Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
ReversingLabs: Detection: 25% |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Virustotal: Detection: 29% |
Perma Link |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Source: |
Binary string: A:\Srcs\Pad\Build\Release\Hyper3.pdb??'GCTL source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Source: |
Binary string: A:\Srcs\Pad\Build\Release\Hyper3.pdb source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
String found in binary or memory: https://cdn.discordapp.com/attachments/1135629801705709640/1170156279776411779/Hyper.ytd |
Source: classification engine |
Classification label: mal48.winDLL@7/3@0/0 |
Source: C:\Windows\System32\loaddll64.exe |
File created: C:\Users\user\AppData\Roaming\Hyper |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5272:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5764:120:WilError_03 |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Windows\System32\loaddll64.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1 |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
ReversingLabs: Detection: 25% |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Virustotal: Detection: 29% |
Source: unknown |
Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll" |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1 |
|
Source: C:\Windows\System32\rundll32.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\loaddll64.exe |
Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\rundll32.exe |
Automated click: OK |
Source: C:\Windows\System32\rundll32.exe |
Automated click: OK |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: Image base 0x180000000 > 0x60000000 |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static file information: File size 1581056 > 1048576 |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: A:\Srcs\Pad\Build\Release\Hyper3.pdb??'GCTL source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Source: |
Binary string: A:\Srcs\Pad\Build\Release\Hyper3.pdb source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Windows\System32\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe TID: 5948 |
Thread sleep time: -120000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\loaddll64.exe |
Thread delayed: delay time: 120000 |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1 |
Jump to behavior |