| Source: file.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
| Source: file.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
| Source: |
Binary string: PresentationHost.pdbGCTL source: file.exe |
| Source: |
Binary string: PresentationHost.pdb source: file.exe |
| Source: file.exe, 00000000.00000000.1660830502.00000000002D5000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamePresentationHost.exej% vs file.exe |
| Source: file.exe |
Binary or memory string: OriginalFilenamePresentationHost.exej% vs file.exe |
| Source: file.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
| Source: classification engine |
Classification label: clean1.winEXE@1/0@0/0 |
| Source: file.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| Source: C:\Users\user\Desktop\file.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: wininet.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: urlmon.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\file.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: file.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
| Source: file.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
| Source: file.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
| Source: file.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
| Source: file.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
| Source: file.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
| Source: file.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
| Source: file.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
| Source: |
Binary string: PresentationHost.pdbGCTL source: file.exe |
| Source: |
Binary string: PresentationHost.pdb source: file.exe |
| Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
| Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet