Windows Analysis Report
Setup.exe

Overview

General Information

Sample name: Setup.exe
Analysis ID: 1416903
MD5: 67890fcc5a391a8914e9ffaf209abecd
SHA1: d7f8448dee9b8f76a4b007bfe0da83f52eac674e
SHA256: 27be6ed296617b8b4fe5cf1e9a4c0e4547c81d3cbf4bce524792d8e971fb290f
Tags: exeFAKEOFFICETROJANSCRIPTAGENT
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to detect sleep reduction / modifications
Sample or dropped binary is a compiled AutoHotkey binary
Uses Windows timers to delay execution
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May check if the current machine is a sandbox (GetTickCount - Sleep)
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: Setup.exe Virustotal: Detection: 6% Perma Link
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400AD4A0 FindFirstFileW,FindClose,FindFirstFileW,FindClose, 0_2_00000001400AD4A0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014003C6B0 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose, 0_2_000000014003C6B0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140066C80 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,_swprintf,FindNextFileW,FindClose, 0_2_0000000140066C80
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140066FC0 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,_swprintf,malloc, 0_2_0000000140066FC0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140081230 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,wcsncpy,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError, 0_2_0000000140081230
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400AD3A0 GetFileAttributesW,FindFirstFileW,FindClose, 0_2_00000001400AD3A0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140067610 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose, 0_2_0000000140067610
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140081820 GetFileAttributesW,FindFirstFileW,FindClose, 0_2_0000000140081820
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014007E060 _wcstoi64,InternetOpenW,InternetOpenUrlW,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetReadFile,GetTickCount,PeekMessageW,GetTickCount,InternetReadFile,InternetReadFileExA,GetTickCount,PeekMessageW,GetTickCount,InternetReadFileExA,InternetCloseHandle,InternetCloseHandle,fclose,DeleteFileW, 0_2_000000014007E060
Source: Setup.exe String found in binary or memory: https://autohotkey.com
Source: Setup.exe String found in binary or memory: https://autohotkey.comCould
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140006640 GetTickCount,OpenClipboard,GetTickCount,OpenClipboard, 0_2_0000000140006640
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400062A0 EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,GlobalUnlock,CloseClipboard,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree, 0_2_00000001400062A0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400B02B0 EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalFree,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard, 0_2_00000001400B02B0
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140006520 GetClipboardFormatNameW,GetClipboardData, 0_2_0000000140006520
Contains functionality to record screenshots
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140054C20 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetSystemMetrics,GetSystemMetrics,wcsncpy,GetDC,DestroyIcon,DeleteObject,GetIconInfo,CreateCompatibleDC,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,malloc,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,malloc, 0_2_0000000140054C20
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140016810 GetTickCount,PeekMessageW,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState, 0_2_0000000140016810
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140001B0C GlobalUnlock,CloseClipboard,SetTimer,GetTickCount,GetTickCount,GetMessageW,GetTickCount,GetFocus,TranslateAcceleratorW,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,SendMessageW,SendMessageW,PostMessageW,SendMessageW,SendMessageW,IsDialogMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,SetCurrentDirectoryW,KillTimer, 0_2_0000000140001B0C

System Summary
barindex
Sample or dropped binary is a compiled AutoHotkey binary
Source: C:\Users\user\Desktop\Setup.exe Window found: window name: AutoHotkey Jump to behavior
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014005F340: _swprintf,CreateFileW,DeviceIoControl,CloseHandle, 0_2_000000014005F340
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400818A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 0_2_00000001400818A0
Detected potential crypto function
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140020253 0_2_0000000140020253
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014001E850 0_2_000000014001E850
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014001EFC0 0_2_000000014001EFC0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014000D360 0_2_000000014000D360
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140005380 0_2_0000000140005380
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014001F7A0 0_2_000000014001F7A0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140001B0C 0_2_0000000140001B0C
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014001FDB9 0_2_000000014001FDB9
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140055E40 0_2_0000000140055E40
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140094040 0_2_0000000140094040
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014004604B 0_2_000000014004604B
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014007E060 0_2_000000014007E060
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140010070 0_2_0000000140010070
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014004E07B 0_2_000000014004E07B
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400CE090 0_2_00000001400CE090
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400D20A4 0_2_00000001400D20A4
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400B20D0 0_2_00000001400B20D0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014005A130 0_2_000000014005A130
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400D614C 0_2_00000001400D614C
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014004A180 0_2_000000014004A180
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014004C1B0 0_2_000000014004C1B0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014004636B 0_2_000000014004636B
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400803C0 0_2_00000001400803C0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014009641B 0_2_000000014009641B
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140096429 0_2_0000000140096429
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014007E430 0_2_000000014007E430
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140096434 0_2_0000000140096434
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014000A460 0_2_000000014000A460
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400964F0 0_2_00000001400964F0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140028500 0_2_0000000140028500
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140096509 0_2_0000000140096509
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140096511 0_2_0000000140096511
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140096527 0_2_0000000140096527
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140070540 0_2_0000000140070540
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014005C550 0_2_000000014005C550
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014007A590 0_2_000000014007A590
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400585B0 0_2_00000001400585B0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140050625 0_2_0000000140050625
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014004C650 0_2_000000014004C650
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014005E660 0_2_000000014005E660
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014002A6A0 0_2_000000014002A6A0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400986C0 0_2_00000001400986C0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400726D0 0_2_00000001400726D0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014009C710 0_2_000000014009C710
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400987AB 0_2_00000001400987AB
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400027BB 0_2_00000001400027BB
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400407C0 0_2_00000001400407C0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014007C7EF 0_2_000000014007C7EF
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014006E860 0_2_000000014006E860
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014000A880 0_2_000000014000A880
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140050894 0_2_0000000140050894
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400528A0 0_2_00000001400528A0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140074900 0_2_0000000140074900
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140076940 0_2_0000000140076940
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014009694C 0_2_000000014009694C
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140048950 0_2_0000000140048950
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400609C9 0_2_00000001400609C9
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400809F0 0_2_00000001400809F0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400D89F4 0_2_00000001400D89F4
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140020A4B 0_2_0000000140020A4B
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140058A70 0_2_0000000140058A70
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140046AC0 0_2_0000000140046AC0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140098AEC 0_2_0000000140098AEC
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140008B00 0_2_0000000140008B00
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400A8B70 0_2_00000001400A8B70
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140088BA0 0_2_0000000140088BA0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140054C20 0_2_0000000140054C20
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014004AC30 0_2_000000014004AC30
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140044C80 0_2_0000000140044C80
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140050CC0 0_2_0000000140050CC0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014007AD20 0_2_000000014007AD20
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140006D20 0_2_0000000140006D20
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140064D60 0_2_0000000140064D60
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140034DB5 0_2_0000000140034DB5
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140074DC0 0_2_0000000140074DC0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014006CDD0 0_2_000000014006CDD0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014008EDF0 0_2_000000014008EDF0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140062E70 0_2_0000000140062E70
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400BAEBB 0_2_00000001400BAEBB
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014008CF03 0_2_000000014008CF03
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140018F30 0_2_0000000140018F30
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140098F31 0_2_0000000140098F31
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014003EF50 0_2_000000014003EF50
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400DCF7C 0_2_00000001400DCF7C
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014005AF80 0_2_000000014005AF80
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140060F90 0_2_0000000140060F90
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140012FA0 0_2_0000000140012FA0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140096FB0 0_2_0000000140096FB0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400BCFF0 0_2_00000001400BCFF0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014007EFF0 0_2_000000014007EFF0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140125000 0_2_0000000140125000
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014007B090 0_2_000000014007B090
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014005D0A0 0_2_000000014005D0A0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400150B0 0_2_00000001400150B0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400BB0E0 0_2_00000001400BB0E0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400570F0 0_2_00000001400570F0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400D1130 0_2_00000001400D1130
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014005F140 0_2_000000014005F140
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140059180 0_2_0000000140059180
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140039182 0_2_0000000140039182
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400111A0 0_2_00000001400111A0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014004F1C0 0_2_000000014004F1C0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400A31D0 0_2_00000001400A31D0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140093200 0_2_0000000140093200
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140071210 0_2_0000000140071210
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014009923D 0_2_000000014009923D
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014008F260 0_2_000000014008F260
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400172A0 0_2_00000001400172A0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400032A4 0_2_00000001400032A4
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014004B2B0 0_2_000000014004B2B0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400632E0 0_2_00000001400632E0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140051380 0_2_0000000140051380
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014005F410 0_2_000000014005F410
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140085430 0_2_0000000140085430
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014005B4C0 0_2_000000014005B4C0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014003F4C0 0_2_000000014003F4C0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014008D4D0 0_2_000000014008D4D0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014009D500 0_2_000000014009D500
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140025524 0_2_0000000140025524
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400DD560 0_2_00000001400DD560
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140043560 0_2_0000000140043560
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140065590 0_2_0000000140065590
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400D5598 0_2_00000001400D5598
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014009F5B0 0_2_000000014009F5B0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400715AC 0_2_00000001400715AC
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014007D5F8 0_2_000000014007D5F8
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400CF620 0_2_00000001400CF620
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400B1650 0_2_00000001400B1650
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140035686 0_2_0000000140035686
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400536A0 0_2_00000001400536A0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014006F6B0 0_2_000000014006F6B0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014004D6F0 0_2_000000014004D6F0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140069730 0_2_0000000140069730
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140019740 0_2_0000000140019740
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140073790 0_2_0000000140073790
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400AF7B0 0_2_00000001400AF7B0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014008F7BD 0_2_000000014008F7BD
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014008F7CC 0_2_000000014008F7CC
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014008F7E8 0_2_000000014008F7E8
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014008F80A 0_2_000000014008F80A
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014008F82B 0_2_000000014008F82B
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014008F837 0_2_000000014008F837
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014008F85D 0_2_000000014008F85D
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014003F860 0_2_000000014003F860
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140039860 0_2_0000000140039860
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014008F89E 0_2_000000014008F89E
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400878D1 0_2_00000001400878D1
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400998D8 0_2_00000001400998D8
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014007B8FE 0_2_000000014007B8FE
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014001B920 0_2_000000014001B920
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014005D930 0_2_000000014005D930
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140091948 0_2_0000000140091948
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014003196C 0_2_000000014003196C
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140017970 0_2_0000000140017970
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140041980 0_2_0000000140041980
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400899C0 0_2_00000001400899C0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400579C0 0_2_00000001400579C0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014004BA40 0_2_000000014004BA40
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140005A50 0_2_0000000140005A50
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400B7A60 0_2_00000001400B7A60
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140063B60 0_2_0000000140063B60
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140097B90 0_2_0000000140097B90
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400C7BA0 0_2_00000001400C7BA0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140099BB5 0_2_0000000140099BB5
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014003DBD0 0_2_000000014003DBD0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014002BBE0 0_2_000000014002BBE0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400ABBF0 0_2_00000001400ABBF0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140051BF0 0_2_0000000140051BF0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014004FC05 0_2_000000014004FC05
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014006DC10 0_2_000000014006DC10
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014005FC12 0_2_000000014005FC12
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014006BC60 0_2_000000014006BC60
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014004DC70 0_2_000000014004DC70
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140085D70 0_2_0000000140085D70
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400ADDA0 0_2_00000001400ADDA0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140049DB0 0_2_0000000140049DB0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140061DF0 0_2_0000000140061DF0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014005BDF0 0_2_000000014005BDF0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014004BE10 0_2_000000014004BE10
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140039E55 0_2_0000000140039E55
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014000DE60 0_2_000000014000DE60
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014004FEBC 0_2_000000014004FEBC
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140013F10 0_2_0000000140013F10
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014008BF30 0_2_000000014008BF30
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400D5F24 0_2_00000001400D5F24
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014002FF50 0_2_000000014002FF50
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\Setup.exe Code function: String function: 00000001400401A0 appears 56 times
Source: C:\Users\user\Desktop\Setup.exe Code function: String function: 00000001400404F0 appears 452 times
Source: C:\Users\user\Desktop\Setup.exe Code function: String function: 00000001400C986C appears 391 times
Source: C:\Users\user\Desktop\Setup.exe Code function: String function: 00000001400C9AC4 appears 59 times
Sample file is different than original file name gathered from version info
Source: Setup.exe, 00000000.00000000.1612693837.0000000140132000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilename vs Setup.exe
Source: Setup.exe Binary or memory string: OriginalFilename vs Setup.exe
Tries to load missing DLLs
Source: C:\Users\user\Desktop\Setup.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: propsys.dll Jump to behavior
Source: classification engine Classification label: mal60.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140041980 _swprintf,CreateProcessW,CloseHandle,GetLastError,SetCurrentDirectoryW,GetFileAttributesW,SetCurrentDirectoryW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,CloseHandle,GetLastError,FormatMessageW, 0_2_0000000140041980
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400818A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 0_2_00000001400818A0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400609C9 wcsncpy,GetDiskFreeSpaceW,GetLastError,malloc, 0_2_00000001400609C9
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140081B30 CreateToolhelp32Snapshot,Process32FirstW,_wcstoi64,Process32NextW,Process32NextW,CloseHandle,CloseHandle,CloseHandle, 0_2_0000000140081B30
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140082030 CLSIDFromProgID,CLSIDFromString,CLSIDFromString,CoCreateInstance,CoCreateInstance, 0_2_0000000140082030
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400AE5E0 LoadLibraryExW,EnumResourceNamesW,FindResourceW,LoadResource,LockResource,GetSystemMetrics,FindResourceW,LoadResource,LockResource,SizeofResource,CreateIconFromResourceEx,FreeLibrary,ExtractIconW, 0_2_00000001400AE5E0
Source: C:\Users\user\Desktop\Setup.exe File created: C:\Users\Public\Torrent Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: Setup.exe Virustotal: Detection: 6%
Source: C:\Users\user\Desktop\Setup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D105A4D4-344C-48EB-9866-EE378D90658B}\InProcServer32 Jump to behavior
Source: Setup.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: Setup.exe Static file information: File size 1371648 > 1048576
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014009E020 CreateDialogIndirectParamW,SetPropW,DestroyWindow,LoadLibraryW,GetProcAddress,FreeLibrary,SetWindowLongPtrW,GetWindowLongW,SetWindowLongW, 0_2_000000014009E020
PE file contains sections with non-standard names
Source: Setup.exe Static PE information: section name: text
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400D8190 push rbp; iretd 0_2_00000001400D8688
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001401284CB push rbp; iretd 0_2_00000001401284DE
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400BCC66 push 85000BCBh; retf 0_2_00000001400BCCF5
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140050566 IsZoomed,IsIconic, 0_2_0000000140050566
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014007A590 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,CreateDCW,GetDC,GetPixel,DeleteDC,ReleaseDC,_swprintf,malloc,malloc, 0_2_000000014007A590
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140058A70 GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,WindowFromPoint,EnumChildWindows,GetClassNameW,EnumChildWindows,malloc, 0_2_0000000140058A70
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140054C20 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetSystemMetrics,GetSystemMetrics,wcsncpy,GetDC,DestroyIcon,DeleteObject,GetIconInfo,CreateCompatibleDC,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,malloc,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,malloc, 0_2_0000000140054C20
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140044C80 IsWindow,DestroyWindow,GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,MonitorFromPoint,GetMonitorInfoW,IsWindow,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetWindowRect,SendMessageW,SendMessageW, 0_2_0000000140044C80
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140056DC0 SendMessageW,IsWindowVisible,ShowWindow,IsIconic,ShowWindow,GetForegroundWindow,SetForegroundWindow,SendMessageW, 0_2_0000000140056DC0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140096FB0 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus, 0_2_0000000140096FB0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140096FB0 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus, 0_2_0000000140096FB0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014009109D GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 0_2_000000014009109D
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400910AD MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 0_2_00000001400910AD
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400910A5 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 0_2_00000001400910A5
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400910BB MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 0_2_00000001400910BB
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400970DF ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow, 0_2_00000001400970DF
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400970D5 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow, 0_2_00000001400970D5
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400910FF MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 0_2_00000001400910FF
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014009710A ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow, 0_2_000000014009710A
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014009713C ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow, 0_2_000000014009713C
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140091137 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 0_2_0000000140091137
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140091146 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW, 0_2_0000000140091146
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014009719A ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow, 0_2_000000014009719A
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140093200 GetWindowLongW,GetWindowLongW,SetWindowPos,EnableWindow,GetWindowRect,GetClientRect,MulDiv,MulDiv,GetWindowRect,GetClientRect,MulDiv,MulDiv,_wcstoi64,IsWindow,SetParent,SetWindowLongPtrW,SetParent,IsWindowVisible,IsIconic,SetWindowLongW,SetWindowLongW,SetWindowPos,InvalidateRect, 0_2_0000000140093200
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400971F8 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow, 0_2_00000001400971F8
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140097229 MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow, 0_2_0000000140097229
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014008F260 SendMessageW,MulDiv,MulDiv,COMRefPtr,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,DrawTextW,DrawTextW,GetCharABCWidthsW,MulDiv,GetSystemMetrics,GetSystemMetrics,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,SelectObject,ReleaseDC,SendMessageW,SendMessageW,GetClientRect,SetWindowLongW,SendMessageW,SetWindowLongW,MoveWindow,GetWindowRect,SendMessageW,GetWindowRect,MapWindowPoints,InvalidateRect,SetWindowPos,SetWindowPos,MapWindowPoints, 0_2_000000014008F260
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400B1470 GetForegroundWindow,IsWindowVisible,IsIconic,ShowWindow, 0_2_00000001400B1470
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400694D0 GetTickCount,GetForegroundWindow,GetTickCount,GetWindowThreadProcessId,GetGUIThreadInfo,ClientToScreen,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,_itow, 0_2_00000001400694D0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014009D500 SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,SetFocus,SendMessageW,ShowWindow,SetFocus,InvalidateRect,MapWindowPoints,InvalidateRect, 0_2_000000014009D500
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400B1650 GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,BringWindowToTop, 0_2_00000001400B1650
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400536A0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,_swprintf,malloc,ReleaseDC,SelectObject,DeleteDC,DeleteObject,malloc,GetPixel,ReleaseDC,malloc,malloc, 0_2_00000001400536A0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400ADB60 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen, 0_2_00000001400ADB60
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400A1CD0 CheckMenuItem,CheckMenuItem,GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetForegroundWindow,GetWindowThreadProcessId,SetForegroundWindow,SetForegroundWindow,TrackPopupMenuEx,PostMessageW,GetForegroundWindow,SetForegroundWindow, 0_2_00000001400A1CD0
Source: C:\Users\user\Desktop\Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Contains functionality to detect sleep reduction / modifications
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140018F30 0_2_0000000140018F30
Uses Windows timers to delay execution
Source: C:\Users\user\Desktop\Setup.exe User Timer Set: Timeout: 100ms Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe User Timer Set: Timeout: 10ms Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe User Timer Set: Timeout: 10ms Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\Setup.exe API coverage: 1.3 %
May check if the current machine is a sandbox (GetTickCount - Sleep)
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140018F30 0_2_0000000140018F30
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014001A910 GetKeyboardLayout followed by cmp: cmp dl, 00000019h and CTI: ja 000000014001AA8Dh country: Russian (ru) 0_2_000000014001A910
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140022A87 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022CB9h country: Urdu (ur) 0_2_0000000140022A87
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140022A87 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022CB9h country: Inuktitut (iu) 0_2_0000000140022A87
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140022A8F GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022CB9h country: Urdu (ur) 0_2_0000000140022A8F
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140022A8F GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022CB9h country: Inuktitut (iu) 0_2_0000000140022A8F
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140022A96 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022CB9h country: Urdu (ur) 0_2_0000000140022A96
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140022A96 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022CB9h country: Inuktitut (iu) 0_2_0000000140022A96
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140022ABD GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022CB9h country: Urdu (ur) 0_2_0000000140022ABD
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140022ABD GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022CB9h country: Inuktitut (iu) 0_2_0000000140022ABD
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140022AE1 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022CB9h country: Urdu (ur) 0_2_0000000140022AE1
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140022AE1 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022CB9h country: Inuktitut (iu) 0_2_0000000140022AE1
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140022B05 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022CB9h country: Urdu (ur) 0_2_0000000140022B05
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140022B05 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022CB9h country: Inuktitut (iu) 0_2_0000000140022B05
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400150B0 GetKeyboardLayout followed by cmp: cmp ecx, 0ah and CTI: jl 0000000140015412h country: Spanish (es) 0_2_00000001400150B0
Uses the system / local time for branch decision (may execute only at specific dates)
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140059180 GetLocalTime followed by cmp: cmp word ptr [rbx], cx and CTI: je 00000001400594B3h 0_2_0000000140059180
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140059180 GetLocalTime followed by cmp: cmp dx, ax and CTI: je 0000000140059373h 0_2_0000000140059180
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400AD4A0 FindFirstFileW,FindClose,FindFirstFileW,FindClose, 0_2_00000001400AD4A0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014003C6B0 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose, 0_2_000000014003C6B0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140066C80 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,_swprintf,FindNextFileW,FindClose, 0_2_0000000140066C80
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140066FC0 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,_swprintf,malloc, 0_2_0000000140066FC0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140081230 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,wcsncpy,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError, 0_2_0000000140081230
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400AD3A0 GetFileAttributesW,FindFirstFileW,FindClose, 0_2_00000001400AD3A0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140067610 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose, 0_2_0000000140067610
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140081820 GetFileAttributesW,FindFirstFileW,FindClose, 0_2_0000000140081820
Source: Setup.exe, 00000000.00000002.1684677071.00000000008C7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}
Source: Setup.exe, 00000000.00000002.1684756472.0000000000904000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Setup.exe, 00000000.00000002.1684677071.00000000008C7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\
Source: C:\Users\user\Desktop\Setup.exe API call chain: ExitProcess graph end node
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140018050 BlockInput,BlockInput, 0_2_0000000140018050
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400D1110 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00000001400D1110
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014009E020 CreateDialogIndirectParamW,SetPropW,DestroyWindow,LoadLibraryW,GetProcAddress,FreeLibrary,SetWindowLongPtrW,GetWindowLongW,SetWindowLongW, 0_2_000000014009E020
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400D76DC GetProcessHeap,HeapAlloc,_errno,_errno,__doserrno,_errno,GetProcessHeap,HeapFree,SetEndOfFile,_errno,__doserrno,GetLastError, 0_2_00000001400D76DC
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400D2BA4 SetUnhandledExceptionFilter, 0_2_00000001400D2BA4
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400D1110 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00000001400D1110
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400CDD84 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00000001400CDD84
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140041980 _swprintf,CreateProcessW,CloseHandle,GetLastError,SetCurrentDirectoryW,GetFileAttributesW,SetCurrentDirectoryW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,CloseHandle,GetLastError,FormatMessageW, 0_2_0000000140041980
Contains functionality to simulate keystroke presses
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400172A0 GetCurrentThreadId,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,BlockInput,GetForegroundWindow,GetAsyncKeyState,keybd_event,GetAsyncKeyState,keybd_event,GetAsyncKeyState,BlockInput, 0_2_00000001400172A0
Contains functionality to simulate mouse events
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140018AB0 mouse_event, 0_2_0000000140018AB0
Source: Setup.exe Binary or memory string: TextLEFTLRIGHTRMIDDLEMX1X2WUWDWLWR{Blind}{ClickLl{}^+!#{}RawTempASC U+ ,LWin RWin LShift RShift LCtrl RCtrl LAlt RAlt SYSTEM\CurrentControlSet\Control\Keyboard Layouts\Layout FileKbdLayerDescriptorsc%03Xvk%02XSCALTDOWNALTUPSHIFTDOWNSHIFTUPCTRLDOWNCONTROLDOWNCTRLUPCONTROLUPLWINDOWNLWINUPRWINDOWNRWINUPRtlGetVersionntdll.dll%u.%u.%uStdOutAllUnreachableClassOverwriteUseEnvLocalSameAsGlobalUseUnsetGlobalUseUnsetLocalYYYYYWeekYearYDayWorkingDirWinDirWinDelayWDayUserNameTitleMatchModeSpeedTitleMatchModeTimeSinceThisHotkeyTimeSincePriorHotkeyTimeIdlePhysicalTimeIdleMouseTimeIdleKeyboardTimeIdleTickCountThisMenuItemPosThisMenuItemThisMenuThisLabelThisHotkeyThisFuncStoreCapslockModeStartupCommonStartupStartMenuCommonStartMenuSecScriptNameScriptHwndScriptFullPathScriptDirScreenWidthScreenHeightScreenDPIRegViewPtrSizeProgramsCommonProgramsPriorKeyPriorHotkeyOSVersionOSTypeNumBatchLinesNowUTCNowMyDocumentsMSecMouseDelayPlayMouseDelayMonMMMMMMMMMMinMDayLoopRegTypeLoopRegTimeModifiedLoopRegSubKeyLoopRegNameLoopRegKeyLoopReadLineLoopFileTimeModifiedLoopFileTimeCreatedLoopFileTimeAccessedLoopFileSizeMBLoopFileSizeKBLoopFileSizeLoopFileShortPathLoopFileShortNameLoopFilePathLoopFileNameLoopFileLongPathLoopFileFullPathLoopFileExtLoopFileDirLoopFileAttribLoopFieldLineNumberLineFileLastErrorLanguageKeyDurationPlayKeyDurationKeyDelayPlayKeyDelayIsUnicodeIsSuspendedIsPausedIsCriticalIsCompiledIsAdminIs64bitOSIPAddress4IPAddress3IPAddress2IPAddress1IndexIconTipIconNumberIconHiddenIconFileHourGuiYGuiXGuiWidthGuiHeightGuiEventGuiControlEventFormatIntegerFormatFloatExitReasonEventInfoEndCharDesktopCommonDesktopDefaultTreeViewDefaultMouseSpeedDefaultListViewDefaultGuiDDDDDDDDDCursorCoordModeToolTipCoordModePixelCoordModeMouseCoordModeMenuCoordModeCaretControlDelayComputerNameCaretYCaretXBatchLinesAppDataCommonAppDataAhkVersionAhkPathTrueProgramFilesFalseComSpecClipboardAll...%s[%Iu of %Iu]: %-1.60s%sPropertyRegExMatch\:\:REG_SZREG_EXPAND_SZREG_MULTI_SZREG_DWORDREG_BINARYDefault3264LineRegExFASTSLOWAscChrDerefHTMLModPowExpSqrtLogLnRoundCeilFloorAbsSinCosTanASinACosATanBitAndBitOrBitXOrBitNotBitShiftLeftBitShiftRightAddDestroyNamePriorityInterruptNoTimersLabelTypeCountLocalePermitMouseSendAndMouseMouseMoveOffPlayEventThenEventThenPlayYESNOOKCANCELABORTIGNORERETRYCONTINUETRYAGAINMINMAXHIDEScreenRelativeWindowClientPixelCaretIntegerFloatNumberTimeDateDigitXdigitAlnumAlphaUpperLowerUTF-8UTF-8-RAWUTF-16UTF-16-RAWCPFuncRemoveClipboardFormatListeneruser32AddClipboardFormatListenerTrayNo tray memstatus AHK_PlayMe modeclose AHK_PlayMeRegClassAutoHotkey2Shell_TrayWndCreateWindoweditConsolasLucida Console*ErrorLevel <>=/|^,:*&~!()[]{}+-?."'\;`IFWHILEClass>AUTOHOTKEY SCRIPT<Could not extract script from EXE./*#CommentFlag*/and<>=/|^,:<>=/|^,:.+-*&!?~::?*- Continuation section too long.JoinLTrimRTrimMissing ")"Functions cannot contain functions.Missing "{"Not a valid method, class or property definition.GetSetNot a valid property getter/setter.Hotkeys/hotstrings are not allowed inside
Source: Setup.exe Binary or memory string: Program Manager
Source: Setup.exe Binary or memory string: Shell_TrayWnd
Source: Setup.exe Binary or memory string: Progman
Source: Setup.exe Binary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowDwmGetWindowAttributedwmapi.dllahk_idpidgroup%s%uProgram ManagerProgmanWorkerWError text not found (please report)Q\E{0,DEFINEUTF16)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument is compiled in 8 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140020253 SetCurrentDirectoryW,malloc,GetSystemTimeAsFileTime, 0_2_0000000140020253
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400690F0 GetComputerNameW,GetUserNameW, 0_2_00000001400690F0
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_00000001400CE334 HeapCreate,GetVersion,HeapSetInformation, 0_2_00000001400CE334
OS version to string mapping found (often used in BOTs)
Source: Setup.exe Binary or memory string: WIN_XP
Source: Setup.exe Binary or memory string: ?*A Goto/Gosub must not jump into a block that doesn't enclose it.ddddddd%02d%dmsSlowLogoffSingle1.1.34.03\AutoHotkey.exeWIN32_NTWIN_8.1WIN_8WIN_7WIN_VISTAWIN_XPWIN_2003%04hX0x%Ix*pPIntStrPtrShortInt64DoubleAStrWStrgdi32comctl32kernel32W-3-4CDecl-2This DllCall requires a prior VarSetCapacity.Pos%sLen%sPos%dLen%dLenMarkpcre_calloutCompile error %d at offset %d: %hs-+0 #diouxXeEfgGaAcCpULlTt%0.*fFfSelectVisCenterUniDescLogicalNoSortAutoHdrFirstBoldExpandGDI+JoyJoyXJoyYJoyZJoyRJoyUJoyVJoyPOVJoyNameJoyButtonsJoyAxesJoyInfo0%
Source: Setup.exe Binary or memory string: WIN_VISTA
Source: Setup.exe Binary or memory string: WIN_7
Source: Setup.exe Binary or memory string: WIN_8
Source: Setup.exe Binary or memory string: WIN_8.1
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014001E850 PostThreadMessageW,Sleep,GetTickCount,GetExitCodeThread,GetTickCount,Sleep,CloseHandle,CreateMutexW,CloseHandle,CreateMutexW,CloseHandle,Shell_NotifyIconW,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,RemoveClipboardFormatListener,ChangeClipboardChain,mciSendStringW,mciSendStringW,DeleteCriticalSection,OleUninitialize, 0_2_000000014001E850
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_000000014001F440 AddClipboardFormatListener,PostMessageW,SetClipboardViewer,RemoveClipboardFormatListener,ChangeClipboardChain, 0_2_000000014001F440
Source: C:\Users\user\Desktop\Setup.exe Code function: 0_2_0000000140073500 RemoveClipboardFormatListener,ChangeClipboardChain, 0_2_0000000140073500
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1416903 Sample: Setup.exe Startdate: 28/03/2024 Architecture: WINDOWS Score: 60 8 Multi AV Scanner detection for submitted file 2->8 5 Setup.exe 3 2->5         started        process3 signatures4 10 Uses Windows timers to delay execution 5->10 12 Sample or dropped binary is a compiled AutoHotkey binary 5->12 14 Contains functionality to detect sleep reduction / modifications 5->14
No contacted IP infos