Source: vRMcwg3RuY.exe |
ReversingLabs: Detection: 15% |
Source: Submited Sample |
Integrated Neural Analysis Model: Matched 89.8% probability |
Source: vRMcwg3RuY.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00452492 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00442886 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
0_2_004788BD |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_004339B6 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose, |
0_2_0045CAFA |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00431A86 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
0_2_0044BD27 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0045DE8F FindFirstFileW,FindClose, |
0_2_0045DE8F |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0044BF8B |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004422FE InternetQueryDataAvailable,InternetReadFile, |
0_2_004422FE |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, |
0_2_0045A10F |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, |
0_2_0045A10F |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0046DC80 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard, |
0_2_0046DC80 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0044C37A GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,SendInput, |
0_2_0044C37A |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0047C81C SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
0_2_0047C81C |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00431BE8: GetFullPathNameW,__swprintf,_wcslen,CreateDirectoryW,CreateFileW,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle, |
0_2_00431BE8 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00446313 DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, |
0_2_00446313 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState, |
0_2_004333BE |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0042200C |
0_2_0042200C |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0041A217 |
0_2_0041A217 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00412216 |
0_2_00412216 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0042435D |
0_2_0042435D |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004033C0 |
0_2_004033C0 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0044F430 |
0_2_0044F430 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004125E8 |
0_2_004125E8 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0044663B |
0_2_0044663B |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004096A0 |
0_2_004096A0 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00413801 |
0_2_00413801 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0042096F |
0_2_0042096F |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004129D0 |
0_2_004129D0 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004119E3 |
0_2_004119E3 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0041C9AE |
0_2_0041C9AE |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0047EA6F |
0_2_0047EA6F |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0040FA10 |
0_2_0040FA10 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0044EB59 |
0_2_0044EB59 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00423C81 |
0_2_00423C81 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00411E78 |
0_2_00411E78 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00442E0C |
0_2_00442E0C |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00420EC0 |
0_2_00420EC0 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0044CF17 |
0_2_0044CF17 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00444FD2 |
0_2_00444FD2 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: String function: 004115D7 appears 36 times |
|
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: String function: 00416C70 appears 39 times |
|
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: String function: 00445AE0 appears 65 times |
|
Source: vRMcwg3RuY.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal56.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0044AF6C GetLastError,FormatMessageW, |
0_2_0044AF6C |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState, |
0_2_004333BE |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00464EAE OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle, |
0_2_00464EAE |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0045D619 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode, |
0_2_0045D619 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004755C4 CreateToolhelp32Snapshot,Process32FirstW,__wsplitpath,_wcscat,__wcsicoll,Process32NextW,CloseHandle, |
0_2_004755C4 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0047839D CoInitialize,CoCreateInstance,CoUninitialize, |
0_2_0047839D |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0043305F __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx, |
0_2_0043305F |
Source: vRMcwg3RuY.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: vRMcwg3RuY.exe |
ReversingLabs: Detection: 15% |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
File read: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress, |
0_2_0040EBD0 |
Source: vRMcwg3RuY.exe |
Static PE information: real checksum: 0xa961f should be: 0xa54ad |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00462463 push edi; ret |
0_2_00462465 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00416CB5 push ecx; ret |
0_2_00416CC8 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0047A330 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, |
0_2_0047A330 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
0_2_00434418 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
API coverage: 1.9 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00452492 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00442886 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
0_2_004788BD |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_004339B6 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose, |
0_2_0045CAFA |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00431A86 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose, |
0_2_0044BD27 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0045DE8F FindFirstFileW,FindClose, |
0_2_0045DE8F |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_0044BF8B |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary, |
0_2_0040E500 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0045A370 BlockInput, |
0_2_0045A370 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW, |
0_2_0040D590 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress, |
0_2_0040EBD0 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004238DA __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock, |
0_2_004238DA |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0041F250 SetUnhandledExceptionFilter, |
0_2_0041F250 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0041A208 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_0041A208 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00417DAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00417DAA |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00436CD7 LogonUserW, |
0_2_00436CD7 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW, |
0_2_0040D590 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
0_2_00434418 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0043333C __wcsicoll,mouse_event,__wcsicoll,mouse_event, |
0_2_0043333C |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00446124 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity, |
0_2_00446124 |
Source: vRMcwg3RuY.exe |
Binary or memory string: Shell_TrayWnd |
Source: vRMcwg3RuY.exe |
Binary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004720DB GetLocalTime,__swprintf,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW, |
0_2_004720DB |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00472C3F GetUserNameW, |
0_2_00472C3F |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0041E364 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte, |
0_2_0041E364 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary, |
0_2_0040E500 |
Source: vRMcwg3RuY.exe |
Binary or memory string: WIN_XP |
Source: vRMcwg3RuY.exe |
Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 8, 1USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----& |
Source: vRMcwg3RuY.exe |
Binary or memory string: WIN_XPe |
Source: vRMcwg3RuY.exe |
Binary or memory string: WIN_VISTA |
Source: vRMcwg3RuY.exe |
Binary or memory string: WIN_7 |
Source: vRMcwg3RuY.exe |
Binary or memory string: WIN_8 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_004652BE socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket, |
0_2_004652BE |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_00476619 socket,WSAGetLastError,bind,WSAGetLastError,closesocket, |
0_2_00476619 |
Source: C:\Users\user\Desktop\vRMcwg3RuY.exe |
Code function: 0_2_0046CEF3 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject, |
0_2_0046CEF3 |