - ET MALWARE Win32/Darkme Trojan Checkin M1 : 192.168.2.5:49823 -> 45.94.31.53:2022 |
Source: Network traffic | Suricata IDS: 2036835 - Severity 1 - ET MALWARE Win32/Darkme Trojan Checkin M1 : 192.168.2.5:49867 -> 45.94.31.53:2022 |
Source: Network traffic | Suricata IDS: 2036835 - Severity 1 - ET MALWARE Win32/Darkme Trojan Checkin M1 : 192.168.2.5:49866 -> 45.94.31.53:2022 |
Source: global traffic | TCP traffic: 192.168.2.5:49704 -> 45.94.31.53:2022 |
Source: Joe Sandbox View | ASN Name: GBTCLOUDUS GBTCLOUDUS |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic | DNS traffic detected: DNS query: russia978.sytes.net |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00406169 | 0_2_00406169 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00404240 | 0_2_00404240 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_004063D7 | 0_2_004063D7 |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000000.2054083079.0000000000416000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilename656.exe<?xml version="1.0" encoding="UTF-8" standalone="yes"?> vs SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Binary or memory string: OriginalFilename656.exe<?xml version="1.0" encoding="UTF-8" standalone="yes"?> vs SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine | Classification label: mal80.troj.winEXE@1/0@2/1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Mutant created: NULL |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | ReversingLabs: Detection: 76% |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Virustotal: Detection: 82% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: msvbvm60.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: vb6zz.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: vb6es.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: sxs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: vb6es.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: napinsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: pnrpnsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: wshbth.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: winrnr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: napinsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: pnrpnsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: wshbth.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: winrnr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: napinsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: pnrpnsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: wshbth.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: winrnr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: napinsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: pnrpnsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: wshbth.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: winrnr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: napinsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: pnrpnsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: wshbth.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: winrnr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32 | Jump to behavior |
Source: Window Recorder | Window detected: More than 3 window changes detected |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Static PE information: real checksum: 0x1e602 should be: 0x23b8c |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00406169 push 00000007h; retf | 0_2_004063D6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00403042 push 00401246h; ret | 0_2_00403055 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00403444 push 00401246h; ret | 0_2_00403457 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00405C48 push 00401246h; ret | 0_2_00405C5B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00403056 push 00401246h; ret | 0_2_00403069 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00403458 push 00401246h; ret | 0_2_0040346B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00405C5C push 00401246h; ret | 0_2_00405C6F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_0040346C push 00401246h; ret | 0_2_0040347F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00405C70 push 00401246h; ret | 0_2_00405C83 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_0040387C push 00401246h; ret | 0_2_0040388F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00403006 push 00401246h; ret | 0_2_00403019 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_0040301A push 00401246h; ret | 0_2_0040302D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_0040341C push 00401246h; ret | 0_2_0040342F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_0040302E push 00401246h; ret | 0_2_00403041 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00403430 push 00401246h; ret | 0_2_00403443 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00405CC0 push 00401246h; ret | 0_2_00405CD3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_004038CC push 00401246h; ret | 0_2_004038DF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00405CD4 push 00401246h; ret | 0_2_00405CE7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_004038E0 push 00401246h; ret | 0_2_004038F3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00405CE8 push 00401246h; ret | 0_2_00405CFB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_004038F4 push 00401246h; ret | 0_2_00403907 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00405CFC push 00401246h; ret | 0_2_00405D0F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00403480 push 00401246h; ret | 0_2_00403493 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00405C84 push 00401246h; ret | 0_2_00405C97 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00403890 push 00401246h; ret | 0_2_004038A3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00403494 push 00401246h; ret | 0_2_004034A7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00405C98 push 00401246h; ret | 0_2_00405CAB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_004038A4 push 00401246h; ret | 0_2_004038B7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_004034A8 push 00401246h; ret | 0_2_004034BB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_00405CAC push 00401246h; ret | 0_2_00405CBF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Code function: 0_2_004038B8 push 00401246h; ret | 0_2_004038CB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000002.3307902467.00000000004C3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000003.2319426906.00000000004DE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000003.2319426906.0000000000503000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Program Manager) C |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000003.2319426906.0000000000503000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Program ManagerComSpe |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000002.3307902467.00000000004C3000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: 123Program Manager |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000002.3307902467.00000000004C3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000003.2319426906.00000000004DE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Program Manager |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000002.3307902467.00000000004C3000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Program ManagerO_ |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000002.3307902467.00000000004C3000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Program Managernfo& |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000003.2319426906.0000000000503000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Program Manager kp |
Source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000003.2319426906.0000000000503000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000002.3307902467.00000000004C3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000003.2319410627.0000000000514000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000003.2319476741.000000000050E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000002.3307902467.0000000000522000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000003.2319426906.00000000004DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, 00000000.00000003.2319426906.000000000050D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : Select * from AntiVirusProduct |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : Select * from AntiVirusProduct |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : Select * from AntiVirusProduct |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : Select * from AntiVirusProduct |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter : Select * from AntiVirusProduct |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe | WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct |
Source: Yara match | File source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, type: SAMPLE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.0.SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.3307761066.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000000.2054057167.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe PID: 6972, type: MEMORYSTR |
Source: Yara match | File source: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe, type: SAMPLE |
Source: Yara match | File source: 0.2.SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.0.SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000000.00000002.3307761066.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000000.2054057167.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: SecuriteInfo.com.Trojan.Siggen28.43392.25240.5571.exe PID: 6972, type: MEMORYSTR |