Windows
Analysis Report
Installe Digicall V1011.exe
Overview
General Information
Detection
Score: | 3 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
- System is w10x64
- Installe Digicall V1011.exe (PID: 7620 cmdline:
"C:\Users\ user\Deskt op\Install e Digicall V1011.exe " MD5: DDD4A9BC51107DA308B55929D18C512F) - Installe Digicall V1011.tmp (PID: 7636 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-3QL 3P.tmp\Ins talle Digi call V1011 .tmp" /SL5 ="$2047E,8 063046,721 408,C:\Use rs\user\De sktop\Inst alle Digic all V1011. exe" MD5: 84DB4B4205F705DA71471DC6ECC061F5)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | Static PE information: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Key value created or modified: | Jump to behavior |
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key value created or modified: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window detected: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 2 System Owner/User Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1533223 |
Start date and time: | 2024-10-14 14:32:24 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Installe Digicall V1011.exe |
Detection: | CLEAN |
Classification: | clean3.winEXE@3/2@0/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: Installe Digicall V1011.exe
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\is-J8L1A.tmp\_isetup\_setup64.tmp | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | RHADAMANTHYS | Browse | |||
Get hash | malicious | RHADAMANTHYS | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Phisher | Browse | |||
Get hash | malicious | Phisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
C:\Users\user\AppData\Local\Temp\is-3QL3P.tmp\Installe Digicall V1011.tmp | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Process: | C:\Users\user\Desktop\Installe Digicall V1011.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2535424 |
Entropy (8bit): | 6.378725232145821 |
Encrypted: | false |
SSDEEP: | 49152:gg2qPtc1e5OS7bPGoUl+x/grN4azvchYk2F:gvqPCnrN4azvSY |
MD5: | 84DB4B4205F705DA71471DC6ECC061F5 |
SHA1: | B90BAC8C13A1553D58FEEF95A2C41C64118B29CF |
SHA-256: | 647983EBDE53E0501FF1AF8EF6190DFEEA5CCC64CAF7DCE808F1E3D98FB66A3C |
SHA-512: | C5803B63D33BB409433B496B83CA2A7359B4B1835815386206283B3AF5C54D7D1CB9E80244A888638C7703C4BF54E1B2C11BE6836F20B9FEA157AB92BFBF365A |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\is-3QL3P.tmp\Installe Digicall V1011.tmp |
File Type: | |
Category: | dropped |
Size (bytes): | 6144 |
Entropy (8bit): | 4.720366600008286 |
Encrypted: | false |
SSDEEP: | 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0 |
MD5: | E4211D6D009757C078A9FAC7FF4F03D4 |
SHA1: | 019CD56BA687D39D12D4B13991C9A42EA6BA03DA |
SHA-256: | 388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95 |
SHA-512: | 17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.969351631656782 |
TrID: |
|
File name: | Installe Digicall V1011.exe |
File size: | 8'760'634 bytes |
MD5: | ddd4a9bc51107da308b55929d18c512f |
SHA1: | 9f3ccfe491e05e66696a8af045f613a4703d6a13 |
SHA256: | 13aaab999e072463f83e6a7212f58d7a3b1120a9fafad8b55d2bd1569b78bbd0 |
SHA512: | 2133db3530f8e78b23ef0737799bf89896f7a50eaeaccf8e0ca4bb3645f9feb19d5ab293b4416588dd6a7e5ac1daa5ba3e48fae08166c3911b2bdc83ee99c01e |
SSDEEP: | 196608:lC2U3LgMuzdcjfoZzovxz5vFka1+DpYNiPBQeWA2FG:wj3Lgdd6o2ZmDDeNiPB3J |
TLSH: | 0B962327B294A53EC4AA2B314573A15068FBA669F417BE1637F4C48DCF361C01E3A736 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 2d2e3797b32b2b99 |
Entrypoint: | 0x4a7ed0 |
Entrypoint Section: | .itext |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5DA1B5ED [Sat Oct 12 11:15:57 2019 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | eb5bc6ff6263b364dfbfb78bdb48ed59 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFA4h |
push ebx |
push esi |
push edi |
xor eax, eax |
mov dword ptr [ebp-3Ch], eax |
mov dword ptr [ebp-40h], eax |
mov dword ptr [ebp-5Ch], eax |
mov dword ptr [ebp-30h], eax |
mov dword ptr [ebp-38h], eax |
mov dword ptr [ebp-34h], eax |
mov dword ptr [ebp-2Ch], eax |
mov dword ptr [ebp-28h], eax |
mov dword ptr [ebp-14h], eax |
mov eax, 004A2BC4h |
call 00007F58FD1C9B6Dh |
xor eax, eax |
push ebp |
push 004A85C2h |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
xor edx, edx |
push ebp |
push 004A857Eh |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
mov eax, dword ptr [004B0634h] |
call 00007F58FD25DC6Bh |
call 00007F58FD25D7C2h |
lea edx, dword ptr [ebp-14h] |
xor eax, eax |
call 00007F58FD1DF198h |
mov edx, dword ptr [ebp-14h] |
mov eax, 004B3714h |
call 00007F58FD1C43F7h |
push 00000002h |
push 00000000h |
push 00000001h |
mov ecx, dword ptr [004B3714h] |
mov dl, 01h |
mov eax, dword ptr [00423698h] |
call 00007F58FD1E01FFh |
mov dword ptr [004B3718h], eax |
xor edx, edx |
push ebp |
push 004A852Ah |
push dword ptr fs:[edx] |
mov dword ptr fs:[edx], esp |
call 00007F58FD25DCF3h |
mov dword ptr [004B3720h], eax |
mov eax, dword ptr [004B3720h] |
cmp dword ptr [eax+0Ch], 01h |
jne 00007F58FD2645AAh |
mov eax, dword ptr [004B3720h] |
mov edx, 00000028h |
call 00007F58FD1E0AF4h |
mov edx, dword ptr [004B3720h] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xb6000 | 0x9a | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xb4000 | 0xf1c | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xb9000 | 0x4600 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xb8000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xb42e0 | 0x240 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0xb5000 | 0x1a4 | .didata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xa50e8 | 0xa5200 | f082ee6260fd65bd4406603aefa5b38a | False | 0.35601136686222556 | data | 6.369284753795082 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0xa7000 | 0x1668 | 0x1800 | 01fc0e6510748ac1fa24729bd4c8d31d | False | 0.541015625 | data | 5.951810643537571 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0xa9000 | 0x37a4 | 0x3800 | 34fa73ad8332bf3785e4314a4334a782 | False | 0.36063058035714285 | data | 5.035168539011174 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0xad000 | 0x6778 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0xb4000 | 0xf1c | 0x1000 | daddecfdccd86a491d85012d9e547c63 | False | 0.36474609375 | data | 4.791610915860562 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.didata | 0xb5000 | 0x1a4 | 0x200 | be0581a07bd7d21a29f93f8752d3e826 | False | 0.345703125 | data | 2.7458225536678693 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0xb6000 | 0x9a | 0x200 | c7a09d734ff63f677dfd4d18e3440fdf | False | 0.2578125 | data | 1.881069204504408 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0xb7000 | 0x18 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0xb8000 | 0x5d | 0x200 | 955f17d4899f3cf7664168fa46e1b316 | False | 0.189453125 | data | 1.3799881252217987 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0xb9000 | 0x4600 | 0x4600 | 65354840c4b1e1c6f6200acf33f59799 | False | 0.3203125 | data | 4.427770206474739 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xb94c8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | Dutch | Netherlands | 0.5675675675675675 |
RT_ICON | 0xb95f0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | Dutch | Netherlands | 0.4486994219653179 |
RT_ICON | 0xb9b58 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Dutch | Netherlands | 0.4637096774193548 |
RT_ICON | 0xb9e40 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | Dutch | Netherlands | 0.3935018050541516 |
RT_STRING | 0xba6e8 | 0x360 | data | 0.34375 | ||
RT_STRING | 0xbaa48 | 0x260 | data | 0.3256578947368421 | ||
RT_STRING | 0xbaca8 | 0x45c | data | 0.4068100358422939 | ||
RT_STRING | 0xbb104 | 0x40c | data | 0.3754826254826255 | ||
RT_STRING | 0xbb510 | 0x2d4 | data | 0.39226519337016574 | ||
RT_STRING | 0xbb7e4 | 0xb8 | data | 0.6467391304347826 | ||
RT_STRING | 0xbb89c | 0x9c | data | 0.6410256410256411 | ||
RT_STRING | 0xbb938 | 0x374 | data | 0.4230769230769231 | ||
RT_STRING | 0xbbcac | 0x398 | data | 0.3358695652173913 | ||
RT_STRING | 0xbc044 | 0x368 | data | 0.3795871559633027 | ||
RT_STRING | 0xbc3ac | 0x2a4 | data | 0.4275147928994083 | ||
RT_RCDATA | 0xbc650 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0xbc660 | 0x2c4 | data | 0.6384180790960452 | ||
RT_RCDATA | 0xbc924 | 0x2c | data | 1.1590909090909092 | ||
RT_GROUP_ICON | 0xbc950 | 0x3e | data | English | United States | 0.8387096774193549 |
RT_VERSION | 0xbc990 | 0x584 | data | English | United States | 0.25 |
RT_MANIFEST | 0xbcf14 | 0x62c | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4240506329113924 |
DLL | Import |
---|---|
kernel32.dll | GetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale |
comctl32.dll | InitCommonControls |
version.dll | GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW |
user32.dll | CreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW |
oleaut32.dll | SysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate |
netapi32.dll | NetWkstaGetInfo, NetApiBufferFree |
advapi32.dll | RegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW |
Name | Ordinal | Address |
---|---|---|
TMethodImplementationIntercept | 3 | 0x453ac0 |
__dbk_fcall_wrapper | 2 | 0x40d3dc |
dbkFCallWrapperAddr | 1 | 0x4b063c |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Dutch | Netherlands | |
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 08:33:15 |
Start date: | 14/10/2024 |
Path: | C:\Users\user\Desktop\Installe Digicall V1011.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 8'760'634 bytes |
MD5 hash: | DDD4A9BC51107DA308B55929D18C512F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 08:33:16 |
Start date: | 14/10/2024 |
Path: | C:\Users\user\AppData\Local\Temp\is-3QL3P.tmp\Installe Digicall V1011.tmp |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 2'535'424 bytes |
MD5 hash: | 84DB4B4205F705DA71471DC6ECC061F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Antivirus matches: |
|
Reputation: | moderate |
Has exited: | false |