Windows Analysis Report SecuriteInfo.com.FileRepPup.24194.30525.exe

Potential key logger detected (key state polling based)

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: E:\jenkins_workspace\installer\src\Release\Installer.pdb source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_00A15040 recv,

0_2_00A15040

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://ocsp.digicert.com0H
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://ocsp.digicert.com0I
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://tj2.sj
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://tj2.sjhfrj.com&&&X-HM-Time:X-HM-Credential:Content-Type:application/jsoncitycountry_code
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://tj2.sjhfrj.com/software/346
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://tj2.sjhfrj.com/software/346DownloadUrlInstallDownloadTypetrueIsCheckNetIsEnableAppSensors.dow
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe, 00000000.00000002.2868959775.0000000001320000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tj2.sjhfrj.com/software/346full.dll
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html#
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: https://tj.nnxieli.com/sa?project=my_project
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: https://tj.nnxieli.com/sa?project=my_projecthttps://tj.nnxieli.com/sa?project=pc
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe, palmtranslator.downloader_HDSConfigure.ini.0.dr	String found in binary or memory: https://tj.nnxieli.com/sa?project=pc
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe, 00000000.00000002.2868959775.0000000001328000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tj.nnxieli.com/sa?project=pcata
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe, 00000000.00000002.2868959775.0000000001328000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tj.nnxieli.com/sa?project=pcrive

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009A7730 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_009A7730
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009A9F40 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetTickCount,_wcsstr,GetKeyState,		0_2_009A9F40

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00958470	0_2_00958470
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009B6570	0_2_009B6570
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009CA770	0_2_009CA770
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009D0A60	0_2_009D0A60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009C5410	0_2_009C5410
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00961580	0_2_00961580
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009A7790	0_2_009A7790
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009A3E10	0_2_009A3E10
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009B0080	0_2_009B0080
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_0099A0D0	0_2_0099A0D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A840F3	0_2_00A840F3
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A3E1E0	0_2_00A3E1E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00968220	0_2_00968220
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A7433A	0_2_00A7433A
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009D25C0	0_2_009D25C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A02500	0_2_00A02500
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009B0520	0_2_009B0520
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009CE6E0	0_2_009CE6E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009CC700	0_2_009CC700
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009F2770	0_2_009F2770
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A46800	0_2_00A46800
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009F2820	0_2_009F2820
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009C49E0	0_2_009C49E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009DE920	0_2_009DE920
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A6E970	0_2_00A6E970
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00996A20	0_2_00996A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009BEA20	0_2_009BEA20
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009DAA50	0_2_009DAA50
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_0096ABA0	0_2_0096ABA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009D8C80	0_2_009D8C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00962C50	0_2_00962C50
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A64D8D	0_2_00A64D8D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009EAE00	0_2_009EAE00
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A64FBC	0_2_00A64FBC
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00986FE0	0_2_00986FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009C0F70	0_2_009C0F70
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_0095F090	0_2_0095F090
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009CD160	0_2_009CD160
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A072F0	0_2_00A072F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_0096F3F0	0_2_0096F3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009BF480	0_2_009BF480
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009C34E0	0_2_009C34E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_0099D400	0_2_0099D400
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A417F0	0_2_00A417F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009CB9A0	0_2_009CB9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009919D0	0_2_009919D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A13BA0	0_2_00A13BA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A4FBE7	0_2_00A4FBE7
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A17CB0	0_2_00A17CB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A61CC0	0_2_00A61CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A21D20	0_2_00A21D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009C9D00	0_2_009C9D00
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009BDE50	0_2_009BDE50

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 009564B0 appears 57 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 00956940 appears 36 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 00956610 appears 44 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 00956720 appears 40 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 00A45E80 appears 37 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 00A45DD4 appears 67 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 00A423A4 appears 59 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 00A6C07E appears 51 times

PE file contains executable resources (Code or Archives)

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: Resource name: ZIPRES type: 7-zip archive data, version 0.3

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Binary or memory string: OriginalFilenamehQ vs SecuriteInfo.com.FileRepPup.24194.30525.exe

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus36.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_0099F790 GetDiskFreeSpaceExW,GetLocalTime,GetLastError,GetCurrentThreadId,GetCurrentProcessId,

0_2_0099F790

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_0096F1E0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,Process32NextW,lstrcmpW,lstrcmpW,Process32NextW,CloseHandle,

0_2_0096F1E0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_0099BD60 CoCreateInstance,GetLocalTime,GetCurrentThreadId,GetCurrentProcessId,GetLocalTime,GetCurrentThreadId,GetCurrentProcessId,CoFreeUnusedLibraries,

0_2_0099BD60

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_009B85C0 GetWindowLongW,SetWindowLongW,GetClientRect,SetWindowPos,FindResourceW,LoadResource,FreeResource,SizeofResource,LockResource,FreeResource,MessageBoxW,ExitProcess,

0_2_009B85C0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

File created: C:\Users\user\AppData\Local\HDLocal\

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Mutant created: \Sessions\1\BaseNamedObjects\D1A547DB89C0BC61_Installer_palmtranslator

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

ReversingLabs: Detection: 15%

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

String found in binary or memory: MonTueWedThuFriSatSunMondayTuesdayWednesdayThursdayFridaySaturdaySundayJanFebMarAprMayJunJulAugSepOctNovDec%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]%02d:%02d:%02d%02d:%02d0123456789LoadLibraryExA\/AddDllDirectory%d.%d.%d.%dschannel: SSL/TLS connection with %s port %hu (step 1/3)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: ws2help.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: textshaping.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

File written: C:\Users\user\AppData\Local\HDLocal\palmtranslator.downloader\palmtranslator.downloader_HDSConfigure.ini

Contains functionality to dynamically determine API calls

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static file information: File size 4092104 > 1048576

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x147600
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x23ce00

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: E:\jenkins_workspace\installer\src\Release\Installer.pdb source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_00A22560 GetModuleHandleA,GetProcAddress,_strpbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,

PE file contains sections with non-standard names

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A45DAE push ecx; ret		0_2_00A45DC1
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A45EC6 push ecx; ret		0_2_00A45ED9

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00958470 GetModuleFileNameW,PathStripPathW,PathRemoveFileSpecW,PathFileExistsW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,	0_2_00958470
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009723B0 PathRelativePathToW,GetPrivateProfileStringW,	0_2_009723B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009847A0 GetPrivateProfileStringA,	0_2_009847A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_0099E890 PathFileExistsW,GetPrivateProfileStringW,	0_2_0099E890

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009A7790 IsIconic,ScreenToClient,SendMessageW,SendMessageW,IsRectEmpty,IsIconic,GetTickCount,SendMessageW,_TrackMouseEvent,GetTickCount,SendMessageW,SetFocus,GetTickCount,SetFocus,GetTickCount,ReleaseCapture,GetTickCount,SetFocus,GetTickCount,ScreenToClient,GetTickCount,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,GetWindowRect,IsIconic,GetActiveWindow,PtInRect,SendMessageW,ScreenToClient,SendMessageW,GetTickCount,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetClientRect,SaveDC,GetWindow,GetWindowRect,MapWindowPoints,SetWindowOrgEx,SendMessageW,GetWindow,RestoreDC,	0_2_009A7790
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009A7790 IsIconic,ScreenToClient,SendMessageW,SendMessageW,IsRectEmpty,IsIconic,GetTickCount,SendMessageW,_TrackMouseEvent,GetTickCount,SendMessageW,SetFocus,GetTickCount,SetFocus,GetTickCount,ReleaseCapture,GetTickCount,SetFocus,GetTickCount,ScreenToClient,GetTickCount,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,GetWindowRect,IsIconic,GetActiveWindow,PtInRect,SendMessageW,ScreenToClient,SendMessageW,GetTickCount,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetClientRect,SaveDC,GetWindow,GetWindowRect,MapWindowPoints,SetWindowOrgEx,SendMessageW,GetWindow,RestoreDC,	0_2_009A7790
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009A7790 IsIconic,ScreenToClient,SendMessageW,SendMessageW,IsRectEmpty,IsIconic,GetTickCount,SendMessageW,_TrackMouseEvent,GetTickCount,SendMessageW,SetFocus,GetTickCount,SetFocus,GetTickCount,ReleaseCapture,GetTickCount,SetFocus,GetTickCount,ScreenToClient,GetTickCount,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,GetWindowRect,IsIconic,GetActiveWindow,PtInRect,SendMessageW,ScreenToClient,SendMessageW,GetTickCount,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetClientRect,SaveDC,GetWindow,GetWindowRect,MapWindowPoints,SetWindowOrgEx,SendMessageW,GetWindow,RestoreDC,	0_2_009A7790
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009B8A80 IsIconic,	0_2_009B8A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009B8D90 IsIconic,GetWindowRect,CreateRoundRectRgn,SetWindowRgn,DeleteObject,	0_2_009B8D90
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009B7560 GetWindowRect,GetParent,GetWindow,MonitorFromWindow,GetMonitorInfoW,IsIconic,GetWindowRect,SetWindowPos,	0_2_009B7560

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Process information set: NOOPENFILEERRORBOX

Found evasive API chain (date check)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

API coverage: 8.4 %

Uses the system / local time for branch decision (may execute only at specific dates)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_0095F090 GetLocalTime followed by cmp: cmp byte ptr [edi+000000e8h], bl and CTI: jne 0095F928h		0_2_0095F090
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A0D950 GetLocalTime followed by cmp: cmp eax, 1eh and CTI: ja 00A0F90Eh		0_2_00A0D950

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe, 00000000.00000002.2868959775.0000000001328000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

API call chain: ExitProcess graph end node

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_00A4646E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00A4646E

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_00A22560 GetModuleHandleA,GetProcAddress,_strpbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_00A72E8C mov eax, dword ptr fs:[00000030h]

0_2_00A72E8C

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_0096DCE0 SetUnhandledExceptionFilter,ReleaseMutex,CloseHandle,	0_2_0096DCE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A4646E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00A4646E
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A5D6C1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00A5D6C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A459C7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00A459C7

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_0099DC50 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_0099DC50

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_009CE5C0 cpuid

0_2_009CE5C0

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,		0_2_00984CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: GetLocaleInfoW,		0_2_00A77580

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_00968220 GetLocalTime,GetCurrentThreadId,GetCurrentProcessId,std::ios_base::_Ios_base_dtor,

0_2_00968220

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_00A4D54C GetVersionExW,Concurrency::details::platform::InitializeSystemFunctionPointers,Concurrency::details::WinRT::Initialize,__CxxThrowException@8,

0_2_00A4D54C

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_00A57DD4 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,

0_2_00A57DD4

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

ReversingLabs: Detection: 15%

Potential key logger detected (key state polling based)

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: E:\jenkins_workspace\installer\src\Release\Installer.pdb source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_00A15040 recv,

0_2_00A15040

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://ocsp.digicert.com0H
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://ocsp.digicert.com0I
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://tj2.sj
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://tj2.sjhfrj.com&&&X-HM-Time:X-HM-Credential:Content-Type:application/jsoncitycountry_code
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://tj2.sjhfrj.com/software/346
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://tj2.sjhfrj.com/software/346DownloadUrlInstallDownloadTypetrueIsCheckNetIsEnableAppSensors.dow
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe, 00000000.00000002.2868959775.0000000001320000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tj2.sjhfrj.com/software/346full.dll
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html#
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: https://tj.nnxieli.com/sa?project=my_project
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	String found in binary or memory: https://tj.nnxieli.com/sa?project=my_projecthttps://tj.nnxieli.com/sa?project=pc
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe, palmtranslator.downloader_HDSConfigure.ini.0.dr	String found in binary or memory: https://tj.nnxieli.com/sa?project=pc
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe, 00000000.00000002.2868959775.0000000001328000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tj.nnxieli.com/sa?project=pcata
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe, 00000000.00000002.2868959775.0000000001328000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tj.nnxieli.com/sa?project=pcrive

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009A7730 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_009A7730
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009A9F40 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetTickCount,_wcsstr,GetKeyState,		0_2_009A9F40

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00958470	0_2_00958470
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009B6570	0_2_009B6570
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009CA770	0_2_009CA770
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009D0A60	0_2_009D0A60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009C5410	0_2_009C5410
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00961580	0_2_00961580
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009A7790	0_2_009A7790
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009A3E10	0_2_009A3E10
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009B0080	0_2_009B0080
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_0099A0D0	0_2_0099A0D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A840F3	0_2_00A840F3
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A3E1E0	0_2_00A3E1E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00968220	0_2_00968220
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A7433A	0_2_00A7433A
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009D25C0	0_2_009D25C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A02500	0_2_00A02500
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009B0520	0_2_009B0520
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009CE6E0	0_2_009CE6E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009CC700	0_2_009CC700
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009F2770	0_2_009F2770
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A46800	0_2_00A46800
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009F2820	0_2_009F2820
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009C49E0	0_2_009C49E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009DE920	0_2_009DE920
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A6E970	0_2_00A6E970
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00996A20	0_2_00996A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009BEA20	0_2_009BEA20
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009DAA50	0_2_009DAA50
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_0096ABA0	0_2_0096ABA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009D8C80	0_2_009D8C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00962C50	0_2_00962C50
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A64D8D	0_2_00A64D8D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009EAE00	0_2_009EAE00
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A64FBC	0_2_00A64FBC
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00986FE0	0_2_00986FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009C0F70	0_2_009C0F70
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_0095F090	0_2_0095F090
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009CD160	0_2_009CD160
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A072F0	0_2_00A072F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_0096F3F0	0_2_0096F3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009BF480	0_2_009BF480
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009C34E0	0_2_009C34E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_0099D400	0_2_0099D400
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A417F0	0_2_00A417F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009CB9A0	0_2_009CB9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009919D0	0_2_009919D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A13BA0	0_2_00A13BA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A4FBE7	0_2_00A4FBE7
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A17CB0	0_2_00A17CB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A61CC0	0_2_00A61CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A21D20	0_2_00A21D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009C9D00	0_2_009C9D00
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009BDE50	0_2_009BDE50

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 009564B0 appears 57 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 00956940 appears 36 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 00956610 appears 44 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 00956720 appears 40 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 00A45E80 appears 37 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 00A45DD4 appears 67 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 00A423A4 appears 59 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: String function: 00A6C07E appears 51 times

PE file contains executable resources (Code or Archives)

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: Resource name: ZIPRES type: 7-zip archive data, version 0.3

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Binary or memory string: OriginalFilenamehQ vs SecuriteInfo.com.FileRepPup.24194.30525.exe

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus36.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_0099F790 GetDiskFreeSpaceExW,GetLocalTime,GetLastError,GetCurrentThreadId,GetCurrentProcessId,

0_2_0099F790

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_0096F1E0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,Process32NextW,lstrcmpW,lstrcmpW,Process32NextW,CloseHandle,

0_2_0096F1E0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_0099BD60 CoCreateInstance,GetLocalTime,GetCurrentThreadId,GetCurrentProcessId,GetLocalTime,GetCurrentThreadId,GetCurrentProcessId,CoFreeUnusedLibraries,

0_2_0099BD60

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_009B85C0 GetWindowLongW,SetWindowLongW,GetClientRect,SetWindowPos,FindResourceW,LoadResource,FreeResource,SizeofResource,LockResource,FreeResource,MessageBoxW,ExitProcess,

0_2_009B85C0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

File created: C:\Users\user\AppData\Local\HDLocal\

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Mutant created: \Sessions\1\BaseNamedObjects\D1A547DB89C0BC61_Installer_palmtranslator

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

ReversingLabs: Detection: 15%

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: ws2help.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Section loaded: textshaping.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

File written: C:\Users\user\AppData\Local\HDLocal\palmtranslator.downloader\palmtranslator.downloader_HDSConfigure.ini

Contains functionality to dynamically determine API calls

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static file information: File size 4092104 > 1048576

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x147600
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x23ce00

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: E:\jenkins_workspace\installer\src\Release\Installer.pdb source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.FileRepPup.24194.30525.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_00A22560 GetModuleHandleA,GetProcAddress,_strpbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,

PE file contains sections with non-standard names

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe

Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A45DAE push ecx; ret		0_2_00A45DC1
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A45EC6 push ecx; ret		0_2_00A45ED9

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00958470 GetModuleFileNameW,PathStripPathW,PathRemoveFileSpecW,PathFileExistsW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,	0_2_00958470
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009723B0 PathRelativePathToW,GetPrivateProfileStringW,	0_2_009723B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009847A0 GetPrivateProfileStringA,	0_2_009847A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_0099E890 PathFileExistsW,GetPrivateProfileStringW,	0_2_0099E890

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009A7790 IsIconic,ScreenToClient,SendMessageW,SendMessageW,IsRectEmpty,IsIconic,GetTickCount,SendMessageW,_TrackMouseEvent,GetTickCount,SendMessageW,SetFocus,GetTickCount,SetFocus,GetTickCount,ReleaseCapture,GetTickCount,SetFocus,GetTickCount,ScreenToClient,GetTickCount,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,GetWindowRect,IsIconic,GetActiveWindow,PtInRect,SendMessageW,ScreenToClient,SendMessageW,GetTickCount,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetClientRect,SaveDC,GetWindow,GetWindowRect,MapWindowPoints,SetWindowOrgEx,SendMessageW,GetWindow,RestoreDC,	0_2_009A7790
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009A7790 IsIconic,ScreenToClient,SendMessageW,SendMessageW,IsRectEmpty,IsIconic,GetTickCount,SendMessageW,_TrackMouseEvent,GetTickCount,SendMessageW,SetFocus,GetTickCount,SetFocus,GetTickCount,ReleaseCapture,GetTickCount,SetFocus,GetTickCount,ScreenToClient,GetTickCount,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,GetWindowRect,IsIconic,GetActiveWindow,PtInRect,SendMessageW,ScreenToClient,SendMessageW,GetTickCount,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetClientRect,SaveDC,GetWindow,GetWindowRect,MapWindowPoints,SetWindowOrgEx,SendMessageW,GetWindow,RestoreDC,	0_2_009A7790
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009A7790 IsIconic,ScreenToClient,SendMessageW,SendMessageW,IsRectEmpty,IsIconic,GetTickCount,SendMessageW,_TrackMouseEvent,GetTickCount,SendMessageW,SetFocus,GetTickCount,SetFocus,GetTickCount,ReleaseCapture,GetTickCount,SetFocus,GetTickCount,ScreenToClient,GetTickCount,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,GetWindowRect,IsIconic,GetActiveWindow,PtInRect,SendMessageW,ScreenToClient,SendMessageW,GetTickCount,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetClientRect,SaveDC,GetWindow,GetWindowRect,MapWindowPoints,SetWindowOrgEx,SendMessageW,GetWindow,RestoreDC,	0_2_009A7790
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009B8A80 IsIconic,	0_2_009B8A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009B8D90 IsIconic,GetWindowRect,CreateRoundRectRgn,SetWindowRgn,DeleteObject,	0_2_009B8D90
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_009B7560 GetWindowRect,GetParent,GetWindow,MonitorFromWindow,GetMonitorInfoW,IsIconic,GetWindowRect,SetWindowPos,	0_2_009B7560

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Process information set: NOOPENFILEERRORBOX

Found evasive API chain (date check)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

API coverage: 8.4 %

Uses the system / local time for branch decision (may execute only at specific dates)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_0095F090 GetLocalTime followed by cmp: cmp byte ptr [edi+000000e8h], bl and CTI: jne 0095F928h		0_2_0095F090
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe	Code function: 0_2_00A0D950 GetLocalTime followed by cmp: cmp eax, 1eh and CTI: ja 00A0F90Eh		0_2_00A0D950

Source: SecuriteInfo.com.FileRepPup.24194.30525.exe, 00000000.00000002.2868959775.0000000001328000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

API call chain: ExitProcess graph end node

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_00A4646E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00A4646E

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.24194.30525.exe

Code function: 0_2_00A22560 GetModuleHandleA,GetProcAddress,_strpbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,