Source: SecuriteInfo.com.Heur.31042.29735.exe |
Joe Sandbox ML: detected |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: Demon Lookup.pdb source: SecuriteInfo.com.Heur.31042.29735.exe |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h |
0_2_02FB0910 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 4x nop then mov ecx, dword ptr [ebp-38h] |
0_2_056A82F4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 4x nop then mov ecx, dword ptr [ebp-38h] |
0_2_056A9940 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 4x nop then mov dword ptr [ebp-20h], 7FFFFFFFh |
0_2_056A9A4D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 4x nop then mov dword ptr [ebp-20h], 7FFFFFFFh |
0_2_056A9A58 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 4x nop then mov esp, ebp |
0_2_09582CF8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 4x nop then mov esp, ebp |
0_2_09582CEA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 4x nop then mov ecx, dword ptr [ebp-4Ch] |
0_2_09D9E158 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 4x nop then mov ecx, dword ptr [ebp-4Ch] |
0_2_09D9D88C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 4x nop then mov ecx, dword ptr [ebp-4Ch] |
0_2_09D9D880 |
Source: Yara match |
File source: SecuriteInfo.com.Heur.31042.29735.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.SecuriteInfo.com.Heur.31042.29735.exe.c20000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Heur.31042.29735.exe.4427a60.0.raw.unpack, type: UNPACKEDPE |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
String found in binary or memory: Demon Toolsshttps://www.youtube.com/channel/UCYARbqAHQhZjOeS-Jn_5ubw?%Segoe UI Semilight equals www.youtube.com (Youtube) |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
String found in binary or memory: http://ip-api.com/line/ |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
String found in binary or memory: http://www.newtonsoft.com/jsonschema |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
String found in binary or memory: https://www.youtube.com/channel/UCYARbqAHQhZjOeS-Jn_5ubw?%Segoe |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 0_2_09582618 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState, |
0_2_09582618 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 0_2_02FB0C78 |
0_2_02FB0C78 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 0_2_02FB0FBA |
0_2_02FB0FBA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 0_2_02FB0C6A |
0_2_02FB0C6A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 0_2_02FB1018 |
0_2_02FB1018 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 0_2_02FB100C |
0_2_02FB100C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 0_2_056A8AE0 |
0_2_056A8AE0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 0_2_056A8AF0 |
0_2_056A8AF0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 0_2_094468C8 |
0_2_094468C8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 0_2_0944AD2F |
0_2_0944AD2F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 0_2_094468B7 |
0_2_094468B7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 0_2_0944BA70 |
0_2_0944BA70 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 0_2_0944BFC8 |
0_2_0944BFC8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Code function: 0_2_09D9BEB0 |
0_2_09D9BEB0 |
Source: SecuriteInfo.com.Heur.31042.29735.exe, 00000000.00000002.2668999337.00000000013DE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Heur.31042.29735.exe |
Source: SecuriteInfo.com.Heur.31042.29735.exe, 00000000.00000000.1418148749.0000000000C22000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameDemon Lookup.exe8 vs SecuriteInfo.com.Heur.31042.29735.exe |
Source: SecuriteInfo.com.Heur.31042.29735.exe, 00000000.00000002.2672803940.0000000004427000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameDemon Lookup.exe8 vs SecuriteInfo.com.Heur.31042.29735.exe |
Source: SecuriteInfo.com.Heur.31042.29735.exe, 00000000.00000002.2670117964.0000000003248000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclrjit.dllT vs SecuriteInfo.com.Heur.31042.29735.exe |
Source: SecuriteInfo.com.Heur.31042.29735.exe, 00000000.00000002.2670117964.0000000003248000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename vs SecuriteInfo.com.Heur.31042.29735.exe |
Source: SecuriteInfo.com.Heur.31042.29735.exe, 00000000.00000002.2670117964.0000000003248000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: $gq,\\StringFileInfo\\040904B0\\OriginalFilename vs SecuriteInfo.com.Heur.31042.29735.exe |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
Binary or memory string: OriginalFilenameDemon Lookup.exe8 vs SecuriteInfo.com.Heur.31042.29735.exe |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: SecuriteInfo.com.Heur.31042.29735.exe, nCP5vtxT3QjsSeuiK3.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: SecuriteInfo.com.Heur.31042.29735.exe, nCP5vtxT3QjsSeuiK3.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: SecuriteInfo.com.Heur.31042.29735.exe, nCP5vtxT3QjsSeuiK3.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: classification engine |
Classification label: mal68.troj.evad.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Mutant created: NULL |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.69% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
File read: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: mscorjit.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Section loaded: iconcodecservice.dll |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll |
Jump to behavior |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
Static file information: File size 2200064 > 1048576 |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x211800 |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: Demon Lookup.pdb source: SecuriteInfo.com.Heur.31042.29735.exe |
Source: SecuriteInfo.com.Heur.31042.29735.exe, nCP5vtxT3QjsSeuiK3.cs |
.Net Code: Type.GetTypeFromHandle(nla1WKOGMY5oN5nImw.YLTPhkyqLF6F9(16777922)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(nla1WKOGMY5oN5nImw.YLTPhkyqLF6F9(16777319)),Type.GetTypeFromHandle(nla1WKOGMY5oN5nImw.YLTPhkyqLF6F9(16777307))}) |
Source: SecuriteInfo.com.Heur.31042.29735.exe |
Static PE information: 0xC37D13F1 [Wed Dec 6 02:50:25 2073 UTC] |
Source: SecuriteInfo.com.Heur.31042.29735.exe, XmlDeserializer.cs |
High entropy of concatenated method names: 'AShxtKNgpRu', 'JphxtDpp9ZN', 'U32xtZfmmca', 'pwpxthD16wC', 'XNhxtQgkNHU', 'ADixt3qGeuH', 'GK9xxt7adJW', 'fS9xxYij6Bj', 'oEcxxrIjElC', 'rIMxxMrPNk7' |
Source: SecuriteInfo.com.Heur.31042.29735.exe, JsonSerializerInternalReader.cs |
High entropy of concatenated method names: 'B5PEjXG5Xl', 'AXxEfX2uad', 'tsHEaMxpd4', 'DsvEnkfYjQ', 'mWhE5Ei3R8', 'Populate', 'aXcjZGErTb', 'Deserialize', 'kKojhYbUAI', 'QJ6jQabmqQ' |
Source: SecuriteInfo.com.Heur.31042.29735.exe, JsonSerializerInternalWriter.cs |
High entropy of concatenated method names: 'Serialize', 'SKly85pJff', 'u2dybPOxw8', 'b5Wy4KdUOg', 'IgKyXisRU7', 'yAnyGmbC2e', 'RfEydedQhd', 'crwyjmHn3J', 'NPoyyXg9ED', 'JDNyfCe3T9' |
Source: SecuriteInfo.com.Heur.31042.29735.exe, nCP5vtxT3QjsSeuiK3.cs |
High entropy of concatenated method names: 'WiPxz4ErS9', 'wF8A8TaRGh', 'HefA1kxtZZ', 'KDCAxb9WJB', 'gNsAAIBaNY', 'm2sAbvmr5t', 'JUvPhkwy9pJ5A', 'yI41JQ64h', 'uqQx0MUPHVl', 'Ok2x0ONlBS5' |
Source: SecuriteInfo.com.Heur.31042.29735.exe, BsonReader.cs |
High entropy of concatenated method names: 'Ohls3770UV', 'Read', 'Close', 'T76sS6pEZ7', 'JO7sT7eNdp', 'f4wsRiYhWL', 'AqGswuGdGS', 'uHTsB6PR2j', 'BiysJcdKmA', 'UgCszixwGx' |
Source: SecuriteInfo.com.Heur.31042.29735.exe, Http.cs |
High entropy of concatenated method names: 'E9IBEMeHUB', 'JGYBKrg4V0', 'A6yBZtRDiZ', 'lQJBhh40up', 'qVSBTu5q5B', 'OSUBBRQITN', 'kBsBJETI6i', 'q3yJxAKMMl', 'njSJYy6jYf', 'hDBJMVeL1D' |
Source: SecuriteInfo.com.Heur.31042.29735.exe, JPath.cs |
High entropy of concatenated method names: 'IRd5DFp9Rr', 'aJk5ZsZewv', 'd8T5hj9Kmi', 'cqk5Qg6Phr', 'TD953ToHso', 'jpT5SHCAhm', 'PgP5T3OD6u', 'R145Rg2OsS', 'HoH5wCkD7T', 'n9m5BGkSy9' |
Source: SecuriteInfo.com.Heur.31042.29735.exe, Form1.cs |
High entropy of concatenated method names: 'mgrx1nbMT', 'koacLhthy', 'enqHrZLpx', 'G40YZ1axj', 'JNFPKQw5w', 'uu2rf64qx', 'ywmptPsbR', 'urtMQvvGC', 'HRCOmT5JL', 'P0dvTb2Xe' |
Source: SecuriteInfo.com.Heur.31042.29735.exe, XmlNodeConverter.cs |
High entropy of concatenated method names: 'WriteJson', 'IAts1P9knp', 'yRNsiDqkYM', 'fqesUTR5qR', 'p04sIySFhY', 'YvhsNAGh9Q', 'SkusmiS3Ru', 'j1SsVchA2O', 'O04s9XEEbm', 'oHBs22PvIM' |
Source: SecuriteInfo.com.Heur.31042.29735.exe, JsonValidatingReader.cs |
High entropy of concatenated method names: 'RRJKZmRIen', 'XrpKhtFVUr', 'gpPKQUUhls', 'n4ZK3kihot', 'PfdKSbUhBA', 'ynBkZsLJ4G', 'KvYkhZTKeG', 'qkek3sBS2b', 'NDtkSEHOYm', 'CMXkR7Bdpq' |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Memory allocated: 1560000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Memory allocated: 3200000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Memory allocated: 3010000 memory reserve | memory write watch |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Process token adjusted: Debug |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Memory allocated: page read and write | page guard |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.31042.29735.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Jump to behavior |
Source: Yara match |
File source: SecuriteInfo.com.Heur.31042.29735.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.SecuriteInfo.com.Heur.31042.29735.exe.c20000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Heur.31042.29735.exe.4427a60.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Heur.31042.29735.exe.4427a60.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1418148749.0000000000C22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.2672803940.0000000004427000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: SecuriteInfo.com.Heur.31042.29735.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.SecuriteInfo.com.Heur.31042.29735.exe.c20000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Heur.31042.29735.exe.4427a60.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Heur.31042.29735.exe.4427a60.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: SecuriteInfo.com.Heur.31042.29735.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.SecuriteInfo.com.Heur.31042.29735.exe.c20000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Heur.31042.29735.exe.4427a60.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Heur.31042.29735.exe.4427a60.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1418148749.0000000000C22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.2672803940.0000000004427000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: SecuriteInfo.com.Heur.31042.29735.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.SecuriteInfo.com.Heur.31042.29735.exe.c20000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Heur.31042.29735.exe.4427a60.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SecuriteInfo.com.Heur.31042.29735.exe.4427a60.0.unpack, type: UNPACKEDPE |