Source: ZKNiiqoHKV.exe |
ReversingLabs: Detection: 34% |
Source: ZKNiiqoHKV.exe |
Virustotal: Detection: 51% |
Perma Link |
Source: Submited Sample |
Integrated Neural Analysis Model: Matched 93.6% probability |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: |
Source: ZKNiiqoHKV.exe |
Static PE information: Number of sections : 13 > 10 |
Source: ZKNiiqoHKV.exe, 00000000.00000002.2911223832.0000000141E04000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameGunzLegacy.exe8 vs ZKNiiqoHKV.exe |
Source: ZKNiiqoHKV.exe |
Binary or memory string: OriginalFilenameGunzLegacy.exe8 vs ZKNiiqoHKV.exe |
Source: ZKNiiqoHKV.exe |
Static PE information: Section: ZLIB complexity 0.993994433008982 |
Source: ZKNiiqoHKV.exe |
Static PE information: Section: ZLIB complexity 0.9973697916666666 |
Source: ZKNiiqoHKV.exe |
Static PE information: Section: .reloc ZLIB complexity 1.5 |
Source: classification engine |
Classification label: mal60.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\ZKNiiqoHKV.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: ZKNiiqoHKV.exe |
ReversingLabs: Detection: 34% |
Source: ZKNiiqoHKV.exe |
Virustotal: Detection: 51% |
Source: C:\Users\user\Desktop\ZKNiiqoHKV.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ZKNiiqoHKV.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ZKNiiqoHKV.exe |
Section loaded: d3d9.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ZKNiiqoHKV.exe |
Section loaded: d3dx9_43.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ZKNiiqoHKV.exe |
Section loaded: fmod64.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ZKNiiqoHKV.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ZKNiiqoHKV.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ZKNiiqoHKV.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ZKNiiqoHKV.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ZKNiiqoHKV.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ZKNiiqoHKV.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ZKNiiqoHKV.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ZKNiiqoHKV.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ZKNiiqoHKV.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: ZKNiiqoHKV.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: ZKNiiqoHKV.exe |
Static file information: File size 6152208 > 1048576 |
Source: ZKNiiqoHKV.exe |
Static PE information: Raw size of is bigger than: 0x100000 < 0x1fe000 |
Source: ZKNiiqoHKV.exe |
Static PE information: Raw size of .boot is bigger than: 0x100000 < 0x2ff400 |
Source: initial sample |
Static PE information: section where entry point is pointing to: .boot |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: .themida |
Source: ZKNiiqoHKV.exe |
Static PE information: section name: .boot |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |