Source: 22w5dN070c.exe |
ReversingLabs: Detection: 52% |
Source: 22w5dN070c.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00411800 |
0_2_00411800 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_004108D0 |
0_2_004108D0 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0040C8E0 |
0_2_0040C8E0 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0040F0E9 |
0_2_0040F0E9 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00410907 |
0_2_00410907 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00404110 |
0_2_00404110 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00409119 |
0_2_00409119 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0040F1C7 |
0_2_0040F1C7 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0040C1D0 |
0_2_0040C1D0 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00404990 |
0_2_00404990 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_004091A7 |
0_2_004091A7 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0040E246 |
0_2_0040E246 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00428A08 |
0_2_00428A08 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00425214 |
0_2_00425214 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00405310 |
0_2_00405310 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00408BC0 |
0_2_00408BC0 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00415BD0 |
0_2_00415BD0 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0041B3D0 |
0_2_0041B3D0 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0040DBF0 |
0_2_0040DBF0 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0041E3A0 |
0_2_0041E3A0 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00409436 |
0_2_00409436 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00409CF7 |
0_2_00409CF7 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0041BD00 |
0_2_0041BD00 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0040EDE0 |
0_2_0040EDE0 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0040DE56 |
0_2_0040DE56 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00410670 |
0_2_00410670 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0040E676 |
0_2_0040E676 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00409F47 |
0_2_00409F47 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0040EF78 |
0_2_0040EF78 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00405F30 |
0_2_00405F30 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0040FF30 |
0_2_0040FF30 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: String function: 0042664C appears 45 times |
|
Source: 22w5dN070c.exe |
Static PE information: Resource name: RT_ICON type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
Source: 22w5dN070c.exe |
Static PE information: Resource name: RT_ICON type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
Source: 22w5dN070c.exe |
Static PE information: Resource name: RT_ICON type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
Source: 22w5dN070c.exe |
Static PE information: Resource name: RT_ICON type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
Source: 22w5dN070c.exe |
Static PE information: Resource name: RT_ICON type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
Source: 22w5dN070c.exe |
Static PE information: No import functions for PE file found |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: 22w5dN070c.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal64.evad.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: 22w5dN070c.exe |
ReversingLabs: Detection: 52% |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0042647C push eax; ret |
0_2_0042649A |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_004254B0 push eax; ret |
0_2_004254C4 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_004254B0 push eax; ret |
0_2_004254EC |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_00426687 push ecx; ret |
0_2_00426697 |
Source: initial sample |
Static PE information: section name: UPX0 |
Source: initial sample |
Static PE information: section name: UPX1 |
Source: 22w5dN070c.exe |
Static PE information: Resource name: RT_ICON size: 0xffffff28 |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0040C1D0 rdtsc |
0_2_0040C1D0 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\22w5dN070c.exe |
Code function: 0_2_0040C1D0 rdtsc |
0_2_0040C1D0 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |