Source: Start.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: Start.exe |
Static PE information: certificate valid |
Source: Start.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: |
Binary string: Z:\Development\Applications\FluxPlayer\build_win\Themes\FluxPlayer\FPStart\Release\Start.pdb source: Start.exe |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B09050 GetLongPathNameW,GetLongPathNameW,FindFirstFileW,FindClose, |
0_2_00B09050 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B0E410 FindFirstFileW, |
0_2_00B0E410 |
Source: Start.exe |
String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s |
Source: Start.exe |
String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t |
Source: Start.exe |
String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0# |
Source: Start.exe |
String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# |
Source: Start.exe |
String found in binary or memory: http://jimmac.musichall.cz |
Source: Start.exe |
String found in binary or memory: http://ocsp.sectigo.com0 |
Source: Start.exe |
String found in binary or memory: http://www.gimp.orgg |
Source: Start.exe |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: Start.exe |
String found in binary or memory: https://sectigo.com/CPS0D |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009DA120 SetWindowsHookExW 00000002,Function_00039F30,00000000,00000000 |
0_2_009DA120 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009D9410 GetKeyState,GetSystemMetrics,GetAsyncKeyState, |
0_2_009D9410 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009D4120 GetKeyState,GetKeyState,GetKeyState,GetMessageTime, |
0_2_009D4120 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009D4A60 GetWindowLongW,GetWindowLongW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,SendMessageW,GetWindowLongW,SendMessageW,GetWindowLongW,GetWindowLongW,SendMessageW,SendMessageW,GetFocus,GetWindowLongW,GetWindowLongW,IsWindowEnabled,IsWindowVisible,IsWindowEnabled,IsWindowVisible,GetWindowLongW,GetParent,IsDialogMessageW, |
0_2_009D4A60 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009CCB20 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetCursorPos,GetMessagePos, |
0_2_009CCB20 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_3_011A6541 |
0_3_011A6541 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_3_011A6541 |
0_3_011A6541 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_3_011A6541 |
0_3_011A6541 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_3_0119C860 |
0_3_0119C860 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_3_011A6541 |
0_3_011A6541 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_3_011A6541 |
0_3_011A6541 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_3_011A6541 |
0_3_011A6541 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_3_011A6541 |
0_3_011A6541 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_3_011A6541 |
0_3_011A6541 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_3_011A6541 |
0_3_011A6541 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B32250 |
0_2_00B32250 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00BCF01A |
0_2_00BCF01A |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B09050 |
0_2_00B09050 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B6A180 |
0_2_00B6A180 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B102E0 |
0_2_00B102E0 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009B82E0 |
0_2_009B82E0 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A1B210 |
0_2_00A1B210 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B393F0 |
0_2_00B393F0 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B25340 |
0_2_00B25340 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009F8360 |
0_2_009F8360 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B0C480 |
0_2_00B0C480 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A15470 |
0_2_00A15470 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009E3590 |
0_2_009E3590 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009D15C0 |
0_2_009D15C0 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A04540 |
0_2_00A04540 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A0F6A0 |
0_2_00A0F6A0 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B386F0 |
0_2_00B386F0 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009BE610 |
0_2_009BE610 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A01600 |
0_2_00A01600 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A0C8B0 |
0_2_00A0C8B0 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009EC8E0 |
0_2_009EC8E0 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009CE800 |
0_2_009CE800 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009FC800 |
0_2_009FC800 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A059A0 |
0_2_00A059A0 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00BA4AB1 |
0_2_00BA4AB1 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B0EA90 |
0_2_00B0EA90 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A96AF0 |
0_2_00A96AF0 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B23A60 |
0_2_00B23A60 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009D7C00 |
0_2_009D7C00 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A87C40 |
0_2_00A87C40 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00BACDC6 |
0_2_00BACDC6 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009F6D40 |
0_2_009F6D40 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00BCEEF6 |
0_2_00BCEEF6 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00BAEE00 |
0_2_00BAEE00 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A75E60 |
0_2_00A75E60 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A02F10 |
0_2_00A02F10 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009F4F40 |
0_2_009F4F40 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: String function: 009B3450 appears 617 times |
|
Source: C:\Users\user\Desktop\Start.exe |
Code function: String function: 009AFB30 appears 57 times |
|
Source: C:\Users\user\Desktop\Start.exe |
Code function: String function: 009ACE30 appears 110 times |
|
Source: C:\Users\user\Desktop\Start.exe |
Code function: String function: 00BA28F0 appears 37 times |
|
Source: C:\Users\user\Desktop\Start.exe |
Code function: String function: 00AF0760 appears 33 times |
|
Source: C:\Users\user\Desktop\Start.exe |
Code function: String function: 00AEEB90 appears 351 times |
|
Source: C:\Users\user\Desktop\Start.exe |
Code function: String function: 009AE210 appears 119 times |
|
Source: C:\Users\user\Desktop\Start.exe |
Code function: String function: 009DF8D0 appears 160 times |
|
Source: C:\Users\user\Desktop\Start.exe |
Code function: String function: 00AEEA00 appears 412 times |
|
Source: Start.exe, 00000000.00000002.1285021562.0000000000D3E000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameFluxPlayer.exe6 vs Start.exe |
Source: Start.exe |
Binary or memory string: OriginalFilenameFluxPlayer.exe6 vs Start.exe |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: duser.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: atlthunk.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Start.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: Start.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean19.spyw.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B09DB0 CoCreateInstance,MultiByteToWideChar,OleUninitialize, |
0_2_00B09DB0 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B2C250 FindResourceW,LoadResource,GetCurrentThreadId,GetCurrentThreadId,GetLastError,LockResource,GetLastError,SizeofResource, |
0_2_00B2C250 |
Source: C:\Users\user\Desktop\Start.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Start-user |
Source: Start.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\Start.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: Start.exe |
String found in binary or memory: alnumalphaasciiblankcntrldigitgraphlowerprintpunctupperxdigitNULSOHSTXETXEOTENQACKBELalertBSbackspaceHTtabLFnewlineVTvertical-tabFFform-feedCRcarriage-returnSOSIDLEDC1DC2DC3DC4NAKSYNETBCANEMSUBESCIS4FSIS3GSIS2RSIS1USspaceexclamation-markquotation-marknumber-signdollar-signpercent-signampersandapostropheleft-parenthesisright-parenthesisasteriskplus-signcommahyphenhyphen-minusperiodfull-stopslashsoliduszeroonetwothreefourfivesixseveneightninecolonsemicolonless-than-signequals-signgreater-than-signquestion-markcommercial-atleft-square-bracketbackslashreverse-solidusright-square-bracketcircumflexcircumflex-accentunderscorelow-linegrave-accentleft-braceleft-curly-bracketvertical-lineright-braceright-curly-brackettildeDEL |
Source: Start.exe |
Static PE information: certificate valid |
Source: Start.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: Start.exe |
Static file information: File size 4012936 > 1048576 |
Source: Start.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x263200 |
Source: Start.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: Start.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: Start.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: Start.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: Start.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: Start.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: Start.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: Start.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: Z:\Development\Applications\FluxPlayer\build_win\Themes\FluxPlayer\FPStart\Release\Start.pdb source: Start.exe |
Source: Start.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: Start.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: Start.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: Start.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: Start.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_3_0119CA58 pushad ; iretd |
0_3_0119CAAD |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_3_0119C860 pushad ; iretd |
0_3_0119CAAD |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009B3050 push ecx; mov dword ptr [esp], ecx |
0_2_009B3171 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A11580 push ecx; mov dword ptr [esp], ecx |
0_2_00A11581 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A29690 push ecx; mov dword ptr [esp], ecx |
0_2_00A29691 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A60690 push ecx; mov dword ptr [esp], ecx |
0_2_00A60691 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00BA27F5 push ecx; ret |
0_2_00BA2808 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B498C0 push ecx; mov dword ptr [esp], ecx |
0_2_00B498C1 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00BA2936 push ecx; ret |
0_2_00BA2949 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B49900 push ecx; mov dword ptr [esp], ecx |
0_2_00B49901 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B48BB0 push ecx; mov dword ptr [esp], ecx |
0_2_00B48BB1 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A0DB30 push ecx; mov dword ptr [esp], ecx |
0_2_00A0DB31 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A17DE0 push ecx; mov dword ptr [esp], ecx |
0_2_00A17DE1 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00A10D40 push ecx; mov dword ptr [esp], ecx |
0_2_00A10D41 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009E7910 IsIconic, |
0_2_009E7910 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009E9D60 IsIconic,IsZoomed,IsIconic,BringWindowToTop,ShowWindow, |
0_2_009E9D60 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_009E9D60 IsIconic,IsZoomed,IsIconic,BringWindowToTop,ShowWindow, |
0_2_009E9D60 |
Source: C:\Users\user\Desktop\Start.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B09050 GetLongPathNameW,GetLongPathNameW,FindFirstFileW,FindClose, |
0_2_00B09050 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B0E410 FindFirstFileW, |
0_2_00B0E410 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00BA7043 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00BA7043 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00BA91C3 mov eax, dword ptr fs:[00000030h] |
0_2_00BA91C3 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00BC5CB8 mov eax, dword ptr fs:[00000030h] |
0_2_00BC5CB8 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00BA7043 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00BA7043 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00BA2137 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00BA2137 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00B061D0 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
0_2_00BCB627 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: EnumSystemLocalesW, |
0_2_00BCB8CD |
Source: C:\Users\user\Desktop\Start.exe |
Code function: EnumSystemLocalesW, |
0_2_00BCB9B3 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: EnumSystemLocalesW, |
0_2_00BCB918 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: EnumSystemLocalesW, |
0_2_00BC4956 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_00BCBDBB |
Source: C:\Users\user\Desktop\Start.exe |
Code function: GetLocaleInfoW, |
0_2_00BC4EC9 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00BCBF96 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00BA2B8F GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00BA2B8F |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00B2BDC0 GetUserNameW,GetEnvironmentVariableW, |
0_2_00B2BDC0 |
Source: C:\Users\user\Desktop\Start.exe |
Code function: 0_2_00BBF0CB _free,GetTimeZoneInformation,_free, |
0_2_00BBF0CB |