Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1561636
MD5:b73ecb016b35d5b7acb91125924525e5
SHA1:37fe45c0a85900d869a41f996dd19949f78c4ec4
SHA256:b3982e67820abc7b41818a7236232ce6de92689b76b6f152fab9ef302528566d
Tags:exeuser-Bitsight

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7600 cmdline: "C:\Users\user\Desktop\file.exe" MD5: B73ECB016B35D5B7ACB91125924525E5)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: PresentationHost.pdbGCTL source: file.exe
Source: Binary string: PresentationHost.pdb source: file.exe
Source: file.exe, 00000000.00000000.1660830502.00000000002D5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePresentationHost.exej% vs file.exe
Source: file.exeBinary or memory string: OriginalFilenamePresentationHost.exej% vs file.exe
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: clean1.winEXE@1/0@0/0
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: PresentationHost.pdbGCTL source: file.exe
Source: Binary string: PresentationHost.pdb source: file.exe
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
DLL Side-Loading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1561636 Sample: file.exe Startdate: 24/11/2024 Architecture: WINDOWS Score: 1 4 file.exe 2->4         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe0%ReversingLabs
file.exe0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1561636
Start date and time:2024-11-24 02:32:05 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 1m 33s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:1
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:file.exe
Detection:CLEAN
Classification:clean1.winEXE@1/0@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):6.633662887850489
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:file.exe
File size:248'832 bytes
MD5:b73ecb016b35d5b7acb91125924525e5
SHA1:37fe45c0a85900d869a41f996dd19949f78c4ec4
SHA256:b3982e67820abc7b41818a7236232ce6de92689b76b6f152fab9ef302528566d
SHA512:0bea9890dbcd3afd2889d0e7c0f2746995169e7b424f58d4998c50bc49d2b37d30f5bd1845d3079b25f9963af2b71f136719cbd9fda37f7b85874992096b3e1d
SSDEEP:6144:gW/3xqCu+WWzLw5KNXwy3Odjp19k5KNXfB:1/3U9cQKVwy3OdLaKV
TLSH:4A345C53B2C549E1E177123059BA9D50856ABC31DE906A5BF38C722F7F302C26839B6F
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S...............................r.......r...5...........r.......r.......r.......r.n.....r.......Rich...........................

File Icon

Icon Hash:b28e8f87878ebaa6

Static PE Info

General

Entrypoint:0x411ae0
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:0x1903DD5D [Wed Apr 20 10:47:57 1983 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:10
OS Version Minor:0
File Version Major:10
File Version Minor:0
Subsystem Version Major:10
Subsystem Version Minor:0
Import Hash:88138f425fd4cf0102598c830d4a0eb1

Entrypoint Preview

Instruction
call 00007FE4A4CC95E5h
jmp 00007FE4A4CC8CD5h
push 00000058h
push 004139E0h
call 00007FE4A4CC9687h
xor ebx, ebx
mov dword ptr [ebp-20h], ebx
lea eax, dword ptr [ebp-68h]
push eax
call dword ptr [00415138h]
mov dword ptr [ebp-04h], ebx
mov eax, dword ptr fs:[00000018h]
mov esi, dword ptr [eax+04h]
mov edi, ebx
mov edx, 004149A8h
mov ecx, esi
xor eax, eax
lock cmpxchg dword ptr [edx], ecx
test eax, eax
je 00007FE4A4CC8CEAh
cmp eax, esi
jne 00007FE4A4CC8CD9h
xor esi, esi
inc esi
mov edi, esi
jmp 00007FE4A4CC8CE2h
push 000003E8h
call dword ptr [00415148h]
jmp 00007FE4A4CC8CA9h
xor esi, esi
inc esi
cmp dword ptr [004149ACh], esi
jne 00007FE4A4CC8CDCh
push 0000001Fh
call 00007FE4A4CC941Bh
pop ecx
jmp 00007FE4A4CC8D0Ch
cmp dword ptr [004149ACh], ebx
jne 00007FE4A4CC8CFEh
mov dword ptr [004149ACh], esi
push 0040314Ch
push 00403140h
call 00007FE4A4CC8E26h
pop ecx
pop ecx
test eax, eax
je 00007FE4A4CC8CE9h
mov dword ptr [ebp-04h], FFFFFFFEh
mov eax, 000000FFh
jmp 00007FE4A4CC8E09h
mov dword ptr [00414104h], esi
cmp dword ptr [004149ACh], esi
jne 00007FE4A4CC8CEDh
push 0040313Ch
push 0040310Ch
call 00007FE4A4CC95D5h
pop ecx
pop ecx
mov dword ptr [000049ACh], 00000000h

Rich Headers

Programming Language:
  • [IMP] VS2008 build 21022
  • [IMP] VS2008 SP1 build 30729

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x1537c0x12c.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x170000x26ae0.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x3e0000x157c.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x65a00x54.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x30680xa4.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x150000x378.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x12a980x12c00650be62822ef3d06ac2184a883a1099aFalse0.5183463541666666data6.046221197474091IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data0x140000x9bc0x20070cc6c9c3bf41eab111bd707290c0055False0.201171875data1.2290760722410357IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata0x150000x173c0x18001bf33a797cdb1dc76a10fdce79cc9232False0.4523111979166667data5.369604945605743IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x170000x26ae00x26c00b02de6fdaa0e0c215d46b76e95e9fbefFalse0.6278729838709678data6.679160744715223IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x3e0000x157c0x1600e9d1044aee4c647c1aa4ff0f07f5efceFalse0.7894176136363636data6.5290646221334425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
MUI0x3da000xe0dataEnglishUnited States0.5848214285714286
REGISTRY0x3c0400x13baASCII text, with CRLF line terminatorsEnglishUnited States0.1902970297029703
RT_ICON0x17c400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.24634146341463414
RT_ICON0x182a80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.3521505376344086
RT_ICON0x185900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.47297297297297297
RT_ICON0x186b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.4592217484008529
RT_ICON0x195600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.5257220216606499
RT_ICON0x19e080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.2984104046242775
RT_ICON0x1a3700x60f4PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9961724415793715
RT_ICON0x204680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.241701244813278
RT_ICON0x22a100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.30112570356472795
RT_ICON0x23ab80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.325354609929078
RT_ICON0x23fb80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishUnited States0.22297297297297297
RT_ICON0x240f80x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.24817073170731707
RT_ICON0x247600x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.34408602150537637
RT_ICON0x24a480x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.4560810810810811
RT_ICON0x24b700xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.457089552238806
RT_ICON0x25a180x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.45577617328519854
RT_ICON0x262c00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.2817919075144509
RT_ICON0x268280x594ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9957134109001837
RT_ICON0x2c1780x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.23226141078838175
RT_ICON0x2e7200x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2854127579737336
RT_ICON0x2f7c80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.37056737588652483
RT_ICON0x2fcc80x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.24634146341463414
RT_ICON0x303300x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.3521505376344086
RT_ICON0x306180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.47297297297297297
RT_ICON0x307400xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.4592217484008529
RT_ICON0x315e80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.5257220216606499
RT_ICON0x31e900x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.2984104046242775
RT_ICON0x323f80x60f4PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9961724415793715
RT_ICON0x384f00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.241701244813278
RT_ICON0x3aa980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.30112570356472795
RT_ICON0x3bb400x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.325354609929078
RT_STRING0x3d4000x474dataEnglishUnited States0.35175438596491226
RT_STRING0x3d8780x182Matlab v4 mat-file (little endian) h, numeric, rows 0, columns 0EnglishUnited States0.4844559585492228
RT_GROUP_ICON0x23f200x92dataEnglishUnited States0.6438356164383562
RT_GROUP_ICON0x240e00x14dataEnglishUnited States1.25
RT_GROUP_ICON0x2fc300x92dataEnglishUnited States0.6506849315068494
RT_GROUP_ICON0x3bfa80x92dataEnglishUnited States0.6643835616438356
RT_VERSION0x178600x3e0dataEnglishUnited States0.4274193548387097

Imports

DLLImport
msvcrt.dllexit, _unlock, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, __dllonexit, _onexit, _callnewh, __setusermatherr, _lock, memmove_s, iswdigit, _wcsnicmp, ??1type_info@@UAE@XZ, _except_handler4_common, wcscat_s, _errno, realloc, _controlfp, memcpy, _initterm, _CxxThrowException, wcscpy_s, _exit, _cexit, __p__fmode, tolower, _ismbblead, _acmdln, isdigit, ?terminate@@YAXXZ, memcpy_s, malloc, wcsncpy_s, _wcsicmp, free, _vsnwprintf, __CxxFrameHandler3, bsearch, wcsncmp, memset
OLEAUT32.dllSysFreeString, VarUI4FromStr, SysAllocStringLen
KERNEL32.dllCreateTimerQueueTimer, TerminateProcess, ExpandEnvironmentStringsW, IsWow64Process, FreeLibrary, LocalAlloc, FindFirstFileW, FindClose, GetLastError, GetTempPathW, GetTempFileNameW, CreateFileW, WriteFile, GetVersionExW, GetNativeSystemInfo, CloseHandle, GetEnvironmentVariableW, CreateProcessW, HeapSize, GetExitCodeProcess, CreateEventW, ResetEvent, SetEvent, HeapReAlloc, HeapFree, HeapAlloc, OutputDebugStringW, GetProcessHeap, DeactivateActCtx, ActivateActCtx, CreateActCtxW, GetFileAttributesExW, FileTimeToSystemTime, ReleaseActCtx, MultiByteToWideChar, FormatMessageW, LocalFree, SwitchToThread, ExitProcess, HeapDestroy, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, GetModuleFileNameW, LoadLibraryW, Sleep, UnhandledExceptionFilter, SetUnhandledExceptionFilter, OutputDebugStringA, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, GetTickCount, OpenProcess, MapViewOfFile, CreateFileMappingW, UnmapViewOfFile, GetLocaleInfoW, GetCurrentProcessId, OpenEventW, IsDebuggerPresent, GetProcAddress, LoadLibraryExW, GetModuleHandleW, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, lstrcmpiW, SetLastError, SearchPathW, WaitForSingleObject, LoadResource, HeapSetInformation, RaiseException, InitializeCriticalSection, SizeofResource, DeleteCriticalSection, FindResourceExW
ADVAPI32.dllRegDeleteValueW, RegSetValueExW, RegEnumKeyExW, RegQueryInfoKeyW, AddAce, GetAce, AddAccessAllowedAce, InitializeAcl, GetLengthSid, GetAclInformation, SetTokenInformation, GetSecurityDescriptorDacl, GetKernelObjectSecurity, CopySid, LsaClose, LsaNtStatusToWinError, LsaLookupPrivilegeValue, LsaOpenPolicy, CreateWellKnownSid, EqualSid, CreateProcessAsUserW, CreateRestrictedToken, GetTokenInformation, OpenProcessToken, RegQueryValueExW, RegisterTraceGuidsW, GetTraceLoggerHandle, GetTraceEnableLevel, TraceEvent, RegCreateKeyExW, RegEnumKeyW, RegCloseKey, GetSidSubAuthorityCount, GetSidSubAuthority, RegOpenKeyExW, RegEnumValueW
SHELL32.dllShellExecuteExW, SHGetFolderPathW, CommandLineToArgvW, ShellExecuteW, SHGetKnownFolderPath
OLE32.dllCoTaskMemRealloc, CoInitialize, CoTaskMemAlloc, CoUninitialize, CoTaskMemFree, CLSIDFromProgID, CoReleaseMarshalData, CoRevokeClassObject, CoRegisterClassObject, CoCreateInstance, CreateBindCtx, CoMarshalInterThreadInterfaceInStream, StringFromGUID2
USER32.dllPostQuitMessage, MessageBoxW, DispatchMessageW, LoadStringW, TranslateMessage, WaitForInputIdle, PeekMessageW, MessageBeep, GetMessageW, MsgWaitForMultipleObjects, CharNextW, PostMessageW, UnregisterClassA
SHLWAPI.dllPathFindExtensionW, AssocQueryStringW
VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
ntdll.dllRtlInitUnicodeString
api-ms-win-core-path-l1-1-0.dllPathCchAppend
mscoree.dllCoEEShutDownCOM, LoadLibraryShim
WININET.dllInternetCrackUrlW, InternetCreateUrlW
urlmon.dllURLDownloadToCacheFileW, CreateURLMonikerEx, GetClassFileOrMime, RegisterBindStatusCallback, CoInternetCreateSecurityManager, CoInternetCombineUrl, CoInternetParseUrl

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:0
Start time:20:32:54
Start date:23/11/2024
Path:C:\Users\user\Desktop\file.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\file.exe"
Imagebase:0x2c0000
File size:248'832 bytes
MD5 hash:B73ECB016B35D5B7ACB91125924525E5
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Disassembly

No disassembly