Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Avira: detected |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Virustotal: Detection: 61% |
Perma Link |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
ReversingLabs: Detection: 52% |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_0066ACCE FindFirstFileExA, |
0_2_0066ACCE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_0065B9F6 |
0_2_0065B9F6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_006601C0 |
0_2_006601C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_0065B1A9 |
0_2_0065B1A9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_0065AC00 |
0_2_0065AC00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_0065DCD3 |
0_2_0065DCD3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_0065ACAD |
0_2_0065ACAD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_0065B5C1 |
0_2_0065B5C1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_0065BE2B |
0_2_0065BE2B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_00664EE8 |
0_2_00664EE8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_006696B9 |
0_2_006696B9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_00657768 |
0_2_00657768 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_0066EFCD |
0_2_0066EFCD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: String function: 00658900 appears 44 times |
|
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal56.winEXE@4/1@0/0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7516:120:WilError_03 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Command line argument: ^-g |
0_2_00672CB0 |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Virustotal: Detection: 61% |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
ReversingLabs: Detection: 52% |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe" |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c pause |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c pause |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_00658946 push ecx; ret |
0_2_00658959 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_006583E8 push ecx; ret |
0_2_006583FB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_00657768 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
0_2_00657768 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
API coverage: 6.9 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_0066ACCE FindFirstFileExA, |
0_2_0066ACCE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_0065CDC7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_0065CDC7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_006611A5 mov eax, dword ptr fs:[00000030h] |
0_2_006611A5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_00666DB1 GetProcessHeap, |
0_2_00666DB1 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_006588A0 SetUnhandledExceptionFilter, |
0_2_006588A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_0065895B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_0065895B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_0065CDC7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_0065CDC7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_00658782 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00658782 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c pause |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_006585D8 cpuid |
0_2_006585D8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: GetLocaleInfoW, |
0_2_0066E026 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_0066E0F3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: GetLocaleInfoW, |
0_2_006669DE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: EnumSystemLocalesW, |
0_2_0066DA7E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: EnumSystemLocalesW, |
0_2_0066DA33 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: EnumSystemLocalesW, |
0_2_0066DB19 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
0_2_0066DBA6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: EnumSystemLocalesW, |
0_2_00666577 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: GetLocaleInfoW, |
0_2_0066DDF6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_0066DF1F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
0_2_0066D7BB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_00658B5A GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00658B5A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_00651F60 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ, |
0_2_00651F60 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.8494.11198.exe |
Code function: 0_2_00651F00 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ, |
0_2_00651F00 |