Source: fqfeeCJXIY.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED |
Source: fqfeeCJXIY.exe, 00000000.00000002.2175371662.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://www.NewXing.com |
Source: fqfeeCJXIY.exe, 00000000.00000000.2129019985.000000000059A000.00000020.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilename vs fqfeeCJXIY.exe |
Source: fqfeeCJXIY.exe |
Binary or memory string: OriginalFilename vs fqfeeCJXIY.exe |
Source: fqfeeCJXIY.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED |
Source: fqfeeCJXIY.exe |
Static PE information: Section: 0ext ZLIB complexity 0.9960295962591241 |
Source: fqfeeCJXIY.exe |
Static PE information: Section: 5ata ZLIB complexity 1.00048828125 |
Source: fqfeeCJXIY.exe, 00000000.00000002.2175371662.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: ~.vbp@ |
Source: fqfeeCJXIY.exe, 00000000.00000002.2175371662.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: ~.vbp @m |
Source: classification engine |
Classification label: sus22.winEXE@1/1@0/0 |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Mutant created: NULL |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
File created: C:\Users\user\AppData\Local\Temp\~DF590B5E50594AA91C.TMP |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
File read: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: msvbvm60.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: vb6zz.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: vb6chs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: vb6chs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: initial sample |
Static PE information: section where entry point is pointing to: 3ext |
Source: fqfeeCJXIY.exe |
Static PE information: section name: 0ext |
Source: fqfeeCJXIY.exe |
Static PE information: section name: 1ata |
Source: fqfeeCJXIY.exe |
Static PE information: section name: 2src |
Source: fqfeeCJXIY.exe |
Static PE information: section name: 3ext |
Source: fqfeeCJXIY.exe |
Static PE information: section name: 4data |
Source: fqfeeCJXIY.exe |
Static PE information: section name: 5ata |
Source: fqfeeCJXIY.exe |
Static PE information: section name: 0ext entropy: 7.999257185550183 |
Source: fqfeeCJXIY.exe |
Static PE information: section name: 3ext entropy: 7.904648337578353 |
Source: fqfeeCJXIY.exe |
Static PE information: section name: 5ata entropy: 7.994227836892481 |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\fqfeeCJXIY.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |