Source: 1.dll |
Virustotal: Detection: 11% |
Perma Link |
Source: 1.dll |
Static PE information: certificate valid |
Source: 1.dll |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\ArchonCore6\Common\Dell.FrontEndPlugin\obj\x64\Release\Dell.FrontEndPlugin.pdb source: 1.dll |
Source: |
Binary string: C:\ArchonCore6\Common\Dell.FrontEndPlugin\obj\x64\Release\Dell.FrontEndPlugin.pdbSHA256qm source: 1.dll |
Source: 1.dll |
String found in binary or memory: http://aia.entrust.net/evcs2-chain.p7c01 |
Source: 1.dll |
String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01 |
Source: 1.dll |
String found in binary or memory: http://crl.entrust.net/2048ca.crl0 |
Source: 1.dll |
String found in binary or memory: http://crl.entrust.net/csbr1.crl0 |
Source: 1.dll |
String found in binary or memory: http://crl.entrust.net/evcs2.crl0 |
Source: 1.dll |
String found in binary or memory: http://crl.entrust.net/g2ca.crl0 |
Source: 1.dll |
String found in binary or memory: http://crl.entrust.net/ts1ca.crl0 |
Source: 1.dll |
String found in binary or memory: http://ocsp.entrust.net00 |
Source: 1.dll |
String found in binary or memory: http://ocsp.entrust.net01 |
Source: 1.dll |
String found in binary or memory: http://ocsp.entrust.net02 |
Source: 1.dll |
String found in binary or memory: http://ocsp.entrust.net03 |
Source: 1.dll |
String found in binary or memory: http://www.entrust.net/rpa0 |
Source: 1.dll |
String found in binary or memory: http://www.entrust.net/rpa03 |
Source: 1.dll |
String found in binary or memory: https://www.entrust.net/rpa0 |
Source: 1.dll |
Static PE information: No import functions for PE file found |
Source: 1.dll |
Binary or memory string: OriginalFilenameDell.FrontEndPlugin.dllH vs 1.dll |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: classification engine |
Classification label: mal48.winDLL@6/0@0/0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2884:120:WilError_03 |
Source: 1.dll |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Windows\System32\loaddll64.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1.dll",#1 |
Source: 1.dll |
Virustotal: Detection: 11% |
Source: unknown |
Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\1.dll" |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\1.dll",#1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1.dll",#1 |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\1.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1.dll",#1 |
Jump to behavior |
Source: 1.dll |
Static PE information: certificate valid |
Source: 1.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: 1.dll |
Static PE information: Image base 0x180000000 > 0x60000000 |
Source: 1.dll |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: 1.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: C:\ArchonCore6\Common\Dell.FrontEndPlugin\obj\x64\Release\Dell.FrontEndPlugin.pdb source: 1.dll |
Source: |
Binary string: C:\ArchonCore6\Common\Dell.FrontEndPlugin\obj\x64\Release\Dell.FrontEndPlugin.pdbSHA256qm source: 1.dll |
Source: 1.dll |
Static PE information: 0x8093189B [Mon May 10 17:02:19 2038 UTC] |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe TID: 6044 |
Thread sleep time: -120000s >= -30000s |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\loaddll64.exe |
Thread delayed: delay time: 120000 |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\1.dll",#1 |
Jump to behavior |