Windows Analysis Report
Arc.exe

Overview

General Information

Sample name: Arc.exe
Analysis ID: 1546106
MD5: 9efbd1e945b18f274d9c5a620d5fe7d5
SHA1: 7eceb65d872d41fe856e0b0857ce26555a208966
SHA256: f4a276a1a1ac31ef87549648b5c71f2a637bd354efe265fdd60b505d7888424f

Detection

Score: 3
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Program does not show much activity (idle)
Suricata IDS alerts with low severity for network traffic

Classification

Source: Arc.exe Static PE information: certificate valid
Source: Arc.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: Arc.exe.pdb source: Arc.exe
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1AF940 FindNextFileW,GetLastError,FindNextFileW,GetLastError,FindClose,GetFileAttributesW,FindFirstFileExW, 6_2_00007FF7DF1AF940
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.10:49767
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.10:49910
Source: Arc.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Arc.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Arc.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Arc.exe String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: Arc.exe String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0#
Source: Arc.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Arc.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Arc.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Arc.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: Arc.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: Arc.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: Arc.exe String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: Arc.exe String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: Arc.exe String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: Arc.exe String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: Arc.exe String found in binary or memory: https://www.globalsign.com/repository/0
Detected potential crypto function
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF26508C 6_2_00007FF7DF26508C
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF2490BC 6_2_00007FF7DF2490BC
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1AC0D0 6_2_00007FF7DF1AC0D0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1F40A0 6_2_00007FF7DF1F40A0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF294110 6_2_00007FF7DF294110
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF205100 6_2_00007FF7DF205100
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF24BF30 6_2_00007FF7DF24BF30
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1A0F80 6_2_00007FF7DF1A0F80
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF23FF78 6_2_00007FF7DF23FF78
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1B5F90 6_2_00007FF7DF1B5F90
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF265F78 6_2_00007FF7DF265F78
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF256F84 6_2_00007FF7DF256F84
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF240F70 6_2_00007FF7DF240F70
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF229F60 6_2_00007FF7DF229F60
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF191000 6_2_00007FF7DF191000
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1F1010 6_2_00007FF7DF1F1010
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1B4E40 6_2_00007FF7DF1B4E40
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF202E20 6_2_00007FF7DF202E20
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF25EE30 6_2_00007FF7DF25EE30
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF194EB0 6_2_00007FF7DF194EB0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF23EEF0 6_2_00007FF7DF23EEF0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1B6EF0 6_2_00007FF7DF1B6EF0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1F1EF0 6_2_00007FF7DF1F1EF0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF245D90 6_2_00007FF7DF245D90
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF240D6C 6_2_00007FF7DF240D6C
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF242D74 6_2_00007FF7DF242D74
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF20ADA0 6_2_00007FF7DF20ADA0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1A6E00 6_2_00007FF7DF1A6E00
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF201DE0 6_2_00007FF7DF201DE0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF21EC40 6_2_00007FF7DF21EC40
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF19DC20 6_2_00007FF7DF19DC20
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1FAC20 6_2_00007FF7DF1FAC20
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF20FC30 6_2_00007FF7DF20FC30
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1AAC30 6_2_00007FF7DF1AAC30
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1A9C30 6_2_00007FF7DF1A9C30
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF229C20 6_2_00007FF7DF229C20
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF244CC4 6_2_00007FF7DF244CC4
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF22ACA0 6_2_00007FF7DF22ACA0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF21CCF6 6_2_00007FF7DF21CCF6
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1C2B50 6_2_00007FF7DF1C2B50
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF20DB40 6_2_00007FF7DF20DB40
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF22CB60 6_2_00007FF7DF22CB60
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1C3BD0 6_2_00007FF7DF1C3BD0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1BEBB0 6_2_00007FF7DF1BEBB0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF228A50 6_2_00007FF7DF228A50
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF25EA38 6_2_00007FF7DF25EA38
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF205A20 6_2_00007FF7DF205A20
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1F2A20 6_2_00007FF7DF1F2A20
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF191A90 6_2_00007FF7DF191A90
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1BDA90 6_2_00007FF7DF1BDA90
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1C7A90 6_2_00007FF7DF1C7A90
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF195A60 6_2_00007FF7DF195A60
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF24DACC 6_2_00007FF7DF24DACC
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF293AD0 6_2_00007FF7DF293AD0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF244AB8 6_2_00007FF7DF244AB8
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1BCB10 6_2_00007FF7DF1BCB10
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF217940 6_2_00007FF7DF217940
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF23E940 6_2_00007FF7DF23E940
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF20E960 6_2_00007FF7DF20E960
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1C59B0 6_2_00007FF7DF1C59B0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1EB9B0 6_2_00007FF7DF1EB9B0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF2159F0 6_2_00007FF7DF2159F0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF23F9E0 6_2_00007FF7DF23F9E0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1E9890 6_2_00007FF7DF1E9890
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF2638CC 6_2_00007FF7DF2638CC
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF2448AC 6_2_00007FF7DF2448AC
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF296750 6_2_00007FF7DF296750
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF25E750 6_2_00007FF7DF25E750
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1B7750 6_2_00007FF7DF1B7750
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1B9730 6_2_00007FF7DF1B9730
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF21B720 6_2_00007FF7DF21B720
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF214780 6_2_00007FF7DF214780
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF241780 6_2_00007FF7DF241780
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1FD7A0 6_2_00007FF7DF1FD7A0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF2467B0 6_2_00007FF7DF2467B0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF19A7E0 6_2_00007FF7DF19A7E0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF19D7F0 6_2_00007FF7DF19D7F0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF2197E0 6_2_00007FF7DF2197E0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF19E640 6_2_00007FF7DF19E640
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1BB640 6_2_00007FF7DF1BB640
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF216650 6_2_00007FF7DF216650
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF202620 6_2_00007FF7DF202620
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF20962E 6_2_00007FF7DF20962E
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1A1670 6_2_00007FF7DF1A1670
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1B2670 6_2_00007FF7DF1B2670
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF294590 6_2_00007FF7DF294590
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1C6590 6_2_00007FF7DF1C6590
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF24157C 6_2_00007FF7DF24157C
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF204560 6_2_00007FF7DF204560
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1A95C0 6_2_00007FF7DF1A95C0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1B35C0 6_2_00007FF7DF1B35C0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF2035C0 6_2_00007FF7DF2035C0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1955B0 6_2_00007FF7DF1955B0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1C5440 6_2_00007FF7DF1C5440
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1C2490 6_2_00007FF7DF1C2490
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1F5490 6_2_00007FF7DF1F5490
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF19F460 6_2_00007FF7DF19F460
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1C4460 6_2_00007FF7DF1C4460
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1AF510 6_2_00007FF7DF1AF510
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1B4340 6_2_00007FF7DF1B4340
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF22D350 6_2_00007FF7DF22D350
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF22E330 6_2_00007FF7DF22E330
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF241378 6_2_00007FF7DF241378
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1B93C0 6_2_00007FF7DF1B93C0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1E3400 6_2_00007FF7DF1E3400
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF24724E 6_2_00007FF7DF24724E
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF194250 6_2_00007FF7DF194250
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF213230 6_2_00007FF7DF213230
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1E8230 6_2_00007FF7DF1E8230
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF19B290 6_2_00007FF7DF19B290
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF217270 6_2_00007FF7DF217270
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1972B7 6_2_00007FF7DF1972B7
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1E72B0 6_2_00007FF7DF1E72B0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF2002B0 6_2_00007FF7DF2002B0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF2462A4 6_2_00007FF7DF2462A4
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1BA300 6_2_00007FF7DF1BA300
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF241174 6_2_00007FF7DF241174
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF26A160 6_2_00007FF7DF26A160
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1EC1C0 6_2_00007FF7DF1EC1C0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1A61E0 6_2_00007FF7DF1A61E0
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1BD1E0 6_2_00007FF7DF1BD1E0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\Arc.exe Code function: String function: 00007FF7DF1AECE0 appears 31 times
Source: Arc.exe Binary string: \Device\DeviceApi
Source: Arc.exe Binary string: PathSystemDriveSystemRootTEMPTMPLOCALAPPDATACHROME_CRASHPAD_PIPE_NAMEprocessIdtaglockdownLeveljobLeveldesiredIntegrityLeveldesiredMitigationsplatformMitigationscomponentFiltersappContainerSidappContainerCapabilitiesappContainerInitialCapabilitieslowboxSidpolicyRulesdisabledenableddisconnectCsrsszeroAppShimhandlesToCloseLockdownLimitedInteractiveRestricted Same AccessRestricted Non AdminUnknownLimited UserUnprotectedS-1-16-16384 SystemS-1-16-12288 HighS-1-16-8192 MediumS-1-16-6144 Medium LowS-1-16-4096 LowS-1-16-2048 Below LowS-1-16-0 UntrustedDefault%016llx%016llx%016llx%08lx -> !(p[%d] == %xp[%d] == %pp[%d] & %x(p[%d], '%ls') || && exactprefixscanendserroraskusererdenyalarmfakeSuccessfakeDeniedUnusedPing1Ping2NtOpenFileNtSetInfoRenameGdiDllInitializeGetStockObjectRegisterClassWCreateThread*\windows_shell_global_counters\Device\DeviceApi\Device\KsecDDALPC Port;
Source: Arc.exe Binary string: \Device\KsecDD
Source: classification engine Classification label: clean3.winEXE@1/0@0/0
Source: Arc.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Arc.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\Arc.exe Section loaded: chrome_elf.dll Jump to behavior
Source: Arc.exe Static PE information: certificate valid
Source: Arc.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: Arc.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: Arc.exe Static file information: File size 1424728 > 1048576
Source: Arc.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x110e00
Source: Arc.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Arc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: Arc.exe.pdb source: Arc.exe
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1F3A20 LoadLibraryW,GetProcAddress, 6_2_00007FF7DF1F3A20
PE file contains sections with non-standard names
Source: Arc.exe Static PE information: section name: .gxfg
Source: Arc.exe Static PE information: section name: .retplne
Source: Arc.exe Static PE information: section name: _RDATA
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1FD7A0 rdtsc 6_2_00007FF7DF1FD7A0
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1AF940 FindNextFileW,GetLastError,FindNextFileW,GetLastError,FindClose,GetFileAttributesW,FindFirstFileExW, 6_2_00007FF7DF1AF940
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1FD7A0 rdtsc 6_2_00007FF7DF1FD7A0
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF19CC90 GetCurrentThread,IsDebuggerPresent,GetModuleHandleW,GetProcAddress,GetCurrentThreadId,RaiseException, 6_2_00007FF7DF19CC90
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1F3A20 LoadLibraryW,GetProcAddress, 6_2_00007FF7DF1F3A20
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF29A690 GetProcessHeaps,GetProcessHeaps,GetProcessHeaps, 6_2_00007FF7DF29A690
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF23AF28 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 6_2_00007FF7DF23AF28
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF24F278 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 6_2_00007FF7DF24F278
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\Arc.exe Code function: EnumSystemLocalesW, 6_2_00007FF7DF261FBC
Source: C:\Users\user\Desktop\Arc.exe Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 6_2_00007FF7DF261CBC
Source: C:\Users\user\Desktop\Arc.exe Code function: GetLocaleInfoW, 6_2_00007FF7DF25CCC4
Source: C:\Users\user\Desktop\Arc.exe Code function: GetCurrentProcess,EnumSystemLocalesEx,HeapDestroy, 6_2_00007FF7DF296B50
Source: C:\Users\user\Desktop\Arc.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 6_2_00007FF7DF262568
Source: C:\Users\user\Desktop\Arc.exe Code function: EnumSystemLocalesW, 6_2_00007FF7DF25D4F8
Source: C:\Users\user\Desktop\Arc.exe Code function: EnumSystemLocalesW, 6_2_00007FF7DF2622D8
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF1B0D10 GetModuleHandleW,GetProcAddress,GetSystemTimeAsFileTime, 6_2_00007FF7DF1B0D10
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF264234 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation, 6_2_00007FF7DF264234
Source: C:\Users\user\Desktop\Arc.exe Code function: 6_2_00007FF7DF231970 GetVersionExW,GetProductInfo,GetNativeSystemInfo, 6_2_00007FF7DF231970
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1546106 Sample: Arc.exe Startdate: 31/10/2024 Architecture: WINDOWS Score: 3 4 Arc.exe 2->4         started       
No contacted IP infos