Click to jump to signature section
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Avira: detected |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | ReversingLabs: Detection: 42% |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Virustotal: Detection: 54% | Perma Link |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: | Binary string: C:\Users\iccp_\source\repos\ConsoleApplication1\Release\ConsoleApplication1.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe |
Source: | Binary string: C:\Users\iccp_\source\repos\ConsoleApplication1\Release\ConsoleApplication1.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine | Classification label: mal42.winEXE@8/1@0/0 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7272:120:WilError_03 |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Windows\SysWOW64\taskkill.exe | WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Gift2.exe") |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | ReversingLabs: Detection: 42% |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Virustotal: Detection: 54% |
Source: unknown | Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe" | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c color F2 | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c taskkill /f /im Gift2.exe | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im Gift2.exe | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c color F2 | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c taskkill /f /im Gift2.exe | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im Gift2.exe | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Section loaded: msvcp140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe | Section loaded: framedynos.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\taskkill.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Automated click: OK |
Source: Window Recorder | Window detected: More than 3 window changes detected |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: | Binary string: C:\Users\iccp_\source\repos\ConsoleApplication1\Release\ConsoleApplication1.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe |
Source: | Binary string: C:\Users\iccp_\source\repos\ConsoleApplication1\Release\ConsoleApplication1.pdb source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Code function: 0_2_002B1D76 push ecx; ret | 0_2_002B1D89 |
Source: C:\Windows\SysWOW64\taskkill.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Code function: 0_2_002B1B0A IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_002B1B0A |
Source: C:\Windows\SysWOW64\taskkill.exe | Process token adjusted: Debug | Jump to behavior |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Code function: 0_2_002B1B0A IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_002B1B0A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Code function: 0_2_002B1681 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_2_002B1681 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Code function: 0_2_002B1C6C SetUnhandledExceptionFilter, | 0_2_002B1C6C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c color F2 | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c taskkill /f /im Gift2.exe | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im Gift2.exe | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im Gift2.exe | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Code function: 0_2_002B1DBA cpuid | 0_2_002B1DBA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Code function: 0_2_002B19F3 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, | 0_2_002B19F3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.21226.23526.exe | Code function: 0_2_002B1160 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ, | 0_2_002B1160 |