Windows Analysis Report
ftFxGrU7W4.exe

Overview

General Information

Sample name: ftFxGrU7W4.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name: 4a9f9560ca57e2b6a15a48ada96ed39a5e3e62d8822ad28bb6de2921acef8f98
Analysis ID: 1562665
MD5: 5f5e9ab72e28a8ef4241d82a8782d872
SHA1: 2d187dba62b128fd434ce1cebb069c08c5634db5
SHA256: 4a9f9560ca57e2b6a15a48ada96ed39a5e3e62d8822ad28bb6de2921acef8f98
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected suspicious sample
Contains functionality to detect sleep reduction / modifications
Installs a global keyboard hook
Sample or dropped binary is a compiled AutoHotkey binary
Uses Windows timers to delay execution
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May check if the current machine is a sandbox (GetTickCount - Sleep)
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

AV Detection
barindex
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 98.5% probability
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400AE280 FindFirstFileW,FindClose,FindFirstFileW,FindClose, 0_2_00000001400AE280
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400AE180 GetFileAttributesW,FindFirstFileW,FindClose, 0_2_00000001400AE180
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014003C900 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose, 0_2_000000014003C900
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140066F70 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,GetLastError,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose, 0_2_0000000140066F70
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400672D0 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,free,malloc, 0_2_00000001400672D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140081680 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,wcsncpy,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError, 0_2_0000000140081680
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140067920 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose, 0_2_0000000140067920
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140081C70 GetFileAttributesW,FindFirstFileW,FindClose, 0_2_0000000140081C70
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014007E4B0 _wcstoi64,InternetOpenW,InternetOpenUrlW,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetReadFile,GetTickCount,PeekMessageW,GetTickCount,InternetReadFile,InternetReadFileExA,GetTickCount,PeekMessageW,GetTickCount,InternetReadFileExA,InternetCloseHandle,InternetCloseHandle,fclose,DeleteFileW, 0_2_000000014007E4B0
Source: ftFxGrU7W4.exe String found in binary or memory: https://autohotkey.com
Source: ftFxGrU7W4.exe String found in binary or memory: https://autohotkey.comCould

Key, Mouse, Clipboard, Microphone and Screen Capturing
barindex
Installs a global keyboard hook
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\ftFxGrU7W4.exe Jump to behavior
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400065B0 GetTickCount,OpenClipboard,GetTickCount,OpenClipboard, 0_2_00000001400065B0
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140006210 EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,GlobalUnlock,CloseClipboard,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree, 0_2_0000000140006210
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400B12E0 EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalFree,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard, 0_2_00000001400B12E0
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140006490 GetClipboardFormatNameW,GetClipboardData, 0_2_0000000140006490
Contains functionality to record screenshots
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140054F30 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetSystemMetrics,GetSystemMetrics,wcsncpy,GetDC,DestroyIcon,DeleteObject,GetIconInfo,CreateCompatibleDC,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,free,malloc,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,free,free,free,free,malloc, 0_2_0000000140054F30
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140016730 GetTickCount,PeekMessageW,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount, 0_2_0000000140016730
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140001ABC GlobalUnlock,CloseClipboard,SetTimer,GetTickCount,GetMessageW,GetTickCount,GetFocus,TranslateAcceleratorW,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,PostMessageW,SendMessageW,SendMessageW,IsDialogMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,SetCurrentDirectoryW,KillTimer, 0_2_0000000140001ABC

System Summary
barindex
Sample or dropped binary is a compiled AutoHotkey binary
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Window found: window name: AutoHotkey Jump to behavior
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014005F650: CreateFileW,DeviceIoControl,CloseHandle, 0_2_000000014005F650
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140081CF0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 0_2_0000000140081CF0
Detected potential crypto function
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140056150 0_2_0000000140056150
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014004E3CB 0_2_000000014004E3CB
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014000A820 0_2_000000014000A820
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014001EFA0 0_2_000000014001EFA0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140001ABC 0_2_0000000140001ABC
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014004A010 0_2_000000014004A010
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014004C070 0_2_000000014004C070
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014003A0A5 0_2_000000014003A0A5
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400BE0C0 0_2_00000001400BE0C0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140062100 0_2_0000000140062100
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014005C100 0_2_000000014005C100
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400BC1B0 0_2_00000001400BC1B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400201C3 0_2_00000001400201C3
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014008E1E0 0_2_000000014008E1E0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400501F8 0_2_00000001400501F8
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014009E240 0_2_000000014009E240
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014004624B 0_2_000000014004624B
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400A02F0 0_2_00000001400A02F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400D63D0 0_2_00000001400D63D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014004A3E0 0_2_000000014004A3E0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014000A400 0_2_000000014000A400
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014004C410 0_2_000000014004C410
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014005A440 0_2_000000014005A440
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014007E4B0 0_2_000000014007E4B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400904CD 0_2_00000001400904CD
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400904DC 0_2_00000001400904DC
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400904F8 0_2_00000001400904F8
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014009051A 0_2_000000014009051A
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400DE520 0_2_00000001400DE520
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014009053B 0_2_000000014009053B
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140090547 0_2_0000000140090547
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014009056D 0_2_000000014009056D
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014004656B 0_2_000000014004656B
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400905AE 0_2_00000001400905AE
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400885A1 0_2_00000001400885A1
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014009A5E8 0_2_000000014009A5E8
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140092658 0_2_0000000140092658
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400B2670 0_2_00000001400B2670
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400286C0 0_2_00000001400286C0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014008A6D0 0_2_000000014008A6D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014000273B 0_2_000000014000273B
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014002A770 0_2_000000014002A770
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400B07E0 0_2_00000001400B07E0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140080810 0_2_0000000140080810
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014005C860 0_2_000000014005C860
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014007E880 0_2_000000014007E880
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400988A0 0_2_00000001400988A0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014004C8B0 0_2_000000014004C8B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400588C0 0_2_00000001400588C0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014009A8C5 0_2_000000014009A8C5
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140070920 0_2_0000000140070920
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140020930 0_2_0000000140020930
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014005094D 0_2_000000014005094D
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014005E970 0_2_000000014005E970
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400869B0 0_2_00000001400869B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400409C0 0_2_00000001400409C0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400AC9D0 0_2_00000001400AC9D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014007A9E0 0_2_000000014007A9E0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140008A40 0_2_0000000140008A40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400D2AE4 0_2_00000001400D2AE4
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140072B00 0_2_0000000140072B00
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400B8B30 0_2_00000001400B8B30
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400AEB80 0_2_00000001400AEB80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140052BB0 0_2_0000000140052BB0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140050BB2 0_2_0000000140050BB2
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140048BC0 0_2_0000000140048BC0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014008CC40 0_2_000000014008CC40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014006EC40 0_2_000000014006EC40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014007CC3F 0_2_000000014007CC3F
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400C8C70 0_2_00000001400C8C70
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140032C88 0_2_0000000140032C88
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140046CC0 0_2_0000000140046CC0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140060CD9 0_2_0000000140060CD9
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140074D20 0_2_0000000140074D20
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140006D40 0_2_0000000140006D40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140094D50 0_2_0000000140094D50
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400D6D5C 0_2_00000001400D6D5C
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140076D60 0_2_0000000140076D60
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140058D80 0_2_0000000140058D80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400CEE40 0_2_00000001400CEE40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140080E40 0_2_0000000140080E40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140044E80 0_2_0000000140044E80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014004AE90 0_2_000000014004AE90
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140012ED0 0_2_0000000140012ED0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140018ED0 0_2_0000000140018ED0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140054F30 0_2_0000000140054F30
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140050FD0 0_2_0000000140050FD0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140127000 0_2_0000000140127000
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140015000 0_2_0000000140015000
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400D7030 0_2_00000001400D7030
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140065050 0_2_0000000140065050
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400B30D0 0_2_00000001400B30D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400110D0 0_2_00000001400110D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014009712B 0_2_000000014009712B
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097139 0_2_0000000140097139
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097144 0_2_0000000140097144
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014006D160 0_2_000000014006D160
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014007B170 0_2_000000014007B170
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140063180 0_2_0000000140063180
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014003F1C0 0_2_000000014003F1C0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400751E0 0_2_00000001400751E0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097200 0_2_0000000140097200
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097219 0_2_0000000140097219
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097221 0_2_0000000140097221
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140003236 0_2_0000000140003236
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140017240 0_2_0000000140017240
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097237 0_2_0000000140097237
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014005B290 0_2_000000014005B290
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400612A0 0_2_00000001400612A0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014000D2F0 0_2_000000014000D2F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014005D3B0 0_2_000000014005D3B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400993D0 0_2_00000001400993D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400393D9 0_2_00000001400393D9
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140057400 0_2_0000000140057400
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014009D420 0_2_000000014009D420
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014007F440 0_2_000000014007F440
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014005F450 0_2_000000014005F450
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140059490 0_2_0000000140059490
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400254B0 0_2_00000001400254B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400994BB 0_2_00000001400994BB
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014007B4E0 0_2_000000014007B4E0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014004B510 0_2_000000014004B510
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014004F510 0_2_000000014004F510
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400855D0 0_2_00000001400855D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400715F0 0_2_00000001400715F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400635F0 0_2_00000001400635F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140051690 0_2_0000000140051690
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400156D0 0_2_00000001400156D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400196F0 0_2_00000001400196F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014005F720 0_2_000000014005F720
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014003F730 0_2_000000014003F730
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140043760 0_2_0000000140043760
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014005B7D0 0_2_000000014005B7D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400997FC 0_2_00000001400997FC
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400337FF 0_2_00000001400337FF
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140065880 0_2_0000000140065880
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140089890 0_2_0000000140089890
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400358F8 0_2_00000001400358F8
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014001B900 0_2_000000014001B900
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140017910 0_2_0000000140017910
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400A9920 0_2_00000001400A9920
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400D1960 0_2_00000001400D1960
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400D99B0 0_2_00000001400D99B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400539B0 0_2_00000001400539B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400059C0 0_2_00000001400059C0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400719D0 0_2_00000001400719D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014004DA40 0_2_000000014004DA40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014007DA48 0_2_000000014007DA48
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140069A80 0_2_0000000140069A80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014006FA90 0_2_000000014006FA90
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140039AB0 0_2_0000000140039AB0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014003FAD0 0_2_000000014003FAD0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014008FB00 0_2_000000014008FB00
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140041B80 0_2_0000000140041B80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140073BC0 0_2_0000000140073BC0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140031BB9 0_2_0000000140031BB9
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014008DC13 0_2_000000014008DC13
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014005DC40 0_2_000000014005DC40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140099C41 0_2_0000000140099C41
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014004BCA0 0_2_000000014004BCA0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014002BCA0 0_2_000000014002BCA0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097CC0 0_2_0000000140097CC0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400CFCCC 0_2_00000001400CFCCC
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140057CD0 0_2_0000000140057CD0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014001FD29 0_2_000000014001FD29
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014007BD4E 0_2_000000014007BD4E
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140047D60 0_2_0000000140047D60
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014000DDA0 0_2_000000014000DDA0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014003DE20 0_2_000000014003DE20
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140013E40 0_2_0000000140013E40
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140063E70 0_2_0000000140063E70
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400A3EF0 0_2_00000001400A3EF0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140051F00 0_2_0000000140051F00
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140093F10 0_2_0000000140093F10
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014005FF22 0_2_000000014005FF22
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400DDF3C 0_2_00000001400DDF3C
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140099F4D 0_2_0000000140099F4D
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014004FF4B 0_2_000000014004FF4B
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140085F60 0_2_0000000140085F60
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014008FF70 0_2_000000014008FF70
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400BBF8B 0_2_00000001400BBF8B
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014006DFA0 0_2_000000014006DFA0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014006BFB0 0_2_000000014006BFB0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014000FFB0 0_2_000000014000FFB0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014004DFC0 0_2_000000014004DFC0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: String function: 00000001400CAB94 appears 59 times
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: String function: 00000001400CA93C appears 395 times
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: String function: 0000000140040410 appears 62 times
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: String function: 0000000140040760 appears 465 times
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: String function: 00000001400CB634 appears 38 times
Sample file is different than original file name gathered from version info
Source: ftFxGrU7W4.exe Binary or memory string: OriginalFilename vs ftFxGrU7W4.exe
Source: ftFxGrU7W4.exe, 00000000.00000002.3395176494.000000014012A000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilename vs ftFxGrU7W4.exe
Source: ftFxGrU7W4.exe Binary or memory string: OriginalFilename vs ftFxGrU7W4.exe
Source: classification engine Classification label: mal60.spyw.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140041B80 CreateProcessW,CloseHandle,GetLastError,SetCurrentDirectoryW,GetFileAttributesW,SetCurrentDirectoryW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,CloseHandle,GetLastError,FormatMessageW, 0_2_0000000140041B80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140081CF0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 0_2_0000000140081CF0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140060CD9 wcsncpy,GetDiskFreeSpaceW,GetLastError,free,malloc, 0_2_0000000140060CD9
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140081F80 CreateToolhelp32Snapshot,Process32FirstW,_wcstoi64,Process32NextW,Process32NextW,CloseHandle,CloseHandle,CloseHandle, 0_2_0000000140081F80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140062100 _wcstoi64,CoCreateInstance,powf,powf,powf,log10,free,malloc,free,malloc, 0_2_0000000140062100
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400207F0 FindResourceW,SizeofResource,LoadResource,LockResource, 0_2_00000001400207F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Mutant created: \Sessions\1\BaseNamedObjects\AHK Keybd
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Section loaded: textshaping.dll Jump to behavior
Source: ftFxGrU7W4.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: ftFxGrU7W4.exe Static file information: File size 1232896 > 1048576
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400B4320 LoadLibraryW,GetProcAddress, 0_2_00000001400B4320
PE file contains sections with non-standard names
Source: ftFxGrU7W4.exe Static PE information: section name: text
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014006CC28 push rsp; retf 0_2_000000014006CC29
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014009D020 push rdx; retn 0009h 0_2_000000014009D029
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400D914C push rbp; iretd 0_2_00000001400D9644
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014009E240 SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,SetFocus,SendMessageW,ShowWindow,SetFocus,InvalidateRect,MapWindowPoints,InvalidateRect, 0_2_000000014009E240
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400B24A0 GetForegroundWindow,IsWindowVisible,IsIconic,ShowWindow, 0_2_00000001400B24A0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400B2670 GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,BringWindowToTop, 0_2_00000001400B2670
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400508A2 IsZoomed,IsIconic, 0_2_00000001400508A2
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400AE940 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen, 0_2_00000001400AE940
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014007A9E0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,CreateDCW,GetDC,GetPixel,DeleteDC,ReleaseDC,free,malloc,free,malloc, 0_2_000000014007A9E0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400A2A10 CheckMenuItem,CheckMenuItem,GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetForegroundWindow,GetWindowThreadProcessId,SetForegroundWindow,SetForegroundWindow,TrackPopupMenuEx,PostMessageW,GetForegroundWindow,SetForegroundWindow, 0_2_00000001400A2A10
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140058D80 GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,WindowFromPoint,EnumChildWindows,GetClassNameW,EnumChildWindows,free,malloc, 0_2_0000000140058D80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140044E80 IsWindow,DestroyWindow,GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,MonitorFromPoint,GetMonitorInfoW,IsWindow,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetWindowRect,SendMessageW,SendMessageW, 0_2_0000000140044E80
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140054F30 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetSystemMetrics,GetSystemMetrics,wcsncpy,GetDC,DestroyIcon,DeleteObject,GetIconInfo,CreateCompatibleDC,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,free,malloc,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,free,free,free,free,malloc, 0_2_0000000140054F30
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400570D0 SendMessageW,IsWindowVisible,ShowWindow,IsIconic,ShowWindow,GetForegroundWindow,SetForegroundWindow,SendMessageW, 0_2_00000001400570D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140069820 GetTickCount,GetForegroundWindow,GetTickCount,GetWindowThreadProcessId,GetGUIThreadInfo,ClientToScreen,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,_itow, 0_2_0000000140069820
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400539B0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,free,malloc,ReleaseDC,SelectObject,DeleteDC,DeleteObject,free,free,malloc,GetPixel,ReleaseDC,free,malloc,free,malloc, 0_2_00000001400539B0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097CC0 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus, 0_2_0000000140097CC0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097CC0 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus, 0_2_0000000140097CC0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140091DAD GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 0_2_0000000140091DAD
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140091DBD MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 0_2_0000000140091DBD
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140091DB5 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 0_2_0000000140091DB5
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140091DCB MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 0_2_0000000140091DCB
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097DEF ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow, 0_2_0000000140097DEF
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097DE5 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow, 0_2_0000000140097DE5
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140091E0F MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 0_2_0000000140091E0F
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097E1A ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow, 0_2_0000000140097E1A
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097E4C ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow, 0_2_0000000140097E4C
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140091E47 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 0_2_0000000140091E47
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140091E56 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 0_2_0000000140091E56
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097EAA ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow, 0_2_0000000140097EAA
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140093F10 GetWindowLongW,GetWindowLongW,SetWindowPos,EnableWindow,GetWindowRect,GetClientRect,MulDiv,MulDiv,GetWindowRect,GetClientRect,MulDiv,MulDiv,_wcstoi64,IsWindow,SetParent,SetWindowLongPtrW,SetParent,IsWindowVisible,IsIconic,SetWindowLongW,SetWindowLongW,SetWindowPos,InvalidateRect, 0_2_0000000140093F10
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097F08 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow, 0_2_0000000140097F08
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140097F39 MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow, 0_2_0000000140097F39
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014008FF70 SendMessageW,MulDiv,MulDiv,free,free,free,free,free,free,free,free,free,free,free,free,COMRefPtr,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,DrawTextW,DrawTextW,GetCharABCWidthsW,MulDiv,GetSystemMetrics,GetSystemMetrics,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,SelectObject,ReleaseDC,SendMessageW,SendMessageW,GetClientRect,SetWindowLongW,SendMessageW,SetWindowLongW,MoveWindow,GetWindowRect,SendMessageW,GetWindowRect,MapWindowPoints,InvalidateRect,SetWindowPos,SetWindowPos,MapWindowPoints, 0_2_000000014008FF70

Malware Analysis System Evasion
barindex
Contains functionality to detect sleep reduction / modifications
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140018ED0 0_2_0000000140018ED0
Uses Windows timers to delay execution
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe User Timer Set: Timeout: 100ms Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Window / User API: foregroundWindowGot 1017 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe API coverage: 1.0 %
May check if the current machine is a sandbox (GetTickCount - Sleep)
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140018ED0 0_2_0000000140018ED0
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014001A8F0 GetKeyboardLayout followed by cmp: cmp dl, 00000019h and CTI: ja 000000014001AA6Dh country: Russian (ru) 0_2_000000014001A8F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400229F7 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C2Ah country: Urdu (ur) 0_2_00000001400229F7
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400229F7 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C2Ah country: Inuktitut (iu) 0_2_00000001400229F7
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400229FF GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C2Ah country: Urdu (ur) 0_2_00000001400229FF
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400229FF GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C2Ah country: Inuktitut (iu) 0_2_00000001400229FF
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140022A06 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C2Ah country: Urdu (ur) 0_2_0000000140022A06
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140022A06 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C2Ah country: Inuktitut (iu) 0_2_0000000140022A06
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140022A2D GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C2Ah country: Urdu (ur) 0_2_0000000140022A2D
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140022A2D GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C2Ah country: Inuktitut (iu) 0_2_0000000140022A2D
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140022A51 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C2Ah country: Urdu (ur) 0_2_0000000140022A51
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140022A51 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C2Ah country: Inuktitut (iu) 0_2_0000000140022A51
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140022A75 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022C2Ah country: Urdu (ur) 0_2_0000000140022A75
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140022A75 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022C2Ah country: Inuktitut (iu) 0_2_0000000140022A75
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140015000 GetKeyboardLayout followed by cmp: cmp ecx, 0ah and CTI: jl 0000000140015362h country: Spanish (es) 0_2_0000000140015000
Uses the system / local time for branch decision (may execute only at specific dates)
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140059490 GetLocalTime followed by cmp: cmp word ptr [rbx], cx and CTI: je 00000001400597C3h 0_2_0000000140059490
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140059490 GetLocalTime followed by cmp: cmp dx, ax and CTI: je 0000000140059683h 0_2_0000000140059490
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400AE280 FindFirstFileW,FindClose,FindFirstFileW,FindClose, 0_2_00000001400AE280
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400AE180 GetFileAttributesW,FindFirstFileW,FindClose, 0_2_00000001400AE180
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014003C900 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose, 0_2_000000014003C900
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140066F70 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,GetLastError,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose, 0_2_0000000140066F70
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400672D0 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,free,malloc, 0_2_00000001400672D0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140081680 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,wcsncpy,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError, 0_2_0000000140081680
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140067920 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose, 0_2_0000000140067920
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140081C70 GetFileAttributesW,FindFirstFileW,FindClose, 0_2_0000000140081C70
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140017FF0 BlockInput,free,BlockInput, 0_2_0000000140017FF0
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400CEB34 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00000001400CEB34
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400B4320 LoadLibraryW,GetProcAddress, 0_2_00000001400B4320
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400D8698 GetProcessHeap,HeapAlloc,_errno,_errno,__doserrno,_errno,GetProcessHeap,HeapFree,SetEndOfFile,_errno,__doserrno,GetLastError, 0_2_00000001400D8698
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400CEB34 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00000001400CEB34
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400D37E4 SetUnhandledExceptionFilter, 0_2_00000001400D37E4
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400D1940 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00000001400D1940
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140041B80 CreateProcessW,CloseHandle,GetLastError,SetCurrentDirectoryW,GetFileAttributesW,SetCurrentDirectoryW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,CloseHandle,GetLastError,FormatMessageW, 0_2_0000000140041B80
Contains functionality to simulate keystroke presses
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140017240 GetCurrentThreadId,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,BlockInput,GetForegroundWindow,GetAsyncKeyState,keybd_event,GetAsyncKeyState,keybd_event,GetAsyncKeyState,BlockInput, 0_2_0000000140017240
Contains functionality to simulate mouse events
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140018A50 mouse_event, 0_2_0000000140018A50
Source: ftFxGrU7W4.exe Binary or memory string: Program Manager
Source: ftFxGrU7W4.exe Binary or memory string: Shell_TrayWnd
Source: ftFxGrU7W4.exe, ftFxGrU7W4.exe, 00000000.00000002.3394630665.00000000007FB000.00000004.00000010.00020000.00000000.sdmp Binary or memory string: Progman
Source: ftFxGrU7W4.exe Binary or memory string: TextLEFTLRIGHTRMIDDLEMX1X2WUWDWLWR{Blind}{ClickLl{}^+!#{}RawTempASC U+ ,LWin RWin LShift RShift LCtrl RCtrl LAlt RAlt SYSTEM\CurrentControlSet\Control\Keyboard Layouts\Layout FileKbdLayerDescriptorsc%03Xvk%02XSCALTDOWNALTUPSHIFTDOWNSHIFTUPCTRLDOWNCONTROLDOWNCTRLUPCONTROLUPLWINDOWNLWINUPRWINDOWNRWINUPRtlGetVersionntdll.dll%u.%u.%uStdOutAllUnreachableClassOverwriteUseEnvLocalSameAsGlobalUseUnsetGlobalUseUnsetLocalYYYYYWeekYearYDayWorkingDirWinDirWinDelayWDayUserNameTitleMatchModeSpeedTitleMatchModeTimeSinceThisHotkeyTimeSincePriorHotkeyTimeIdlePhysicalTimeIdleMouseTimeIdleKeyboardTimeIdleTickCountThisMenuItemPosThisMenuItemThisMenuThisLabelThisHotkeyThisFuncStoreCapslockModeStartupCommonStartupStartMenuCommonStartMenuSecScriptNameScriptHwndScriptFullPathScriptDirScreenWidthScreenHeightScreenDPIRegViewPtrSizeProgramsCommonProgramsPriorKeyPriorHotkeyOSVersionOSTypeNumBatchLinesNowUTCNowMyDocumentsMSecMouseDelayPlayMouseDelayMonMMMMMMMMMMinMDayLoopRegTypeLoopRegTimeModifiedLoopRegSubKeyLoopRegNameLoopRegKeyLoopReadLineLoopFileTimeModifiedLoopFileTimeCreatedLoopFileTimeAccessedLoopFileSizeMBLoopFileSizeKBLoopFileSizeLoopFileShortPathLoopFileShortNameLoopFilePathLoopFileNameLoopFileLongPathLoopFileFullPathLoopFileExtLoopFileDirLoopFileAttribLoopFieldLineNumberLineFileLastErrorLanguageKeyDurationPlayKeyDurationKeyDelayPlayKeyDelayIsUnicodeIsSuspendedIsPausedIsCriticalIsCompiledIsAdminIs64bitOSIPAddress4IPAddress3IPAddress2IPAddress1InitialWorkingDirIndexIconTipIconNumberIconHiddenIconFileHourGuiYGuiXGuiWidthGuiHeightGuiEventGuiControlEventFormatIntegerFormatFloatExitReasonEventInfoEndCharDesktopCommonDesktopDefaultTreeViewDefaultMouseSpeedDefaultListViewDefaultGuiDDDDDDDDDCursorCoordModeToolTipCoordModePixelCoordModeMouseCoordModeMenuCoordModeCaretControlDelayComputerNameCaretYCaretXBatchLinesAppDataCommonAppDataAhkVersionAhkPathTrueProgramFilesFalseComSpecClipboardAllClipboard...%s[%Iu of %Iu]: %-1.60s%sPropertyRegExMatch\:\:REG_SZREG_EXPAND_SZREG_MULTI_SZREG_DWORDREG_BINARYDefault3264LineRegExFASTSLOWAscChrDerefHTMLModPowExpSqrtLogLnRoundCeilFloorAbsSinCosTanASinACosATanBitAndBitOrBitXOrBitNotBitShiftLeftBitShiftRightAddDestroyNamePriorityInterruptNoTimersLabelTypeCountLocalePermitMouseSendAndMouseMouseMoveOffPlayEventThenEventThenPlayYESNOOKCANCELABORTIGNORERETRYCONTINUETRYAGAINMINMAXHIDEScreenRelativeWindowClientPixelCaretIntegerFloatNumberTimeDateDigitXdigitAlnumAlphaUpperLowerUTF-8UTF-8-RAWUTF-16UTF-16-RAWCPFuncRemoveClipboardFormatListeneruser32AddClipboardFormatListenerTrayNo tray memA_Clipboardstatus AHK_PlayMe modeclose AHK_PlayMeRegClassAutoHotkey2Shell_TrayWndCreateWindoweditConsolasLucida Console*ErrorLevel <>=/|^,:*&~!()[]{}+-?."'\;`IFWHILEClass>AUTOHOTKEY SCRIPT<Could not extract script from EXE./*#CommentFlag*/and<>=/|^,:<>=/|^,:.+-*&!?~::?*- Continuation section too long.JoinLTrimRTrimMissing ")"Functions cannot contain functions.Missing "{"Not a valid method, class or property definition.GetSetNot a valid property getter/setter.Hotke
Source: ftFxGrU7W4.exe Binary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowDwmGetWindowAttributedwmapi.dllahk_idpidgroup%s%uProgram ManagerProgmanWorkerWError text not found (please report)Q\E{0,DEFINEUTF16)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument is compiled in 8 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400D4140 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, 0_2_00000001400D4140
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400693F0 GetComputerNameW,GetUserNameW, 0_2_00000001400693F0
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_00000001400CF0E4 HeapCreate,GetVersion,HeapSetInformation, 0_2_00000001400CF0E4
OS version to string mapping found (often used in BOTs)
Source: ftFxGrU7W4.exe Binary or memory string: WIN_XP
Source: ftFxGrU7W4.exe Binary or memory string: WIN_VISTA
Source: ftFxGrU7W4.exe Binary or memory string: WIN_7
Source: ftFxGrU7W4.exe Binary or memory string: WIN_8
Source: ftFxGrU7W4.exe Binary or memory string: ?*A Goto/Gosub must not jump into a block that doesn't enclose it.ddddddd%02d%dmsSlowLogoffSingle\AutoHotkey.exeWIN32_NTWIN_8.1WIN_8WIN_7WIN_VISTAWIN_XPWIN_2003%04hX0x%Ix*pPIntStrPtrShortInt64DoubleAStrWStrgdi32comctl32kernel32W-3-4CDecl-2This DllCall requires a prior VarSetCapacity.Pos%sLen%sPos%dLen%dLenMarkpcre_calloutCompile error %d at offset %d: %hs-+0 #diouxXeEfgGaAcCpULlTt%0.*fFfSelectVisCenterUniDescLogicalNoSortAutoHdrFirstBoldExpandGDI+JoyJoyXJoyYJoyZJoyRJoyUJoyVJoyPOVJoyNameJoyButtonsJoyAxesJoyInfo
Source: ftFxGrU7W4.exe Binary or memory string: WIN_8.1
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014001E990 Shell_NotifyIconW,RemoveClipboardFormatListener,ChangeClipboardChain,DestroyWindow,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,mciSendStringW,mciSendStringW,DeleteCriticalSection,OleUninitialize,free,free,free, 0_2_000000014001E990
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_000000014001F420 AddClipboardFormatListener,PostMessageW,SetClipboardViewer,RemoveClipboardFormatListener,ChangeClipboardChain, 0_2_000000014001F420
Source: C:\Users\user\Desktop\ftFxGrU7W4.exe Code function: 0_2_0000000140073930 RemoveClipboardFormatListener,ChangeClipboardChain, 0_2_0000000140073930
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1562665 Sample: ftFxGrU7W4 Startdate: 25/11/2024 Architecture: WINDOWS Score: 60 8 AI detected suspicious sample 2->8 5 ftFxGrU7W4.exe 2->5         started        process3 signatures4 10 Uses Windows timers to delay execution 5->10 12 Installs a global keyboard hook 5->12 14 Sample or dropped binary is a compiled AutoHotkey binary 5->14 16 Contains functionality to detect sleep reduction / modifications 5->16
No contacted IP infos