Windows Analysis Report
KRoMX2011.exe

Overview

General Information

Sample name:	KRoMX2011.exe
Analysis ID:	1562272
MD5:	ab4715b9fecfb81df1f1eabfb6fcc2ae
SHA1:	0fed69a507959b8d4e53beedc84412ba76618622
SHA256:	51a9c8fb452d0037be2fdb423126b58ced8ac23bc43a043afa531d47c69aa21d

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

PE file contains sections with non-standard names

Queries keyboard layouts

Uses 32bit PE files

Classification

Signatures

Uses 32bit PE files

Source: KRoMX2011.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Uses 32bit PE files

Source: KRoMX2011.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: classification engine

Classification label: clean1.winEXE@1/0@0/0

Source: KRoMX2011.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\KRoMX2011.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Users\user\Desktop\KRoMX2011.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\Desktop\KRoMX2011.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A03' WHERE MAG = 'A-3';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_CERT (NAZWA) VALUES ('Global Gap');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES (16, 'zachodniopomorskie');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A10' WHERE MAG = 'A-10';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO FORMA_WLASN (ID, NAZWA) VALUES ('G', 'Gospodarstwo Rodzinne');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES ( 6, 'NO3');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B09' WHERE MAG = 'B-9';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A09' WHERE MAG = 'A-9';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B03' WHERE MAG = 'B-3';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES (10, 'podlaskie');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES (15, 'wielkopolskie');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES ( 7, 'Obicia');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_JAKOSC_DST (ID, NAZWA) VALUES (0, 'Brak wyboru');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES (12, 'Test');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES (14, 'UWG');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES ( 1, 'CUKRY');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B06' WHERE MAG = 'B-6';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A06' WHERE MAG = 'A-6';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO PA_PRD_ZAST (ID_TYP, NAZWA) VALUES (3, 'DW');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE BUNKRY SET NAZWA = 'P1' WHERE ID_BUNKRA = 1;
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A07' WHERE MAG = 'A-7';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO BUNKRY (NAZWA) VALUES ('P4');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A04' WHERE MAG = 'A-4';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B04' WHERE MAG = 'B-4';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE KONTRAH SET NIP_P = ' ' WHERE NIP_P IS NULL;
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE BUNKRY SET NAZWA = 'P2' WHERE ID_BUNKRA = 2;
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES (15, 'Zanieczyszczenia');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO BUNKRY (NAZWA) VALUES ('B1');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B07' WHERE MAG = 'B-7';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_PROD (NAZWA) VALUES ('Przysnacki');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_PROD (NAZWA) VALUES ('standard');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES (11, 'pomorskie');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_CERT (NAZWA) VALUES ('Brak');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE BUNKRY SET NAZWA = 'P3' WHERE ID_BUNKRA = 3;
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO FORMA_WLASN (ID, NAZWA) VALUES ('P', 'Grupa Producencka');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES ( 4, 'lubuskie');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES ( 7, 'mazowieckie');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO ST_DOCEL(ID_ST_DOCEL, NAZWA, ID_KONTRAH, MAG) VALUES(0, 'BRAK WYBORU', '000', 'NPP');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO PREF_CENNIKI(ID, NAZWA) VALUES (0, 'Kontrahenci preferowani');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES (11, 'Parch');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_PROD (NAZWA) VALUES ('Lidl');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B01' WHERE MAG = 'B-1';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO BUNKRY (NAZWA) VALUES ('B2');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A08' WHERE MAG = 'A-8';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A01' WHERE MAG = 'A-1';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B08' WHERE MAG = 'B-8';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES ( 9, 'podkarpackie');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES ( 3, 'lubelskie');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B10' WHERE MAG = 'B-10';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES ( 8, 'opolskie');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO PA_PRD_ZAST (ID_TYP, NAZWA) VALUES (2, 'O');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO PA_PRD_ZAST (ID_TYP, NAZWA) VALUES (4, 'DW (tylko ryflowane)');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_CERT (NAZWA) VALUES ('HACCP');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B02' WHERE MAG = 'B-2';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A02' WHERE MAG = 'A-2';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES ( 4, 'Mycie');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO SL_WOJEWODZTW (ID, NAZWA) VALUES ( 2, 'kujawsko-pomorskie');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES ( 8, 'Obite pow 10%');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'A05' WHERE MAG = 'A-5';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO BUNKRY (NAZWA) VALUES ('B3');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO PA_PRD_ZAST (ID_TYP, NAZWA) VALUES (1, 'Z');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: UPDATE GAZOWANIE SET MAG = 'B05' WHERE MAG = 'B-5';
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_PROD (NAZWA) VALUES ('Kettle');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_PJ (ID_S_PJ, NAZWA) VALUES ( 5, 'NO2');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO TYP_ROL(ID_TYP_ROL, NAZWA) VALUES('V', 'Vatowiec');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO PREF_CENNIKI(ID, NAZWA) VALUES (1, 'Kontrahenci niepreferowani');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO TERM_SKLADOW (ID, NAZWA) VALUES ('1', 'tymczasowe');
Source: KRoMX2011.exe, 00000000.00000000.1176246230.0000000000A9F000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: INSERT INTO S_CERT (NAZWA) VALUES ('Euro Gap');

Source: KRoMX2011.exe	String found in binary or memory: NATS-SEFI-ADD
Source: KRoMX2011.exe	String found in binary or memory: NATS-DANO-ADD
Source: KRoMX2011.exe	String found in binary or memory: JIS_C6229-1984-b-add
Source: KRoMX2011.exe	String found in binary or memory: jp-ocr-b-add
Source: KRoMX2011.exe	String found in binary or memory: JIS_C6229-1984-hand-add
Source: KRoMX2011.exe	String found in binary or memory: jp-ocr-hand-add
Source: KRoMX2011.exe	String found in binary or memory: ISO_6937-2-add

Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: msdart.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Section loaded: dxcore.dll	Jump to behavior

Source: C:\Users\user\Desktop\KRoMX2011.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000514-0000-0010-8000-00AA006D2EA4}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\KRoMX2011.exe

Window found: window name: TComboBox

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: KRoMX2011.exe

Static PE information: More than 275 > 100 exports found

Source: KRoMX2011.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: KRoMX2011.exe

Static file information: File size 11163648 > 1048576

Source: KRoMX2011.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x69e000
Source: KRoMX2011.exe	Static PE information: Raw size of .data is bigger than: 0x100000 < 0x11b600
Source: KRoMX2011.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x255a00

Source: KRoMX2011.exe

Static PE information: More than 200 imports for USER32.DLL

PE file contains sections with non-standard names

Source: KRoMX2011.exe

Static PE information: section name: .didata

Source: C:\Users\user\Desktop\KRoMX2011.exe

Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX

Jump to behavior

Queries keyboard layouts

Source: C:\Users\user\Desktop\KRoMX2011.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809			Jump to behavior
Source: C:\Users\user\Desktop\KRoMX2011.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809			Jump to behavior

Source: KRoMX2011.exe, 00000000.00000003.1817661816.000000000124A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1562272
Product:	CloudBasic
Start time:	12:52:51
Start date:	25.11.2024
Sample:	KRoMX2011.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	ab4715b9fecfb81df1f1eabfb6fcc2ae
SHA1:	0fed69a507959b8d4e53beedc84412ba76618622
SHA256:	51a9c8fb452d0037be2fdb423126b58ced8ac23bc43a043afa531d47c69aa21d
Filetype:	Win32 Executable (generic) a (10002005/4) 99.83%

Windows Analysis Report
KRoMX2011.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Windows Analysis Report KRoMX2011.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
KRoMX2011.exe