Windows Analysis Report
DataIndustrial.exe

Overview

General Information

Sample name: DataIndustrial.exe
Analysis ID: 1539399
MD5: 152843eaad328f6a699815f061586c98
SHA1: d3e216b2edc83036e5846d15d15ecfb7f80d255b
SHA256: 34c92fe58fc12ef4ddb24159e745c05e48c3f27e4953a3ba4a87651516bd7d7b
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected suspicious sample
Checks for kernel debuggers (COM1)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Detected potential crypto function
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection

barindex
Source: Submited Sample Integrated Neural Analysis Model: Matched 93.4% probability
Source: DataIndustrial.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Binary string: c:\Projects\wPC_DIC_COMBO\Release\DataIndustrial.pdb source: DataIndustrial.exe
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_004513CB __EH_prolog3_GS,GetFullPathNameA,_DebugHeapAllocator,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,_DebugHeapAllocator, 0_2_004513CB
Source: unknown DNS traffic detected: query: 15.164.165.52.in-addr.arpa replaycode: Name error (3)
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
Source: DataIndustrial.exe String found in binary or memory: http://google.com/
Source: DataIndustrial.exe String found in binary or memory: http://google.com/(
Source: DataIndustrial.exe String found in binary or memory: http://www.badgermeter.com/Industrial.aspx
Source: DataIndustrial.exe String found in binary or memory: http://www.badgermeter.com/Literature/Industrial-Literature-Index/Impeller-Products.aspx
Source: DataIndustrial.exe String found in binary or memory: http://www.badgermeter.com/Literature/Industrial-Literature-Index/Impeller-Products.aspxopenManuals
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00460D51 __EH_prolog3,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetParent,SendMessageA,_memset,ScreenToClient,_memset,GetCursorPos,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SetWindowPos,SendMessageA,_memset,SendMessageA,GetParent, 0_2_00460D51
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00444DBB GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA, 0_2_00444DBB
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_0045D074 ScreenToClient,_memset,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow, 0_2_0045D074
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_004467E3 0_2_004467E3
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_0046E0BE 0_2_0046E0BE
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00466296 0_2_00466296
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00474640 0_2_00474640
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_004666A2 0_2_004666A2
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_0046E9D3 0_2_0046E9D3
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00466AC2 0_2_00466AC2
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00474B84 0_2_00474B84
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_0042AF60 0_2_0042AF60
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_004750C8 0_2_004750C8
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_0047595E 0_2_0047595E
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_004659ED 0_2_004659ED
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_0046FD8E 0_2_0046FD8E
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00465EC2 0_2_00465EC2
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: String function: 00413FC0 appears 50 times
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: String function: 0046791C appears 51 times
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: String function: 0044C6AB appears 46 times
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: String function: 004493A1 appears 33 times
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: String function: 0046775A appears 150 times
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: String function: 0046778D appears 42 times
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: String function: 0042C800 appears 82 times
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: String function: 004041E0 appears 148 times
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: String function: 0044C65F appears 41 times
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: String function: 00403170 appears 183 times
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: String function: 004436FD appears 75 times
Source: DataIndustrial.exe Binary or memory string: OriginalFileName vs DataIndustrial.exe
Source: DataIndustrial.exe, 00000000.00000000.1709328170.000000000047E000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFileName vs DataIndustrial.exe
Source: DataIndustrial.exe, 00000000.00000000.1709328170.000000000047E000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: \\.\COM%dCOMCOM%dSETUPAPI.DLLSetupDiOpenDevRegKeySetupDiClassGuidsFromNameASetupDiGetClassDevsASetupDiDestroyDeviceInfoListSetupDiEnumDeviceInfoPortsPortsPortNameCOMCOM\\VarFileInfo\Translation\StringFileInfo\%04X%04X\CompanyNameFileDescriptionFileVersionInternalNameLegalCopyrightOriginalFileNameProductNameProductVersionCommentsLegalTrademarksPrivateBuildSpecialBuild vs DataIndustrial.exe
Source: DataIndustrial.exe, 00000000.00000002.2947549346.000000000081D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameD3D10Warp.dl vs DataIndustrial.exe
Source: DataIndustrial.exe, 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFileName vs DataIndustrial.exe
Source: DataIndustrial.exe, 00000000.00000002.2947374210.000000000047E000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: \\.\COM%dCOMCOM%dSETUPAPI.DLLSetupDiOpenDevRegKeySetupDiClassGuidsFromNameASetupDiGetClassDevsASetupDiDestroyDeviceInfoListSetupDiEnumDeviceInfoPortsPortsPortNameCOMCOM\\VarFileInfo\Translation\StringFileInfo\%04X%04X\CompanyNameFileDescriptionFileVersionInternalNameLegalCopyrightOriginalFileNameProductNameProductVersionCommentsLegalTrademarksPrivateBuildSpecialBuild vs DataIndustrial.exe
Source: DataIndustrial.exe Binary or memory string: OriginalFileName vs DataIndustrial.exe
Source: DataIndustrial.exe Binary or memory string: \\.\COM%dCOMCOM%dSETUPAPI.DLLSetupDiOpenDevRegKeySetupDiClassGuidsFromNameASetupDiGetClassDevsASetupDiDestroyDeviceInfoListSetupDiEnumDeviceInfoPortsPortsPortNameCOMCOM\\VarFileInfo\Translation\StringFileInfo\%04X%04X\CompanyNameFileDescriptionFileVersionInternalNameLegalCopyrightOriginalFileNameProductNameProductVersionCommentsLegalTrademarksPrivateBuildSpecialBuild vs DataIndustrial.exe
Source: C:\Users\user\Desktop\DataIndustrial.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE Jump to behavior
Source: DataIndustrial.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: mal48.evad.winEXE@1/4@1/0
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_0041F780 GetLastError,_memset,FormatMessageA,_strcat, 0_2_0041F780
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00414160 FindResourceA, 0_2_00414160
Source: C:\Users\user\Desktop\DataIndustrial.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\128[1] Jump to behavior
Source: DataIndustrial.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\DataIndustrial.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe File read: C:\Users\user\Desktop\DataIndustrial.exe:Zone.Identifier Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: oledlg.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: msiso.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: mshtml.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: msimtf.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: DataIndustrial.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: c:\Projects\wPC_DIC_COMBO\Release\DataIndustrial.pdb source: DataIndustrial.exe
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00426D00 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,RegQueryValueExA,_strlen,RegCloseKey,FreeLibrary, 0_2_00426D00
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00467832 push ecx; ret 0_2_00467845
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00467961 push ecx; ret 0_2_00467974
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00442063 MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect, 0_2_00442063
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00426800 IsIconic, 0_2_00426800
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Memory allocated: 4580000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_004513CB __EH_prolog3_GS,GetFullPathNameA,_DebugHeapAllocator,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,_DebugHeapAllocator, 0_2_004513CB
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00467C67 VirtualQuery,GetSystemInfo,GetModuleHandleW,GetProcAddress,VirtualAlloc,VirtualProtect, 0_2_00467C67
Source: C:\Users\user\Desktop\DataIndustrial.exe API call chain: ExitProcess graph end node

Anti Debugging

barindex
Source: C:\Users\user\Desktop\DataIndustrial.exe File opened: COM1 Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_0046722D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_0046722D
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00467C67 VirtualProtect ?,-00000001,00000104,? 0_2_00467C67
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00426D00 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,RegQueryValueExA,_strlen,RegCloseKey,FreeLibrary, 0_2_00426D00
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_004725D3 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_004725D3
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_0046722D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_0046722D
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_004637E0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_004637E0
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00471A57 SetUnhandledExceptionFilter, 0_2_00471A57
Source: C:\Users\user\Desktop\DataIndustrial.exe Memory allocated: page read and write | page guard Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: _strcpy_s,GetLocaleInfoA,__snwprintf_s,LoadLibraryA, 0_2_0044D8B2
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: GetLocaleInfoA, 0_2_004752AA
Source: C:\Users\user\Desktop\DataIndustrial.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_004723B2 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, 0_2_004723B2
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00470B17 __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson, 0_2_00470B17
Source: C:\Users\user\Desktop\DataIndustrial.exe Code function: 0_2_00426AC0 GetVersionExA,QueryDosDeviceA,_strlen,SetLastError, 0_2_00426AC0
No contacted IP infos