Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Static PE information: certificate valid |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://s.symcd.com06 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://s2.symcb.com0 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://sv.symcb.com/sv.crl0f |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://sv.symcd.com0& |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: https://d.symcb.com/rpa0. |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
String found in binary or memory: https://mail.ru/0 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean1.winEXE@1/0@0/0 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Section loaded: d3d8.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Section loaded: d3dxof.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Section loaded: dsound.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Section loaded: ylaxawif.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Section loaded: d3d8thk.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Section loaded: winmmbase.dll |
Jump to behavior |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Static PE information: certificate valid |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Static file information: File size 2454432 > 1048576 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x224000 |
Source: SecuriteInfo.com.BScope.Adware.MyWebSearch.26467.22406.exe |
Static PE information: section name: .ps4 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |