Click to jump to signature section
Source: antispam.exe | Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: | Binary string: C:\Users\lfkmf\source\repos\AuthFormCpp\x64\Release\AuthFormCpp.pdb%% source: antispam.exe |
Source: | Binary string: C:\Users\lfkmf\source\repos\AuthFormCpp\x64\Release\AuthFormCpp.pdb source: antispam.exe |
Source: C:\Users\user\Desktop\antispam.exe | Code function: 0_2_00007FF6A1F715B0 | 0_2_00007FF6A1F715B0 |
Source: C:\Users\user\Desktop\antispam.exe | Code function: 0_2_00007FF6A1F71FC0 | 0_2_00007FF6A1F71FC0 |
Source: C:\Users\user\Desktop\antispam.exe | Code function: 0_2_00007FF6A1F71230 | 0_2_00007FF6A1F71230 |
Source: qwertyuio.txt.0.dr | Binary string: Boot Device: \Device\HarddiskVolume1 |
Source: classification engine | Classification label: mal48.evad.winEXE@18/2@0/0 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6024:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3740:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6780:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3844:120:WilError_03 |
Source: C:\Users\user\Desktop\antispam.exe | File created: C:\Users\user\AppData\Local\Temp\qwertyuio.txt | Jump to behavior |
Source: antispam.exe | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Windows\System32\systeminfo.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\System32\systeminfo.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\System32\conhost.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\System32\conhost.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Users\user\Desktop\antispam.exe | Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: unknown | Process created: C:\Users\user\Desktop\antispam.exe "C:\Users\user\Desktop\antispam.exe" | |
Source: C:\Users\user\Desktop\antispam.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\antispam.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /c systeminfo | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\systeminfo.exe systeminfo | |
Source: C:\Windows\System32\systeminfo.exe | Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding | |
Source: C:\Users\user\Desktop\antispam.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /c route print | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\ROUTE.EXE route print | |
Source: C:\Users\user\Desktop\antispam.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /c ipconfig /all | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\ipconfig.exe ipconfig /all | |
Source: C:\Users\user\Desktop\antispam.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /c systeminfo | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /c route print | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /c ipconfig /all | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\systeminfo.exe systeminfo | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\ROUTE.EXE route print | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\ipconfig.exe ipconfig /all | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: msvcp140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: vcruntime140_1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: vcruntime140_1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: fastprox.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: ncobjapi.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe | Section loaded: esscli.dll | Jump to behavior |
Source: C:\Windows\System32\ROUTE.EXE | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\ROUTE.EXE | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\System32\ROUTE.EXE | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\System32\ROUTE.EXE | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\System32\ipconfig.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\ipconfig.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\System32\ipconfig.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\System32\ipconfig.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\System32\ipconfig.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\System32\systeminfo.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32 | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\systeminfo.exe systeminfo |
Source: C:\Users\user\Desktop\antispam.exe | Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe | Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe | Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe | Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe | Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe | Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe | Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe | Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe | Automated click: OK |
Source: C:\Users\user\Desktop\antispam.exe | Automated click: OK |
Source: antispam.exe | Static PE information: Image base 0x140000000 > 0x60000000 |
Source: antispam.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: antispam.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: antispam.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: antispam.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: antispam.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: antispam.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: antispam.exe | Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: antispam.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: | Binary string: C:\Users\lfkmf\source\repos\AuthFormCpp\x64\Release\AuthFormCpp.pdb%% source: antispam.exe |
Source: | Binary string: C:\Users\lfkmf\source\repos\AuthFormCpp\x64\Release\AuthFormCpp.pdb source: antispam.exe |
Source: antispam.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: antispam.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: antispam.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: antispam.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: antispam.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\ipconfig.exe ipconfig /all |
Source: C:\Windows\System32\systeminfo.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\systeminfo.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter |
Source: C:\Windows\System32\conhost.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter |
Source: C:\Windows\System32\systeminfo.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS |
Source: C:\Windows\System32\conhost.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS |
Source: C:\Windows\System32\systeminfo.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\System32\systeminfo.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\System32\conhost.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\System32\conhost.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: qwertyuio.txt.0.dr | Binary or memory string: Hyper-V Requirements: VM Monitor Mode Extensions: No |
Source: ROUTE.EXE, 00000008.00000002.1859464175.0000022AFC069000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\antispam.exe | Code function: 0_2_00007FF6A1F746E4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_00007FF6A1F746E4 |
Source: C:\Users\user\Desktop\antispam.exe | Code function: 0_2_00007FF6A1F748C4 SetUnhandledExceptionFilter, | 0_2_00007FF6A1F748C4 |
Source: C:\Users\user\Desktop\antispam.exe | Code function: 0_2_00007FF6A1F73DC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_2_00007FF6A1F73DC0 |
Source: C:\Users\user\Desktop\antispam.exe | Code function: 0_2_00007FF6A1F746E4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_00007FF6A1F746E4 |
Source: C:\Users\user\Desktop\antispam.exe | Code function: 0_2_00007FF6A1F71FC0 CreatePipe,SetHandleInformation,memcpy,CreateProcessW,CloseHandle,CloseHandle,CloseHandle,ReadFile,memcpy,ReadFile,CloseHandle,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,Concurrency::cancel_current_task,DefWindowProcW,PostQuitMessage,SendMessageW,GetWindowTextW,GetWindowTextLengthW,GetWindowTextW,wcschr,wcscpy_s,wcscpy_s,memset,GetComputerNameExW,lstrcmpiW,LogonUserW,FlushFileBuffers,SetFilePointer,WriteFile,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SetFilePointer,WriteFile,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SetFilePointer,WriteFile,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,memcpy,memcpy,SetFilePointer,WriteFile,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,FlushFileBuffers,MessageBoxW,PostQuitMessage,CloseHandle,memcpy,memcpy,SetFilePointer,WriteFile,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,FlushFileBuffers,MessageBoxW,Concurrency::cancel_current_task,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn, | 0_2_00007FF6A1F71FC0 |
Source: C:\Users\user\Desktop\antispam.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /c systeminfo | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /c route print | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /c ipconfig /all | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\systeminfo.exe systeminfo | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\ROUTE.EXE route print | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\ipconfig.exe ipconfig /all | Jump to behavior |
Source: C:\Users\user\Desktop\antispam.exe | Code function: 0_2_00007FF6A1F745C4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, | 0_2_00007FF6A1F745C4 |
Source: C:\Users\user\Desktop\antispam.exe | Code function: 0_2_00007FF6A1F715B0 InitCommonControlsEx,LoadIconW,LoadCursorW,LoadIconW,GetTempPathW,memcpy,_invalid_parameter_noinfo_noreturn,CreateFileW,AllocConsole,GetConsoleWindow,GetWindowLongW,SetWindowLongW,ShowWindow,ShowWindow,SetConsoleTitleW,__acrt_iob_func,freopen_s,__acrt_iob_func,freopen_s,__acrt_iob_func,freopen_s,GetStdHandle,SetStdHandle,GetStdHandle,SetStdHandle,GetStdHandle,SetStdHandle,printf,SleepEx,printf,RegisterClassExW,CreateWindowExW,GetWindowLongW,SetWindowLongW,CreateWindowExW,LoadBitmapW,SendMessageW,SendMessageW,SendMessageW,CreateWindowExW,CreateFontW,SendMessageW,CreateWindowExW,SendMessageW,NetGetJoinInformation,SetFilePointer,WriteFile,_invalid_parameter_noinfo_noreturn,SetFilePointer,WriteFile,_invalid_parameter_noinfo_noreturn,GetUserNameExW,SendMessageW,SendMessageW,CreateWindowExW,SendMessageW,CreateWindowExW,CreateWindowExW,SendMessageW,CreateWindowExW,SendMessageW,ShowWindow,UpdateWindow,GetMessageW,TranslateMessage,DispatchMessageW,GetMessageW,_invalid_parameter_noinfo_noreturn, | 0_2_00007FF6A1F715B0 |