Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: certificate valid |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: |
Binary string: Z:\IdeaProjects\product\modules\hydraulic.conveyor.launcher\msixstub\x64\Release\MSIXInstallStub.pdb source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Source: |
Binary string: Z:\IdeaProjects\product\modules\hydraulic.conveyor.launcher\msixstub\x64\Release\MSIXInstallStub.pdb" source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2ABD264 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose, |
0_2_00007FF7F2ABD264 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://crl.certum.pl/ctnca.crl0k |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0# |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://ocsp.sectigo.com0 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://repository.certum.pl/ctnca.cer09 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://repository.certum.pl/ctnca2.cer09 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://subca.ocsp-certum.com01 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://subca.ocsp-certum.com02 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://subca.ocsp-certum.com05 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: http://www.certum.pl/CPS0 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: https://conveyor.hydraulic.dev/redir/http-range-requests |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: https://download.fleurop-interflora.be/ |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000002.2022862474.000001535588C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://download.fleurop-interflora.be/0 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000002.2022862474.00000153558EE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000003.2022571705.0000015355920000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000002.2022862474.00000153558D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://download.fleurop-interflora.be/desktop-print.appinstaller |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000003.2022571705.00000153558D7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000002.2022862474.00000153558D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://download.fleurop-interflora.be/desktop-print.appinstallerX |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: https://download.fleurop-interflora.be/desktop-print.appinstallershell:appsFolder |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000003.2022571705.00000153558EE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe, 00000000.00000002.2022862474.00000153558EE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://download.fleurop-interflora.be/desktop-print.appinstallerzd |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Window created: window name: CLIPBRDWNDCLASS |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2ACAF4B |
0_2_00007FF7F2ACAF4B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A923F8 |
0_2_00007FF7F2A923F8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AB9320 |
0_2_00007FF7F2AB9320 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2ACE4C6 |
0_2_00007FF7F2ACE4C6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A9A4EC |
0_2_00007FF7F2A9A4EC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AB6430 |
0_2_00007FF7F2AB6430 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A9A1A0 |
0_2_00007FF7F2A9A1A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A8B208 |
0_2_00007FF7F2A8B208 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A8918C |
0_2_00007FF7F2A8918C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2ABC22C |
0_2_00007FF7F2ABC22C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2ACE278 |
0_2_00007FF7F2ACE278 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2ABD264 |
0_2_00007FF7F2ABD264 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AB17A0 |
0_2_00007FF7F2AB17A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A81728 |
0_2_00007FF7F2A81728 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AB8770 |
0_2_00007FF7F2AB8770 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A918CC |
0_2_00007FF7F2A918CC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AC8848 |
0_2_00007FF7F2AC8848 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A85824 |
0_2_00007FF7F2A85824 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2ABA6FC |
0_2_00007FF7F2ABA6FC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AB5694 |
0_2_00007FF7F2AB5694 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2ABEB1C |
0_2_00007FF7F2ABEB1C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AB1CA9 |
0_2_00007FF7F2AB1CA9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A86CD8 |
0_2_00007FF7F2A86CD8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A8BAA8 |
0_2_00007FF7F2A8BAA8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AAFA1C |
0_2_00007FF7F2AAFA1C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AB8770 |
0_2_00007FF7F2AB8770 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A8AA5C |
0_2_00007FF7F2A8AA5C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AB0A6C |
0_2_00007FF7F2AB0A6C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A8AA5C |
0_2_00007FF7F2A8AA5C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AC2010 |
0_2_00007FF7F2AC2010 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AC3F88 |
0_2_00007FF7F2AC3F88 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A9E024 |
0_2_00007FF7F2A9E024 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AB108C |
0_2_00007FF7F2AB108C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AC0070 |
0_2_00007FF7F2AC0070 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A87DA0 |
0_2_00007FF7F2A87DA0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AB9D2C |
0_2_00007FF7F2AB9D2C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A9AF00 |
0_2_00007FF7F2A9AF00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A84E58 |
0_2_00007FF7F2A84E58 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: String function: 00007FF7F2A955A4 appears 66 times |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: appxdeploymentclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: storageusage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: wer.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: windows.applicationmodel.datatransfer.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: feclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: classification engine |
Classification label: clean5.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A861F8 GetLastError,FormatMessageW,LocalFree, |
0_2_00007FF7F2A861F8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A8DC60 GetModuleHandleW,FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipAlloc,GdipCreateBitmapFromStream,OutputDebugStringW, |
0_2_00007FF7F2A8DC60 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: windows.exe-installer-name |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: windows.exe-installer-name |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
String found in binary or memory: Parsed metadata: = app.windows.manifests.version-quadwindows.package-family-namewindows.exe-installer-namewindows.site-base-urlapp.windows.manifests.msix.update-escape-hatch.exeapp.windows.manifests.msix.update-escape-hatch.run-ifalwayspackage-family-changedreinstall-requirednot-up-to-date.Already checked for update, just start the app. |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: certificate valid |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: Z:\IdeaProjects\product\modules\hydraulic.conveyor.launcher\msixstub\x64\Release\MSIXInstallStub.pdb source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Source: |
Binary string: Z:\IdeaProjects\product\modules\hydraulic.conveyor.launcher\msixstub\x64\Release\MSIXInstallStub.pdb" source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AA3604 LoadLibraryW,GetProcAddress,LoadLibraryW,GetProcAddress,GetErrorInfo,LoadLibraryW,GetProcAddress,FreeLibrary,SetErrorInfo,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF7F2AA3604 |
Source: SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Static PE information: section name: _RDATA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
API coverage: 9.4 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2ABD264 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose, |
0_2_00007FF7F2ABD264 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AA8164 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF7F2AA8164 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A8918C GetProcessHeap,HeapFree,CreateEventW,WaitForSingleObject,CreateEventW,WaitForSingleObject,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,OutputDebugStringW,CreateEventW,WaitForSingleObject,OutputDebugStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,ShellExecuteW,GetLastError,GetProcessHeap,HeapFree,Sleep,GetProcessHeap,HeapFree,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,OutputDebugStringW, |
0_2_00007FF7F2A8918C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AA3604 LoadLibraryW,GetProcAddress,LoadLibraryW,GetProcAddress,GetErrorInfo,LoadLibraryW,GetProcAddress,FreeLibrary,SetErrorInfo,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF7F2AA3604 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2ACAC7C _invalid_parameter_noinfo_noreturn,OutputDebugStringW,OutputDebugStringW,SendMessageW,OutputDebugStringW,SetWindowTextW,GetProcessHeap,HeapFree, |
0_2_00007FF7F2ACAC7C |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AA8348 SetUnhandledExceptionFilter, |
0_2_00007FF7F2AA8348 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AA8164 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF7F2AA8164 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AADB04 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF7F2AADB04 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AA7EAC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF7F2AA7EAC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A8918C GetProcessHeap,HeapFree,CreateEventW,WaitForSingleObject,CreateEventW,WaitForSingleObject,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,OutputDebugStringW,CreateEventW,WaitForSingleObject,OutputDebugStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,ShellExecuteW,GetLastError,GetProcessHeap,HeapFree,Sleep,GetProcessHeap,HeapFree,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,OutputDebugStringW, |
0_2_00007FF7F2A8918C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2ABC990 cpuid |
0_2_00007FF7F2ABC990 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, |
0_2_00007FF7F2AC0614 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: EnumSystemLocalesW, |
0_2_00007FF7F2ABB5EC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: try_get_function,GetLocaleInfoW, |
0_2_00007FF7F2ABBB6C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: GetLocaleInfoEx,FormatMessageA, |
0_2_00007FF7F2AA5B64 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: GetLocaleInfoW, |
0_2_00007FF7F2AC0D14 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: EnumSystemLocalesW, |
0_2_00007FF7F2AC0960 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00007FF7F2AC0AC8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: EnumSystemLocalesW, |
0_2_00007FF7F2AC0A30 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: GetLocaleInfoW, |
0_2_00007FF7F2AC0F1C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00007FF7F2AC1048 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_00007FF7F2AC0E6C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2AA83B4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00007FF7F2AA83B4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.500504.22488.21237.exe |
Code function: 0_2_00007FF7F2A87DA0 GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,OutputDebugStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,ShellExecuteW,GetLastError,Sleep,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,OutputDebugStringW,GetUserNameW,NetUserGetInfo,NetApiBufferFree,GetModuleFileNameW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,OutputDebugStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,OutputDebugStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,OutputDebugStringW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,CopyFileW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF7F2A87DA0 |