Source: antispam.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\Users\lfkmf\source\repos\AuthFormCpp\x64\Release\AuthFormCpp.pdb%% source: antispam.exe |
Source: |
Binary string: C:\Users\lfkmf\source\repos\AuthFormCpp\x64\Release\AuthFormCpp.pdb source: antispam.exe |
Source: C:\Users\user\Desktop\antispam.exe |
Code function: 0_2_00007FF6A1F715B0 |
0_2_00007FF6A1F715B0 |
Source: C:\Users\user\Desktop\antispam.exe |
Code function: 0_2_00007FF6A1F71FC0 |
0_2_00007FF6A1F71FC0 |
Source: C:\Users\user\Desktop\antispam.exe |
Code function: 0_2_00007FF6A1F71230 |
0_2_00007FF6A1F71230 |
Source: qwertyuio.txt.0.dr |
Binary string: Boot Device: \Device\HarddiskVolume1 |
Source: classification engine |
Classification label: mal48.evad.winEXE@18/2@0/0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6024:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3740:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6780:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3844:120:WilError_03 |
Source: C:\Users\user\Desktop\antispam.exe |
File created: C:\Users\user\AppData\Local\Temp\qwertyuio.txt |
Jump to behavior |
Source: antispam.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Windows\System32\systeminfo.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\System32\systeminfo.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\System32\conhost.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\System32\conhost.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Users\user\Desktop\antispam.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\antispam.exe "C:\Users\user\Desktop\antispam.exe" |
|
Source: C:\Users\user\Desktop\antispam.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\antispam.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /c systeminfo |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\systeminfo.exe systeminfo |
|
Source: C:\Windows\System32\systeminfo.exe |
Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding |
|
Source: C:\Users\user\Desktop\antispam.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /c route print |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\ROUTE.EXE route print |
|
Source: C:\Users\user\Desktop\antispam.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /c ipconfig /all |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\ipconfig.exe ipconfig /all |
|
Source: C:\Users\user\Desktop\antispam.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /c systeminfo |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /c route print |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /c ipconfig /all |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\systeminfo.exe systeminfo |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\ROUTE.EXE route print |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\ipconfig.exe ipconfig /all |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: fastprox.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: ncobjapi.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: esscli.dll |
Jump to behavior |
Source: C:\Windows\System32\ROUTE.EXE |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\ROUTE.EXE |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Windows\System32\ROUTE.EXE |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\System32\ROUTE.EXE |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\System32\ipconfig.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\ipconfig.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\System32\ipconfig.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Windows\System32\ipconfig.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\System32\ipconfig.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\System32\systeminfo.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\systeminfo.exe systeminfo |
Source: C:\Users\user\Desktop\antispam.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe |
Automated click: OK |
Source: antispam.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: antispam.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: antispam.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: antispam.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: antispam.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: antispam.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: antispam.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: antispam.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: antispam.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: C:\Users\lfkmf\source\repos\AuthFormCpp\x64\Release\AuthFormCpp.pdb%% source: antispam.exe |
Source: |
Binary string: C:\Users\lfkmf\source\repos\AuthFormCpp\x64\Release\AuthFormCpp.pdb source: antispam.exe |
Source: antispam.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: antispam.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: antispam.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: antispam.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: antispam.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\ipconfig.exe ipconfig /all |
Source: C:\Windows\System32\systeminfo.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\systeminfo.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter |
Source: C:\Windows\System32\conhost.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter |
Source: C:\Windows\System32\systeminfo.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS |
Source: C:\Windows\System32\conhost.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS |
Source: C:\Windows\System32\systeminfo.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\System32\systeminfo.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\System32\conhost.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\System32\conhost.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: qwertyuio.txt.0.dr |
Binary or memory string: Hyper-V Requirements: VM Monitor Mode Extensions: No |
Source: ROUTE.EXE, 00000008.00000002.1859464175.0000022AFC069000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\antispam.exe |
Code function: 0_2_00007FF6A1F746E4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF6A1F746E4 |
Source: C:\Users\user\Desktop\antispam.exe |
Code function: 0_2_00007FF6A1F748C4 SetUnhandledExceptionFilter, |
0_2_00007FF6A1F748C4 |
Source: C:\Users\user\Desktop\antispam.exe |
Code function: 0_2_00007FF6A1F73DC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF6A1F73DC0 |
Source: C:\Users\user\Desktop\antispam.exe |
Code function: 0_2_00007FF6A1F746E4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF6A1F746E4 |
Source: C:\Users\user\Desktop\antispam.exe |
Code function: 0_2_00007FF6A1F71FC0 CreatePipe,SetHandleInformation,memcpy,CreateProcessW,CloseHandle,CloseHandle,CloseHandle,ReadFile,memcpy,ReadFile,CloseHandle,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,Concurrency::cancel_current_task,DefWindowProcW,PostQuitMessage,SendMessageW,GetWindowTextW,GetWindowTextLengthW,GetWindowTextW,wcschr,wcscpy_s,wcscpy_s,memset,GetComputerNameExW,lstrcmpiW,LogonUserW,FlushFileBuffers,SetFilePointer,WriteFile,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SetFilePointer,WriteFile,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SetFilePointer,WriteFile,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,memcpy,memcpy,SetFilePointer,WriteFile,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,FlushFileBuffers,MessageBoxW,PostQuitMessage,CloseHandle,memcpy,memcpy,SetFilePointer,WriteFile,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,FlushFileBuffers,MessageBoxW,Concurrency::cancel_current_task,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF6A1F71FC0 |
Source: C:\Users\user\Desktop\antispam.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /c systeminfo |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /c route print |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /c ipconfig /all |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\systeminfo.exe systeminfo |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\ROUTE.EXE route print |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\ipconfig.exe ipconfig /all |
Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe |
Code function: 0_2_00007FF6A1F745C4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00007FF6A1F745C4 |
Source: C:\Users\user\Desktop\antispam.exe |
Code function: 0_2_00007FF6A1F715B0 InitCommonControlsEx,LoadIconW,LoadCursorW,LoadIconW,GetTempPathW,memcpy,_invalid_parameter_noinfo_noreturn,CreateFileW,AllocConsole,GetConsoleWindow,GetWindowLongW,SetWindowLongW,ShowWindow,ShowWindow,SetConsoleTitleW,__acrt_iob_func,freopen_s,__acrt_iob_func,freopen_s,__acrt_iob_func,freopen_s,GetStdHandle,SetStdHandle,GetStdHandle,SetStdHandle,GetStdHandle,SetStdHandle,printf,SleepEx,printf,RegisterClassExW,CreateWindowExW,GetWindowLongW,SetWindowLongW,CreateWindowExW,LoadBitmapW,SendMessageW,SendMessageW,SendMessageW,CreateWindowExW,CreateFontW,SendMessageW,CreateWindowExW,SendMessageW,NetGetJoinInformation,SetFilePointer,WriteFile,_invalid_parameter_noinfo_noreturn,SetFilePointer,WriteFile,_invalid_parameter_noinfo_noreturn,GetUserNameExW,SendMessageW,SendMessageW,CreateWindowExW,SendMessageW,CreateWindowExW,CreateWindowExW,SendMessageW,CreateWindowExW,SendMessageW,ShowWindow,UpdateWindow,GetMessageW,TranslateMessage,DispatchMessageW,GetMessageW,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF6A1F715B0 |