Source: AFCMgr.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 4x nop then push ebp |
0_2_00547170 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 4x nop then push ebp |
0_2_005AD220 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 4x nop then push ebp |
0_2_005F43E0 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 4x nop then push ebp |
0_2_004C7580 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 4x nop then push ebp |
0_2_0061F7A0 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 4x nop then sub esp, 14h |
0_2_004C6930 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_00603130 |
0_2_00603130 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_00561100 |
0_2_00561100 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_0059C2C0 |
0_2_0059C2C0 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_00581290 |
0_2_00581290 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_0053A300 |
0_2_0053A300 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_0053F510 |
0_2_0053F510 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_00545640 |
0_2_00545640 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_00559750 |
0_2_00559750 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_004FC770 |
0_2_004FC770 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_00614AA0 |
0_2_00614AA0 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_005FDB10 |
0_2_005FDB10 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_005B3C90 |
0_2_005B3C90 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_00540D00 |
0_2_00540D00 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_0055BD00 |
0_2_0055BD00 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: String function: 004E7F40 appears 37 times |
|
Source: AFCMgr.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean3.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Mutant created: NULL |
Source: AFCMgr.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: AFCMgr.exe |
String found in binary or memory: --Addr |
Source: AFCMgr.exe |
String found in binary or memory: --Addr |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: msvbvm60.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: vb6zz.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: AFCMgr.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: AFCMgr.exe |
Static file information: File size 2256896 > 1048576 |
Source: AFCMgr.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x224000 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_00406808 pushad ; retn 0059h |
0_2_00406A85 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Code function: 0_2_0040680C pushad ; retn 0059h |
0_2_00406A85 |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AFCMgr.exe |
API coverage: 1.3 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |