Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_100032D2 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash, |
4_2_100032D2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_1000CCAE CryptAcquireContextA,CryptDecodeObjectEx,CryptImportPublicKeyInfo,CryptEncrypt,CryptDestroyKey,CryptReleaseContext, |
4_2_1000CCAE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_1000B942 CryptAcquireContextA,CryptDecodeObjectEx,CryptImportPublicKeyInfo,CryptCreateHash,CryptHashData,CryptVerifySignatureW,LocalFree,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext, |
4_2_1000B942 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10003292 CryptAcquireContextA,CryptGenRandom, |
4_2_10003292 |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, AGGRESIVE_WS_TRIM, LARGE_ADDRESS_AWARE, 16BIT_MACHINE, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10003902 FindFirstFileW,FindClose, |
4_2_10003902 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10005ACC FindFirstFileW,CreateDirectoryW,CreateDirectoryW,CreateDirectoryW,CreateDirectoryW,DeleteFileW,DeleteFileW,DeleteFileW,GetCurrentDirectoryW,SetCurrentDirectoryW,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,Sleep,Sleep,SetCurrentDirectoryW,FindNextFileW, |
4_2_10005ACC |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe, 00000004.00000002.2513604193.0000000010010000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe, 00000004.00000002.2513053700.0000000006800000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://%s/coretokencryptkeyregsvr32.exeff_updff_mincr_precr_mancr_updcr_mincr_con.dat.exerunas/c |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe, 00000004.00000002.2513604193.0000000010010000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe, 00000004.00000002.2513053700.0000000006800000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.mozilla.org/2004/em-rdf# |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10003187 TerminateProcess,WTSGetActiveConsoleSessionId,WTSGetActiveConsoleSessionId,WTSQueryUserToken,GetCurrentProcess,GetTokenInformation,GetTokenInformation,GetTokenInformation,DuplicateTokenEx,CreateEnvironmentBlock,CreateProcessAsUserW,CloseHandle,CloseHandle,CloseHandle,DestroyEnvironmentBlock, |
4_2_10003187 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011088 |
4_2_10011088 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_1001108C |
4_2_1001108C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011090 |
4_2_10011090 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011094 |
4_2_10011094 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011098 |
4_2_10011098 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_1001109C |
4_2_1001109C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011088 |
4_2_10011088 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011088 |
4_2_10011088 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011088 |
4_2_10011088 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011088 |
4_2_10011088 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_1001111C |
4_2_1001111C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011208 |
4_2_10011208 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011210 |
4_2_10011210 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_1000E214 |
4_2_1000E214 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011218 |
4_2_10011218 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_1001123C |
4_2_1001123C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011274 |
4_2_10011274 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011288 |
4_2_10011288 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011298 |
4_2_10011298 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10010ECC |
4_2_10010ECC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_100112E8 |
4_2_100112E8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011324 |
4_2_10011324 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_1001134C |
4_2_1001134C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011358 |
4_2_10011358 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011364 |
4_2_10011364 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011378 |
4_2_10011378 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_1001138C |
4_2_1001138C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011394 |
4_2_10011394 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10011204 |
4_2_10011204 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: avifil32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: msvfw32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: msacm32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: winmmbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: winmmbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: kbdus.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, AGGRESIVE_WS_TRIM, LARGE_ADDRESS_AWARE, 16BIT_MACHINE, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_1000827F GetCurrentProcess,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket, |
4_2_1000827F |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name, ExecutablePath from win32_Process |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_Processor |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe, SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe, 00000004.00000002.2513604193.0000000010010000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe, 00000004.00000002.2513053700.0000000006800000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: update addon set visible=1, active=1, userDisabled=0, appDisabled=0, pendingUninstall=0, softDisabled=0, size=%u where id='%s'; |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe, 00000004.00000002.2513604193.0000000010010000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe, 00000004.00000002.2513053700.0000000006800000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT into addon (id, location, version, type, visible, active, userDisabled, appDisabled, pendingUninstall, installDate, updateDate, applyBackgroundUpdates, bootstrap, skinnable, size, softDisabled%s) values('%s','app-profile','%s','extension', 0, 1, 0, 0, 0, %s, %s, 1, 0, 0, %u, 0%s); |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
ReversingLabs: Detection: 84% |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Virustotal: Detection: 83% |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Unpacked PE file: 4.2.SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.fera:W;.gdata:W;.put:W;.tuda:W;.tls:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W; |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10005ACC FindFirstFileW,CreateDirectoryW,CreateDirectoryW,CreateDirectoryW,CreateDirectoryW,DeleteFileW,DeleteFileW,DeleteFileW,GetCurrentDirectoryW,SetCurrentDirectoryW,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,Sleep,Sleep,SetCurrentDirectoryW,FindNextFileW, |
4_2_10005ACC |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: section name: .fera |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: section name: .gdata |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: section name: .put |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Static PE information: section name: .tuda |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10003A72 GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,GetLastError,PathFindFileNameW,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle, |
4_2_10003A72 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: GetCurrentProcess,TerminateProcess,CreateToolhelp32Snapshot,Process32NextW,FindCloseChangeNotification,EnumDeviceDrivers,K32EnumDeviceDrivers,EnumDeviceDrivers,K32EnumDeviceDrivers,GetDeviceDriverBaseNameW, |
4_2_1000724D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: EnumDeviceDrivers,K32EnumDeviceDrivers,EnumDeviceDrivers,GetDeviceDriverBaseNameW, |
4_2_10008BFB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_BIOS |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_BaseBoard |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_ComputerSystem |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_ComputerSystemProduct |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10003902 FindFirstFileW,FindClose, |
4_2_10003902 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10005ACC FindFirstFileW,CreateDirectoryW,CreateDirectoryW,CreateDirectoryW,CreateDirectoryW,DeleteFileW,DeleteFileW,DeleteFileW,GetCurrentDirectoryW,SetCurrentDirectoryW,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,Sleep,Sleep,SetCurrentDirectoryW,FindNextFileW, |
4_2_10005ACC |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe, 00000004.00000002.2513053700.000000000684F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Description = "VMware SVGA II"; |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe, 00000004.00000002.2513053700.000000000682F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: VMware, Inc. |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe, 00000004.00000002.2513053700.000000000682F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: stringComputer System ProductComputer System ProductOUL44R19882742-CC56-1A59-9779-FB8CBFA1E29DVMware, Inc.Nonet =G, |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe, 00000004.00000002.2513053700.000000000684F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Win32_OnBoardDeviceOn Board Device 0Win32_OnBoardDeviceOn Board DeviceOn Board DeviceVMware SVGA II |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe, 00000004.00000002.2513053700.000000000684F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: VMware SVGA II |
Source: SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe, 00000004.00000002.2513007718.00000000066E9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10008EF8 GetCurrentProcess,GetVersionExW,GetSystemMetrics,IsDebuggerPresent,GetCurrentProcessId, |
4_2_10008EF8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10003A72 GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,GetLastError,PathFindFileNameW,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle, |
4_2_10003A72 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10005ACC FindFirstFileW,CreateDirectoryW,CreateDirectoryW,CreateDirectoryW,CreateDirectoryW,DeleteFileW,DeleteFileW,DeleteFileW,GetCurrentDirectoryW,SetCurrentDirectoryW,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,Sleep,Sleep,SetCurrentDirectoryW,FindNextFileW, |
4_2_10005ACC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_065D57BC mov ebx, dword ptr fs:[00000030h] |
4_2_065D57BC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_065D35EC mov eax, dword ptr fs:[00000030h] |
4_2_065D35EC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_065D1A18 mov eax, dword ptr fs:[00000030h] |
4_2_065D1A18 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_1000EC76 GetCurrentProcessId,GetSystemTimeAsFileTime,WSAStartup,WaitForSingleObject,closesocket,closesocket,ReleaseMutex, |
4_2_1000EC76 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen6.38594.5893.10844.exe |
Code function: 4_2_10008EF8 GetCurrentProcess,GetVersionExW,GetSystemMetrics,IsDebuggerPresent,GetCurrentProcessId, |
4_2_10008EF8 |