Windows Analysis Report
CDM212364_Setup.exe

Overview

General Information

Sample name: CDM212364_Setup.exe
Analysis ID: 1417261
MD5: 0c97e7b5de1b46fb723bed38f0de28a2
SHA1: 3ab353adb602908eddb884c8b2b587fcc0691bfa
SHA256: 835dd64b199190d20dc37c0cadeb064b7eaaaef271703781b2b259b7085437a4
Infos:

Detection

Score: 6
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Signatures

Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: CDM212364_Setup.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: CDM212364_Setup.exe Static PE information: certificate valid
Source: CDM212364_Setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2013\FTBUSUI\x64\Release\FTBUSUI.pdb source: ftbusui.dll
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2013\FTBUSUI\x64\Release\FTBUSUI.pdb~~ source: ftbusui.dll
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2013\FTBUSUI\Release\FTBUSUI.pdb source: ftbusui.dll
Source: Binary string: d:\wm\minkernel\crts\crtw32\misc\nt\vc110.pdb source: ftd2xx.lib
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2015\x64\Release\FTDIBUS.pdb source: ftdibus.sys
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2015\Release\FTSER2K.pdb source: ftser2k.sys
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2013\FTLang\x64\Release\FTLang.pdb source: ftlang.dll
Source: Binary string: c:\jenkins2\worksp~1\j11a5a~1\pp\ftserui2\objfre_wnet_x86\i386\ftserui2.pdb source: ftserui2.dll
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2015\x64\Release\FTSER2K.pdb source: ftser2k.sys
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2015\x64\Release\FTD2XX.pdb source: ftd2xx64.dll
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2013\FTLang\Release\FTLang.pdb source: ftlang.dll
Source: Binary string: d:\8180\enduser\databaseaccess\src\mdac\odbc\core\cplib\vc110.pdb source: ftd2xx.lib
Source: Binary string: c:\jenkins2\worksp~1\j11a5a~1\coinst\ftcserco\objfre_wnet_amd64\amd64\ftcserco.pdbH source: ftcserco.dll
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2015\Release\FTD2XX.pdb source: ftd2xx.dll
Source: Binary string: c:\jenkins2\worksp~1\j11a5a~1\coinst\ftcserco\objfre_wnet_amd64\amd64\ftcserco.pdb source: ftcserco.dll
Source: Binary string: DpInst.pdbH source: dpinst-amd64.exe
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2015\Release\FTDIBUS.pdb source: ftdibus.sys
Source: Binary string: c:\jenkins2\worksp~1\j11a5a~1\pp\ftserui2\objfre_wnet_amd64\amd64\ftserui2.pdbH source: ftserui2.dll
Source: Binary string: c:\jenkins2\worksp~1\j11a5a~1\coinst\ftcserco\objfre_wnet_x86\i386\ftcserco.pdb source: ftcserco.dll
Source: Binary string: c:\jenkins2\worksp~1\j11a5a~1\pp\ftserui2\objfre_wnet_amd64\amd64\ftserui2.pdb source: ftserui2.dll
Source: Binary string: DpInst.pdb source: dpinst-amd64.exe, dpinst-x86.exe
Source: Binary string: DpInst.pdbp source: dpinst-x86.exe
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: http://ocsp.digicert.com0C
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: http://ocsp.digicert.com0O
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: http://s.symcd.com0_
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: http://sw.symcb.com/sw.crl0
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: http://sw.symcd.com0
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: http://www.digicert.com/CPS0
Source: CDM212364_Setup.exe String found in binary or memory: http://www.disoriented.com(
Source: CDM212364_Setup.exe String found in binary or memory: http://www.disoriented.com/
Source: CDM212364_Setup.exe String found in binary or memory: http://www.disoriented.com/openConfirm
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: https://d.symcb.com/cps0%
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: https://d.symcb.com/rpa0
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: https://d.symcb.com/rpa0)
Source: ftbusui.dll, ftcserco.dll, ftdibus.sys, ftlang.dll, ftser2k.sys, ftserui2.dll String found in binary or memory: https://www.digicert.com/CPS0
Drops certificate files (DER)
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\SETDC5E.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\ftdibus.cat (copy) Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\ftdibus.cat Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\SETEFB7.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\ftdiport.cat (copy) Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\ftdiport.cat Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\SETDE72.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{af1c6af5-4edb-d54c-a197-2872bf05b59e}\ftdiport.cat (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\ftdibus.cat (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{af1c6af5-4edb-d54c-a197-2872bf05b59e}\SETEBA7.tmp Jump to dropped file
Creates driver files
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\amd64\ftdibus.sys Jump to behavior
Creates files inside the driver directory
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d} Jump to behavior
Creates files inside the system directory
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Windows\DPINST.LOG Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_27ad3b85ed46c2a0 Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_27ad3b85ed46c2a0\amd64 Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_27ad3b85ed46c2a0\i386 Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\drvstore.tmp Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\inf\oem4.inf Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_02e6e8b10f1ee812 Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_02e6e8b10f1ee812\amd64 Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\drvstore.tmp Jump to behavior
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\inf\oem5.inf Jump to behavior
Deletes files inside the Windows folder
Source: C:\Windows\System32\drvinst.exe File deleted: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\SETDDF1.tmp Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Code function: 0_2_00F611FC 0_2_00F611FC
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Code function: 0_2_00F63F22 0_2_00F63F22
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Code function: 0_2_00F61114 0_2_00F61114
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Code function: 0_2_00F62A18 0_2_00F62A18
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Code function: 1_2_00403ABC 1_2_00403ABC
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Code function: String function: 00404084 appears 38 times
PE file contains more sections than normal
Source: SETEF17.tmp.6.dr Static PE information: Number of sections : 11 > 10
Source: SETEAF8.tmp.2.dr Static PE information: Number of sections : 11 > 10
Source: ftser2k.sys.0.dr Static PE information: Number of sections : 11 > 10
Sample file is different than original file name gathered from version info
Source: CDM212364_Setup.exe, 00000000.00000003.1700729113.00000000047F0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFTD2XX.LIBJ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1696693669.0000000003260000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFTSER2KJ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1696158135.0000000003170000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFTD2XX.DLLJ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1698869220.00000000033C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFTBUSUI.dllJ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1696837565.0000000003280000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameftserui2.dllJ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1700041483.0000000004790000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameftserui2.dllJ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1696320711.0000000003220000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFTDIBUSJ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1699545583.0000000004730000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFTDIBUSJ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1699028202.00000000033E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameftcserco.dllJ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1694918684.0000000002FC0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFTBUSUI.dllJ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1699279944.0000000003400000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFTD2XX.DLLJ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1699909868.0000000004770000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFTSER2KJ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697567118.00000000032C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exed" vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697567118.00000000032C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exe vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697567118.00000000032C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exe|. vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697567118.00000000032C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exex, vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697567118.00000000032C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exep( vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697567118.00000000032C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exev+ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697567118.00000000032C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exel& vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697567118.00000000032C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exef# vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697567118.00000000032C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exe~/ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1695214815.0000000003130000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameftcserco.dllJ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697975109.00000000032E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exed" vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697975109.00000000032E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exe vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697975109.00000000032E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exe|. vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697975109.00000000032E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exex, vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697975109.00000000032E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exep( vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697975109.00000000032E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exev+ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697975109.00000000032E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exel& vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697975109.00000000032E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exef# vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1697975109.00000000032E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDPInst.exe~/ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1694953296.0000000003170000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFTBUSUI.dllJ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1700454135.00000000047D0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFTD2XX.LIBJ vs CDM212364_Setup.exe
Source: CDM212364_Setup.exe, 00000000.00000003.1695357362.0000000003220000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameftcserco.dllJ vs CDM212364_Setup.exe
Tries to load missing DLLs
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: drvstore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: devrtl.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: spinf.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: devrtl.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: drvstore.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: devrtl.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: drvstore.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\drvinst.exe Section loaded: gpapi.dll Jump to behavior
Uses 32bit PE files
Source: CDM212364_Setup.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: ftdibus.sys Binary string: \Device\USBFDO-USB#ROOT_HUB20#\DosDevices\
Source: ftdibus.sys Binary string: CompositeDriverFTDIBUS\VID_PID_FTDIBUS\COMPORT&VID_&PID_&MI_\Device\Ftdiport_Com_0\DosDevices\Ftdiport_Com_0FTDIBUS\0000\REGISTRY\Machine\System\CurrentControlSet\SERVICES\FTDIBUS\ParametersRetryResetCountMaxDevsLocIdsNULLConfigDataSSIdleTimeoutIN
Source: ftser2k.sys Binary string: \Device\VCP
Source: ftdibus.sys Binary string: \Device\Ftdiport_Com_0
Source: ftdibus.sys Binary string: \REGISTRY\Machine\System\CurrentControlSet\Control\usbflagsIgnoreHWSerNum\COMDeviceDescPortName ()FriendlyNameENUMEnum\\0000ConfigFlags\REGISTRY\Machine\System\CurrentControlSet\Enum\\Control\REGISTRY\Machine\System\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Enum\\Device ParametersActiveServiceCSConfigFlags\Device\USBFDO-USB#ROOT_HUB20#\DosDevices\SymbolicNameIRP_MN_CHANGE_SINGLE_INSTANCEIRP_MN_CHANGE_SINGLE_ITEMIRP_MN_DISABLE_COLLECTIONIRP_MN_DISABLE_EVENTSIRP_MN_ENABLE_COLLECTION
Source: ftser2k.sys Binary string: \Device\VCPIRP_MN_????UnknownRelations
Source: classification engine Classification label: clean6.winEXE@7/82@0/0
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Code function: 0_2_00F643E8 GetLastError,GetLastError,FormatMessageA,wsprintfA,MessageBoxA, 0_2_00F643E8
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Code function: 0_2_00F66B05 lstrcpyA,CoInitialize,CoCreateInstance,MultiByteToWideChar,CoUninitialize, 0_2_00F66B05
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\DPINST_LOG_SCROLLER_MUTEX
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Mutant created: NULL
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FE9AAE.tmp Jump to behavior
Source: CDM212364_Setup.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: dpinst-amd64.exe String found in binary or memory: Some post-install cleanup tasks failed. Error code is 0x%X
Source: dpinst-amd64.exe String found in binary or memory: Successfully re-added '%s' to reference list of driver store entry '%s'
Source: dpinst-amd64.exe String found in binary or memory: Could not re-add '%s' to reference list of driver store entry '%s'
Source: dpinst-amd64.exe String found in binary or memory: Install option set: Suppress pre-install of Plug and Play drivers if no matching devices are present.
Source: dpinst-amd64.exe String found in binary or memory: During undo of install, we failed to re-install the driver. Error code 0x%X
Source: dpinst-amd64.exe String found in binary or memory: Error 0x%X - Could not delete service info key for '%ws', even though there are no more DIFx-installed driver stores using this se
Source: dpinst-amd64.exe String found in binary or memory: ,Software\Policies\Microsoft\Windows\DriverInstall\RestrictionsAllowUserDeviceClasses DummyWindowWindow_CaptionRunAs****************************************Failed to get command line.Command Line: '%s'DPInst is a multi-lingual binary.DPInst is not multi-lingual.The module name was too long.There was an error getting the module name.Failed to initialize MUI or Multi-Lingual language support.Title: %s.Option to dump log info on console not available under Windows 2000. Ignoring the option.Option set: dumping log info to console.Failed to set option to dump log info to console.Failed to set the current working directory to: '%ws'Current working directory: '%ws'Returning with code 0x%XRunning on path '%ws'Invalid path '%ws'No valid '%s' file provided.Install option refused: will not force install if driver is not better because of command to prompt if driver is not better.Install option refused: Can't run in Quiet mode, command to prompt user in case driver is not better is set!Install option refused: Can't run in Quiet mode, UI will be shown because a EULA is required and not suppressed!Install option refused: 'Scan Hardware Display' will be ignored because not running in 'Scan Hardware Mode'.Install option refused: can't test wizard because quiet mode enabled.Install option set: Suppressing Wizard but no OS popups.Install option set: Running in quiet mode. Suppressing Wizard and OS popups.Install option set: legacy mode on.Install option set: Suppressing EULA.Install option set: create user uninstall script file '%s'.Install option set: Prompt if driver is not better.Install option set: Force install if driver is not better.Install option set: Suppress pre-install of Plug and Play drivers if no matching devices are present.Install option set: Suppress Add or Remove Programs entries.Install option set: Install all driver packages or none.Install option set: uninstall will be set to delete driver binaries.Install option set: test wizard cycling through all finish pages.Install option set: using scan hardware display mode. Will only display successfull installs or failures.Uninstall option set: Suppressing Wizard but no OS popups.Uninstall option set: Running in quiet mode. Suppressing Wizard and OS popups.Uninstall command: uninstall Inf '%ws'Uninstall command: uninstall script '%ws'Uninstall option set: if driver was installed, will make best effort to delete driver binaries.User cancelled uninstall.Starting uninstall of '%ws'Starting uninstall of script '%ws'Machine has to be rebooted to complete uninstall.Uninstall script self-reference. Script '%s' already uninstalled.Invalid uninstall script file: '%s'Uninstall script file '%s' not found.Failed to delete 'Add or Remove Programs' entry '%s'.User cancelled uninstall of driver package '%s'ERROR: Access denied to Non-admin user to install/uninstall driver package.DPInst.exe not supported on current OS.User UI Language is 0x%X.Will enable language 0x%X although not listed in descriptor.Current confi
Source: dpinst-amd64.exe String found in binary or memory: Pronto all'uso/Installazione non riuscita (driver non firmato)0Installazione non riuscita (certificato scaduto)
Source: dpinst-amd64.exe String found in binary or memory: re.4Guiden Installation af enhedsdriver blev annulleret.-Installationen mislykkedes (ugyldig signatur)eEs wird bereits der beste Ger
Source: dpinst-amd64.exe String found in binary or memory: stata rilevata nessuna periferica da aggiornare.1Non necessario (nessuna periferica da aggiornare)8Annullamento installazione driver in corso. Attendere...5Installazione guidata driver di periferica annullata.-Installazione non riuscita (firma non valida):
Source: dpinst-amd64.exe String found in binary or memory: FileDescriptionTreiberpaket-Installationsprogramm(
Source: dpinst-amd64.exe String found in binary or memory: ProductNameTreiberpaket-Installationsprogramm (DPInst),
Source: dpinst-x86.exe String found in binary or memory: ERROR: (Error code 0x%X.) (Error code 0x%X: %s)%02d/%02d/%04d %02d:%02d:%02dNon-Interactive Windows StationInteractive Windows StationFailed to check if running under Local System AccountRunning under Local System AccountArchitecture: X86.Suite: 0x%04x, Product Type: %uService Pack: %u.%uPlatform ID: %u (%s)9XNTVersion: %u.%u.%u %sProduct Version %s.****************************************Failed to delete 'Add or Remove Programs' entry '%s'.User cancelled uninstall of driver package '%s'Access denied to Non-admin user to install/uninstall driver package.System requires 64-bit version of DPInst.exe.DPInst.exe not supported on current OS.Requested language 0x%X is not supported on current systemDescriptor (DPInst.xml) does not support requested language 0x%X.Will read descriptor(DPInst.xml) elements in language 0x%X, but some or all of the other elements might be in the UI default language 0x%X.Will read descriptor(DPInst.xml) elements in language 0x%X.Running with language 0x%X.Current configuration does not support UI language 0x%X.Will enable language 0x%X although not listed in descriptor.User UI Language is 0x%X.Invalid path '%ws'Install option set: using scan hardware display mode. Will only display successfull installs or failures.Install option set: test wizard cycling through all finish pages.Install option set: uninstall will be set to delete driver binaries.Install option set: Install all driver packages or none.Install option set: Suppress Add or Remove Programs entries.Install option set: Suppress pre-install of Plug and Play drivers if no matching devices are present.Install option set: Force install if driver is not better.Install option set: Prompt if driver is not better.Install option set: create user uninstall script file '%s'.Install option set: Suppressing EULA.Install option set: legacy mode on.Install option set: Running in quiet mode. Suppressing Wizard and OS popups.Install option set: Suppressing Wizard but no OS popups.Install option refused: can't test wizard because quiet mode enabled.Install option refused: 'Scan Hardware Display' will be ignored because not running in 'Scan Hardware Mode'.Install option refused: Can't run in Quiet mode, UI will be shown because a EULA is required and not suppressed!Install option refused: Can't run in Quiet mode, command to prompt user in case driver is not better is set!Install option refused: will not force install if driver is not better because of command to prompt if driver is not better.No valid '%s' file provided.Running on path '%ws'Invalid uninstall script file '%s', invalid entry '%s'.Invalid uninstall script file '%s', missing hash after ID entry.Invalid uninstall script file '%s', missing path after USCRIPT entry.Invalid uninstall script file '%s', missing path after INF entry.IDUSCRIPTINFUninstall script self-reference. Script '%s' already uninstalled.Invalid uninstall script file: '%s'Machine has to be rebooted to complete uninstall.Starting uninstall of script '%ws'St
Source: dpinst-x86.exe String found in binary or memory: @Error encountered while adding reference of installer '%s' to driver storeError encountered while setting installer information for driver storeUnknown ProductUnknown ManufacturerUnknown Display NameParameter is NULL.RETURN: DriverPackageGetPathW (0x%X)ENTER: DriverPackageGetPathWOne or more files referenced by '%s' cannot be found in the package.Unsigned driver. Possibly rejected by user.Invalid signature. Possibly rejected by user.Could not delete driver store entry '%s'.Failed to add catalog file for '%s'.Driver package is already preinstalled '%s'.The driver package type of %s is not supported.Could not remove driver store entry '%s'.Driver Store entry '%s' removed.Successfully removed '%s' from reference list of driver store entry '%s'Implementation error: Invalid Type %u.Installing INF file '%s' of Type %u.Could not get name of the inf file.Could not remove '%s' from reference list of driver store entry '%s'Could not get Type property for driver package.Installation completed with code 0x%X.Can't repair driver packages from the INF directory.The INSTALLERINFO structure passed in by the caller was non-NULL, but one or more fields of the structure was NULL or an empty string.Successfully deleted properties for driver store entry '%s'.Could not delete properties for driver store entry '%s'.Successfully deleted driver store entry '%s'.Installing INF file '%s' (Plug and Play).Can't preinstall and then install driver packages from the INF directory.DRIVER_PACKAGE_LEGACY_MODE flag set but not supported on Plug and Play driver on VISTA. Flag will be ignored.Successfully re-added '%s' to reference list of driver store entry '%s'Could not re-add '%s' to reference list of driver store entry '%s'Uninstall completed.Uninstall: Invalid Driver Store entry '%s'.Driver store entry '%s' removed.Best effort to delete driver package files copied to system...Error occurred while uninstalling driver package '%s'Uninstalling driver package %s...Could not remove the reference of driver '%s' from driver storeWill not uninstall because other Application depend on this package %s.Could not get Type property for driver package '%s'.Could not get INF PATH property for driver package '%s'.No driver store entry for '%s' found.An error occurred while uninstalling driver package '%s'Cannot uninstall inbox driver package '%s'Could not verify if there are any applications that are still dependent on driver '%s'.Could not remove the reference of application '%s' from driver '%s'RETURN: DriverPackagePreinstallW (0x%X)%s is preinstalled.ENTER: DriverPackagePreinstallWRETURN: DriverPackageInstallW (0x%X)ENTER: DriverPackageInstallWRETURN: DriverPackageUninstallW (0x%X)ENTER: DriverPackageUninstallWl
Source: dpinst-x86.exe String found in binary or memory: Pronto all'uso/Installazione non riuscita (driver non firmato)0Installazione non riuscita (certificato scaduto)
Source: dpinst-x86.exe String found in binary or memory: re.4Guiden Installation af enhedsdriver blev annulleret.-Installationen mislykkedes (ugyldig signatur)eEs wird bereits der beste Ger
Source: dpinst-x86.exe String found in binary or memory: stata rilevata nessuna periferica da aggiornare.1Non necessario (nessuna periferica da aggiornare)8Annullamento installazione driver in corso. Attendere...5Installazione guidata driver di periferica annullata.-Installazione non riuscita (firma non valida):
Source: dpinst-x86.exe String found in binary or memory: FileDescriptionTreiberpaket-Installationsprogramm(
Source: dpinst-x86.exe String found in binary or memory: ProductNameTreiberpaket-Installationsprogramm (DPInst),
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File read: C:\Users\user\Desktop\CDM212364_Setup.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\CDM212364_Setup.exe "C:\Users\user\Desktop\CDM212364_Setup.exe"
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Process created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Process created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe /sa
Source: unknown Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\ftdibus.inf" "9" "4aa35cc23" "000000000000015C" "WinSta0\Default" "000000000000016C" "208" "c:\users\user\appdata\local\temp\ftdi-driver"
Source: unknown Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{af1c6af5-4edb-d54c-a197-2872bf05b59e}\ftdiport.inf" "9" "47472827f" "000000000000016C" "WinSta0\Default" "0000000000000144" "208" "c:\users\user\appdata\local\temp\ftdi-driver"
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Process created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Process created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe /sa Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\InProcServer32 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Window found: window name: SysTabControl32 Jump to behavior
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Automated click: Extract
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Automated click: I accept this agreement
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Automated click: I accept this agreement
Source: CDM212364_Setup.exe Static PE information: certificate valid
Source: CDM212364_Setup.exe Static file information: File size 2264632 > 1048576
Source: CDM212364_Setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2013\FTBUSUI\x64\Release\FTBUSUI.pdb source: ftbusui.dll
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2013\FTBUSUI\x64\Release\FTBUSUI.pdb~~ source: ftbusui.dll
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2013\FTBUSUI\Release\FTBUSUI.pdb source: ftbusui.dll
Source: Binary string: d:\wm\minkernel\crts\crtw32\misc\nt\vc110.pdb source: ftd2xx.lib
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2015\x64\Release\FTDIBUS.pdb source: ftdibus.sys
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2015\Release\FTSER2K.pdb source: ftser2k.sys
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2013\FTLang\x64\Release\FTLang.pdb source: ftlang.dll
Source: Binary string: c:\jenkins2\worksp~1\j11a5a~1\pp\ftserui2\objfre_wnet_x86\i386\ftserui2.pdb source: ftserui2.dll
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2015\x64\Release\FTSER2K.pdb source: ftser2k.sys
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2015\x64\Release\FTD2XX.pdb source: ftd2xx64.dll
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2013\FTLang\Release\FTLang.pdb source: ftlang.dll
Source: Binary string: d:\8180\enduser\databaseaccess\src\mdac\odbc\core\cplib\vc110.pdb source: ftd2xx.lib
Source: Binary string: c:\jenkins2\worksp~1\j11a5a~1\coinst\ftcserco\objfre_wnet_amd64\amd64\ftcserco.pdbH source: ftcserco.dll
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2015\Release\FTD2XX.pdb source: ftd2xx.dll
Source: Binary string: c:\jenkins2\worksp~1\j11a5a~1\coinst\ftcserco\objfre_wnet_amd64\amd64\ftcserco.pdb source: ftcserco.dll
Source: Binary string: DpInst.pdbH source: dpinst-amd64.exe
Source: Binary string: c:\Jenkins2\workspace\J171-Windows-D2XX-VCP-VS2015\Release\FTDIBUS.pdb source: ftdibus.sys
Source: Binary string: c:\jenkins2\worksp~1\j11a5a~1\pp\ftserui2\objfre_wnet_amd64\amd64\ftserui2.pdbH source: ftserui2.dll
Source: Binary string: c:\jenkins2\worksp~1\j11a5a~1\coinst\ftcserco\objfre_wnet_x86\i386\ftcserco.pdb source: ftcserco.dll
Source: Binary string: c:\jenkins2\worksp~1\j11a5a~1\pp\ftserui2\objfre_wnet_amd64\amd64\ftserui2.pdb source: ftserui2.dll
Source: Binary string: DpInst.pdb source: dpinst-amd64.exe, dpinst-x86.exe
Source: Binary string: DpInst.pdbp source: dpinst-x86.exe
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Code function: 1_2_004098C4 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer, 1_2_004098C4
PE file contains sections with non-standard names
Source: ftd2xx64.dll.0.dr Static PE information: section name: .00cfg
Source: ftser2k.sys.0.dr Static PE information: section name: PAGESRP0
Source: ftser2k.sys.0.dr Static PE information: section name: PAGESER
Source: ftser2k.sys0.0.dr Static PE information: section name: PAGESRP0
Source: ftser2k.sys0.0.dr Static PE information: section name: PAGESER
Source: SETEAF8.tmp.2.dr Static PE information: section name: PAGESRP0
Source: SETEAF8.tmp.2.dr Static PE information: section name: PAGESER
Source: SETDBDD.tmp.2.dr Static PE information: section name: .00cfg
Source: SETDDF1.tmp.4.dr Static PE information: section name: .00cfg
Source: SETEF17.tmp.6.dr Static PE information: section name: PAGESRP0
Source: SETEF17.tmp.6.dr Static PE information: section name: PAGESER
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Code function: 1_2_004040C9 push ecx; ret 1_2_004040DC
Drops PE files
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\ftserui2.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\i386\ftbusui.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{af1c6af5-4edb-d54c-a197-2872bf05b59e}\amd64\ftserui2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\i386\ftd2xx.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{af1c6af5-4edb-d54c-a197-2872bf05b59e}\amd64\SETEAF8.tmp Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\amd64\ftbusui.dll Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\amd64\ftserui2.dll Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\amd64\ftser2k.sys Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\FTLang.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\ftdibus.sys (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\SETEF17.tmp Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\ftdibus.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\ftd2xx64.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\amd64\ftd2xx64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{af1c6af5-4edb-d54c-a197-2872bf05b59e}\amd64\SETEB77.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{af1c6af5-4edb-d54c-a197-2872bf05b59e}\amd64\ftser2k.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\SETDBFE.tmp Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-x86.exe Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\i386\ftcserco.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\i386\SETDC70.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\ftcserco.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\SETDDF1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\SETDC2E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\ftbusui.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\i386\SETDE93.tmp Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\i386\ftserui2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{af1c6af5-4edb-d54c-a197-2872bf05b59e}\amd64\ftcserco.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\amd64\ftcserco.dll Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\SETDE51.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\SETEF47.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\SETEF87.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\SETDBDD.tmp Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\amd64\ftlang.dll Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\i386\ftser2k.sys Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\SETDE11.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\ftser2k.sys (copy) Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\i386\ftlang.dll Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\ftd2xx64.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\ftbusui.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\SETDC4E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe File created: C:\Users\user\AppData\Local\Temp\{af1c6af5-4edb-d54c-a197-2872bf05b59e}\amd64\SETEB37.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\FTLang.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\i386\ftd2xx.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\i386\ftdibus.sys Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\SETDE41.tmp Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\amd64\ftdibus.sys Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe File created: C:\Users\user\AppData\Local\Temp\FTDI-Driver\i386\ftd2xx.dll Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\ftdibus.sys (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\SETEF87.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\ftserui2.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\SETDE11.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\ftser2k.sys (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\i386\SETDE93.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\ftd2xx64.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\ftbusui.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\FTLang.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\i386\ftd2xx.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\SETDE51.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\SETDE41.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\SETEF47.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\ftcserco.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\SETDDF1.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\SETEF17.tmp Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Code function: 0_2_00F65344 lstrlenA,GetTempPathA,GetCurrentDirectoryA,GetCurrentProcess,GetModuleFileNameA,CreateFileA,SetFilePointer,SetFilePointer,ReadFile,SetFilePointer,ReadFile,SetFilePointer,ReadFile,SetFilePointer,VirtualAlloc,ReadFile,GetTempPathA,GetTempFileNameA,CreateFileA,WriteFile,CloseHandle,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileIntA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,GetPrivateProfileStringA,wsprintfA,wsprintfA,GetPrivateProfileStringA,lstrlenA,lstrlenA,wsprintfA,GetPrivateProfileStringA,lstrlenA,lstrlenA,lstrcpyA,lstrcpyA,lstrcpyA,lstrcpyA,lstrcpyA,lstrcpyA,lstrcpyA,VirtualFree,DeleteFileA, 0_2_00F65344
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Code function: 0_2_00F65D38 lstrlenA,lstrcpyA,GetPrivateProfileStringA,VirtualAlloc,lstrcatA,lstrcatA,ExpandEnvironmentStringsA,lstrcpyA,lstrcpyA,GetCurrentDirectoryA,lstrlenA,lstrcatA,GetTempPathA,lstrcpyA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,lstrcpyA,lstrcatA,lstrcatA,lstrcpyA,lstrlenA,lstrcpyA, 0_2_00F65D38
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found decision node followed by non-executed suspicious APIs
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
Found dropped PE file which has not been started or loaded
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\ftserui2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\SETDC2E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\ftbusui.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FTDI-Driver\i386\ftbusui.dll Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\i386\SETDE93.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{af1c6af5-4edb-d54c-a197-2872bf05b59e}\amd64\ftserui2.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FTDI-Driver\i386\ftserui2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{af1c6af5-4edb-d54c-a197-2872bf05b59e}\amd64\ftcserco.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\i386\ftd2xx.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{af1c6af5-4edb-d54c-a197-2872bf05b59e}\amd64\SETEAF8.tmp Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FTDI-Driver\amd64\ftbusui.dll Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FTDI-Driver\amd64\ftcserco.dll Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\SETDE51.tmp Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FTDI-Driver\amd64\ftserui2.dll Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\SETEF47.tmp Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FTDI-Driver\amd64\ftser2k.sys Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\FTLang.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\SETEF17.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\ftdibus.sys (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\ftdibus.sys (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\SETEF87.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\ftd2xx64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\SETDBDD.tmp Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FTDI-Driver\amd64\ftd2xx64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{af1c6af5-4edb-d54c-a197-2872bf05b59e}\amd64\SETEB77.tmp Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FTDI-Driver\i386\ftser2k.sys Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FTDI-Driver\amd64\ftlang.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{af1c6af5-4edb-d54c-a197-2872bf05b59e}\amd64\ftser2k.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\SETDBFE.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\SETDE11.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\ftser2k.sys (copy) Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FTDI-Driver\i386\ftlang.dll Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-x86.exe Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\ftd2xx64.dll (copy) Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\ftbusui.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\amd64\SETDC4E.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\FTLang.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{af1c6af5-4edb-d54c-a197-2872bf05b59e}\amd64\SETEB37.tmp Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\i386\ftd2xx.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FTDI-Driver\i386\ftcserco.dll Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\SETDE41.tmp Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FTDI-Driver\i386\ftdibus.sys Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\amd64\ftcserco.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dpinst-amd64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{9ccd3830-e4df-4040-aee8-37c6abebc103}\i386\SETDC70.tmp Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FTDI-Driver\amd64\ftdibus.sys Jump to dropped file
Source: C:\Windows\System32\drvinst.exe Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\amd64\SETDDF1.tmp Jump to dropped file
Source: C:\Users\user\Desktop\CDM212364_Setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FTDI-Driver\i386\ftd2xx.dll Jump to dropped file
Found evasive API chain (date check)
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Found evasive API chain (may stop execution after checking a module file name)
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe API coverage: 9.2 %
Source: setupapi.dev.log.2.dr Binary or memory string: sig: Key = vmci.inf
Source: setupapi.dev.log.2.dr Binary or memory string: dvs: {Driver Setup Import Driver Package: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.178
Source: setupapi.dev.log.2.dr Binary or memory string: idb: Activating driver package 'vmci.inf_amd64_68ed49469341f563'.
Source: setupapi.dev.log.2.dr Binary or memory string: cpy: Published 'vmci.inf_amd64_68ed49469341f563\vmci.inf' to 'oem2.inf'.
Source: setupapi.dev.log.2.dr Binary or memory string: inf: {Add Service: vmci}
Source: setupapi.dev.log.2.dr Binary or memory string: inf: Created new service 'vmci'.
Source: setupapi.dev.log.2.dr Binary or memory string: inf: Display Name = VMware VMCI Bus Driver
Source: setupapi.dev.log.2.dr Binary or memory string: inf: Service Name = vmci
Source: setupapi.dev.log.2.dr Binary or memory string: idb: {Publish Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf} 11:48:39.707
Source: setupapi.dev.log.2.dr Binary or memory string: idb: Indexed 4 device IDs for 'vmci.inf_amd64_68ed49469341f563'.
Source: setupapi.dev.log.2.dr Binary or memory string: utl: Driver INF - oem2.inf (C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf)
Source: setupapi.dev.log.2.dr Binary or memory string: sto: {Configure Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf}
Source: setupapi.dev.log.2.dr Binary or memory string: sto: {Stage Driver Package: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.634
Source: setupapi.dev.log.2.dr Binary or memory string: sig: Installed catalog 'vmci.cat' as 'oem2.cat'.
Source: setupapi.dev.log.2.dr Binary or memory string: cpy: Target Path = C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563
Source: setupapi.dev.log.2.dr Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.inf' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.inf'.
Source: setupapi.dev.log.2.dr Binary or memory string: sig: FilePath = C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.inf
Source: setupapi.dev.log.2.dr Binary or memory string: inf: {Configure Driver Configuration: vmci.install.x64.NT}
Source: setupapi.dev.log.2.dr Binary or memory string: idb: Created driver package object 'vmci.inf_amd64_68ed49469341f563' in SYSTEM database node.
Source: setupapi.dev.log.2.dr Binary or memory string: inf: Image Path = System32\drivers\vmci.sys
Source: setupapi.dev.log.2.dr Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.cat' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.cat'.
Source: setupapi.dev.log.2.dr Binary or memory string: sig: Catalog = C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.cat
Source: setupapi.dev.log.2.dr Binary or memory string: inf: Section Name = vmci.install.x64.NT
Source: setupapi.dev.log.2.dr Binary or memory string: flq: Copying 'C:\Windows\SoftwareDistribution\Download\Install\vmci.sys' to 'C:\Windows\System32\DriverStore\Temp\{5a5b2f36-11ff-5a4a-b3b1-6fc00ed67f26}\vmci.sys'.
Source: setupapi.dev.log.2.dr Binary or memory string: idb: Registered driver package 'vmci.inf_amd64_68ed49469341f563' with 'oem2.inf'.
Source: setupapi.dev.log.2.dr Binary or memory string: inf: Driver package 'vmci.inf' is configurable.
Source: setupapi.dev.log.2.dr Binary or memory string: inf: {Configure Driver: VMware VMCI Bus Device}
Source: setupapi.dev.log.2.dr Binary or memory string: inf: {Query Configurability: C:\Windows\SoftwareDistribution\Download\Install\vmci.inf} 11:48:39.636
Source: setupapi.dev.log.2.dr Binary or memory string: sto: {Core Driver Package Import: vmci.inf_amd64_68ed49469341f563} 11:48:39.704
Source: setupapi.dev.log.2.dr Binary or memory string: idb: {Register Driver Package: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.inf} 11:48:39.707
Source: setupapi.dev.log.2.dr Binary or memory string: flq: Copying 'C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563\vmci.sys' to 'C:\Windows\System32\drivers\vmci.sys'.
Source: C:\Users\user\Desktop\CDM212364_Setup.exe API call chain: ExitProcess graph end node
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Code function: 1_2_0040427B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 1_2_0040427B
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Code function: 1_2_004098C4 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer, 1_2_004098C4
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Code function: 1_2_00401B10 _memset,_memset,GetProcessHeap,_wcslen,HeapAlloc,CreateProcessW,WaitForSingleObject,GetExitCodeProcess,GetExitCodeThread,CloseHandle,CloseHandle,HeapFree, 1_2_00401B10
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Code function: 1_2_0040851F SetUnhandledExceptionFilter, 1_2_0040851F
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Code function: 1_2_0040427B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 1_2_0040427B
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Code function: 1_2_00405608 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_00405608
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Code function: 1_2_00401E95 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 1_2_00401E95
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Code function: GetLocaleInfoA, 1_2_0041051F
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\drvinst.exe Queries volume information: C:\Windows\System32\DriverStore\Temp\{0bc528db-037e-be49-bed2-b1892483ab8d}\ftdibus.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\drvinst.exe Queries volume information: C:\Windows\System32\DriverStore\Temp\{92c677e5-36e2-5340-986f-1a45f50cbde4}\ftdiport.cat VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Code function: 1_2_00402EE7 GetSystemTimeAsFileTime,__aulldiv, 1_2_00402EE7
Source: C:\Users\user\AppData\Local\Temp\FTDI-Driver\dp-chooser.exe Code function: 1_2_0040D6BF __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson, 1_2_0040D6BF
Source: C:\Windows\System32\drvinst.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1417261 Sample: CDM212364_Setup.exe Startdate: 28/03/2024 Architecture: WINDOWS Score: 6 6 CDM212364_Setup.exe 35 2->6         started        9 drvinst.exe 24 2->9         started        11 drvinst.exe 18 2->11         started        file3 30 17 other files (none is malicious) 6->30 dropped 13 dp-chooser.exe 6->13         started        18 C:\Windows\System32\...\ftd2xx.dll (copy), PE32 9->18 dropped 20 C:\Windows\System32\...\SETDE93.tmp, PE32 9->20 dropped 22 C:\Windows\System32\...\ftdibus.sys (copy), PE32+ 9->22 dropped 32 7 other files (none is malicious) 9->32 dropped 24 C:\Windows\System32\...\ftserui2.dll (copy), PE32+ 11->24 dropped 26 C:\Windows\System32\...\ftser2k.sys (copy), PE32+ 11->26 dropped 28 C:\Windows\System32\...\ftcserco.dll (copy), PE32+ 11->28 dropped 34 3 other files (none is malicious) 11->34 dropped process4 process5 15 dpinst-amd64.exe 1 32 13->15         started        file6 36 C:\Users\user\AppData\...\ftserui2.dll (copy), PE32+ 15->36 dropped 38 C:\Users\user\AppData\...\ftser2k.sys (copy), PE32+ 15->38 dropped 40 C:\Users\user\AppData\...\ftcserco.dll (copy), PE32+ 15->40 dropped 42 13 other files (none is malicious) 15->42 dropped
No contacted IP infos