Source: eVirFdGeXm.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: |
Binary string: dccw.pdbGCTL source: eVirFdGeXm.exe |
Source: |
Binary string: dccw.pdb source: eVirFdGeXm.exe |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Code function: 0_2_00007FF6BC71EBC4 GetObjectW,GetLastError,GetWindowRect,GetLastError,GetDC,GetLastError,CreateCompatibleDC,GetLastError,SelectObject,CreateCompatibleDC,GetLastError,SetStretchBltMode,GetLastError,CreateCompatibleBitmap,GetLastError,SelectObject,StretchBlt,GetLastError,SendMessageW,DeleteObject,ReleaseDC,DeleteDC,DeleteDC,DeleteObject, |
0_2_00007FF6BC71EBC4 |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Code function: 0_2_00007FF6BC711170 |
0_2_00007FF6BC711170 |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Code function: 0_2_00007FF6BC714120 |
0_2_00007FF6BC714120 |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Code function: 0_2_00007FF6BC71EBC4 |
0_2_00007FF6BC71EBC4 |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Code function: 0_2_00007FF6BC712518 |
0_2_00007FF6BC712518 |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Code function: 0_2_00007FF6BC71892C |
0_2_00007FF6BC71892C |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Code function: 0_2_00007FF6BC71388C |
0_2_00007FF6BC71388C |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Code function: 0_2_00007FF6BC712E8C |
0_2_00007FF6BC712E8C |
Source: eVirFdGeXm.exe |
Binary or memory string: OriginalFilename vs eVirFdGeXm.exe |
Source: eVirFdGeXm.exe, 00000000.00000002.1514905406.00007FF6BC72A000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamedccw.exej% vs eVirFdGeXm.exe |
Source: eVirFdGeXm.exe |
Binary or memory string: OriginalFilenamedccw.exej% vs eVirFdGeXm.exe |
Source: classification engine |
Classification label: clean4.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Code function: 0_2_00007FF6BC720478 FormatMessageW,LocalFree,GetLastError, |
0_2_00007FF6BC720478 |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Code function: 0_2_00007FF6BC711780 CoCreateInstance, |
0_2_00007FF6BC711780 |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Code function: 0_2_00007FF6BC71E884 FindResourceW,GetLastError,LoadResource,GetLastError,SizeofResource,LockResource,GlobalAlloc,GetLastError,GlobalLock,GetLastError,memcpy,CreateStreamOnHGlobal,GlobalUnlock,GlobalFree,GlobalUnlock,GetLastError,GdipAlloc,GdipCreateBitmapFromStream,GdipCreateHBITMAPFromBitmap,GetObjectW,GetLastError, |
0_2_00007FF6BC71E884 |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\DCCW Startup Mutex |
Source: eVirFdGeXm.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Section loaded: dxva2.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Section loaded: mscms.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Section loaded: coloradapterclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Section loaded: duser.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Section loaded: atlthunk.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: eVirFdGeXm.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: eVirFdGeXm.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: eVirFdGeXm.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: eVirFdGeXm.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: eVirFdGeXm.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: eVirFdGeXm.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: eVirFdGeXm.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: eVirFdGeXm.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: eVirFdGeXm.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: dccw.pdbGCTL source: eVirFdGeXm.exe |
Source: |
Binary string: dccw.pdb source: eVirFdGeXm.exe |
Source: eVirFdGeXm.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: eVirFdGeXm.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: eVirFdGeXm.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: eVirFdGeXm.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: eVirFdGeXm.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: eVirFdGeXm.exe |
Static PE information: 0x9AF322B1 [Sat May 18 06:09:53 2052 UTC] |
Source: eVirFdGeXm.exe |
Static PE information: real checksum: 0x1f5dd should be: 0x90725 |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
API coverage: 5.0 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Code function: 0_2_00007FF6BC71F7DC GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree, |
0_2_00007FF6BC71F7DC |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Code function: 0_2_00007FF6BC721010 SetUnhandledExceptionFilter, |
0_2_00007FF6BC721010 |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Code function: 0_2_00007FF6BC720CE8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF6BC720CE8 |
Source: C:\Users\user\Desktop\eVirFdGeXm.exe |
Code function: 0_2_00007FF6BC7211E4 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,GetTickCount,QueryPerformanceCounter, |
0_2_00007FF6BC7211E4 |