Source: Autopoisk.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: global traffic |
HTTP traffic detected: GET /files/version HTTP/1.1Cache-control: no-cachePragma: no-cacheHost: upd.autopoisk.suAccept: text/html, */*Accept-Encoding: identityUser-Agent: Mozilla/3.0 (compatible; Indy Library) |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
HTTP traffic detected: GET /files/version HTTP/1.1Cache-control: no-cachePragma: no-cacheHost: upd.autopoisk.suAccept: text/html, */*Accept-Encoding: identityUser-Agent: Mozilla/3.0 (compatible; Indy Library) |
Source: unknown |
DNS traffic detected: queries for: r3.autopoisk.vin |
Source: Autopoisk.exe |
String found in binary or memory: http://upd.autopoisk.su/files/Autopoisk- |
Source: Autopoisk.exe |
String found in binary or memory: http://upd.autopoisk.su/files/versionU |
Source: Autopoisk.exe |
String found in binary or memory: http://www.indyproject.org/ |
Source: Autopoisk.exe, 00000000.00000002.2886100080.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, Autopoisk.exe, 00000000.00000002.2886100080.0000000002E94000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://upd.autopoisk.su/files/version |
Source: Autopoisk.exe |
Static PE information: Number of sections : 11 > 10 |
Source: Autopoisk.exe, 00000000.00000000.1616961805.0000000000416000.00000020.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilename vs Autopoisk.exe |
Source: Autopoisk.exe, 00000000.00000000.1616961805.0000000000416000.00000020.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFileName vs Autopoisk.exe |
Source: Autopoisk.exe |
Binary or memory string: OriginalFilename vs Autopoisk.exe |
Source: Autopoisk.exe |
Binary or memory string: OriginalFileName vs Autopoisk.exe |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: security.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: Autopoisk.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: classification engine |
Classification label: clean5.winEXE@1/0@6/6 |
Source: Yara match |
File source: Autopoisk.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.Autopoisk.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000000.1616961805.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: Autopoisk.exe |
String found in binary or memory: NATS-SEFI-ADD |
Source: Autopoisk.exe |
String found in binary or memory: NATS-DANO-ADD |
Source: Autopoisk.exe |
String found in binary or memory: JIS_C6229-1984-b-add |
Source: Autopoisk.exe |
String found in binary or memory: jp-ocr-b-add |
Source: Autopoisk.exe |
String found in binary or memory: JIS_C6229-1984-hand-add |
Source: Autopoisk.exe |
String found in binary or memory: jp-ocr-hand-add |
Source: Autopoisk.exe |
String found in binary or memory: ISO_6937-2-add |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Window found: window name: TComboBox |
Jump to behavior |
Source: Autopoisk.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: Autopoisk.exe |
Static file information: File size 13065007 > 1048576 |
Source: Autopoisk.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x259800 |
Source: Autopoisk.exe |
Static PE information: Raw size of .debug is bigger than: 0x100000 < 0x98332f |
Source: Autopoisk.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: Autopoisk.exe |
Static PE information: section name: .didata |
Source: Autopoisk.exe |
Static PE information: section name: .debug |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Window / User API: threadDelayed 507 |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Window / User API: threadDelayed 3135 |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe TID: 7716 |
Thread sleep time: -507000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe TID: 7708 |
Thread sleep time: -3135000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 |
Jump to behavior |
Source: C:\Users\user\Desktop\Autopoisk.exe |
Last function: Thread delayed |
Source: Autopoisk.exe |
Binary or memory string: @Idassignednumbers@IdPORT_vmnet |
Source: Autopoisk.exe |
Binary or memory string: @Idassignednumbers@IdPORT_vmnet$@Idassignednumbers@IdPORT_genrad_mux |
Source: Autopoisk.exe, 00000000.00000002.2885859929.00000000012EE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: Autopoisk.exe |
Binary or memory string: @Winapi@Windows@DOF_PROGMAN |