Source: install_numarkidjliveii+(1).exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: install_numarkidjliveii+(1).exe |
Static PE information: certificate valid |
Source: install_numarkidjliveii+(1).exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: http://s2.symcb.com0 |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: http://sv.symcd.com0& |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: http://www.virtualdj.com/0/ |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: http://www.winimage.com/zLibDll |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: install_numarkidjliveii+(1).exe |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008D7080 |
0_2_008D7080 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008E541E |
0_2_008E541E |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008D5C29 |
0_2_008D5C29 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008DB02A |
0_2_008DB02A |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008D7C70 |
0_2_008D7C70 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008D6D90 |
0_2_008D6D90 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008D5160 |
0_2_008D5160 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008E8A9F |
0_2_008E8A9F |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008D2A43 |
0_2_008D2A43 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008E4F70 |
0_2_008E4F70 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: String function: 008D40B0 appears 34 times |
|
Source: install_numarkidjliveii+(1).exe, 00000000.00000002.1675673425.00000000008F6000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameinstalladdon.exeB vs install_numarkidjliveii+(1).exe |
Source: install_numarkidjliveii+(1).exe |
Binary or memory string: OriginalFilenameinstalladdon.exeB vs install_numarkidjliveii+(1).exe |
Source: install_numarkidjliveii+(1).exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean5.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Command line argument: %s\%s |
0_2_008D321A |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Command line argument: %s\%s%s |
0_2_008D321A |
Source: install_numarkidjliveii+(1).exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
File read: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Jump to behavior |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: install_numarkidjliveii+(1).exe |
Static PE information: certificate valid |
Source: install_numarkidjliveii+(1).exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: install_numarkidjliveii+(1).exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: install_numarkidjliveii+(1).exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: install_numarkidjliveii+(1).exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: install_numarkidjliveii+(1).exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: install_numarkidjliveii+(1).exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: install_numarkidjliveii+(1).exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: install_numarkidjliveii+(1).exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: install_numarkidjliveii+(1).exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: install_numarkidjliveii+(1).exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: install_numarkidjliveii+(1).exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: install_numarkidjliveii+(1).exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: install_numarkidjliveii+(1).exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008D40F6 push ecx; ret |
0_2_008D4109 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
API coverage: 9.7 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008DD428 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_008DD428 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008DC6A6 mov eax, dword ptr fs:[00000030h] |
0_2_008DC6A6 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008E33B1 GetProcessHeap, |
0_2_008E33B1 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008D38C3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_008D38C3 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008DD428 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_008DD428 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008D3E66 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_008D3E66 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008D3FF9 SetUnhandledExceptionFilter, |
0_2_008D3FF9 |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008D410B cpuid |
0_2_008D410B |
Source: C:\Users\user\Desktop\install_numarkidjliveii+(1).exe |
Code function: 0_2_008D3D58 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_008D3D58 |