Source: AvastSvc.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: AvastSvc.exe |
Static PE information: certificate valid |
Source: AvastSvc.exe |
Static PE information: DYNAMIC_BASE, FORCE_INTEGRITY, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: d:\Workspace\workspace\ProductionClients-ForRelease\AVBranding\avast\CONFIG\Release\label_exp\WinClient\BUILDS\Release\x86\wsc_proxy.pdb source: AvastSvc.exe |
Source: AvastSvc.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0 |
Source: AvastSvc.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: AvastSvc.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0 |
Source: AvastSvc.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0 |
Source: AvastSvc.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: AvastSvc.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: AvastSvc.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08 |
Source: AvastSvc.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: AvastSvc.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: AvastSvc.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: AvastSvc.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: AvastSvc.exe |
String found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0. |
Source: AvastSvc.exe |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: AvastSvc.exe |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: AvastSvc.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w |
Source: AvastSvc.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: AvastSvc.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: AvastSvc.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: AvastSvc.exe |
String found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L |
Source: AvastSvc.exe |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0B |
Source: AvastSvc.exe |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: AvastSvc.exe |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: AvastSvc.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: AvastSvc.exe |
String found in binary or memory: http://ocsp.digicert.com0I |
Source: AvastSvc.exe |
String found in binary or memory: http://ocsp.digicert.com0N |
Source: AvastSvc.exe |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: AvastSvc.exe |
String found in binary or memory: http://ocsp.digicert.com0P |
Source: AvastSvc.exe |
String found in binary or memory: http://www.avast.com0 |
Source: AvastSvc.exe |
String found in binary or memory: http://www.avast.com0/ |
Source: AvastSvc.exe |
String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: AvastSvc.exe |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: AvastSvc.exe, 00000000.00000002.1632241273.0000000000BB2000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamewsc_proxy.exeB vs AvastSvc.exe |
Source: AvastSvc.exe, 00000000.00000000.1631633603.0000000000BB2000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamewsc_proxy.exeB vs AvastSvc.exe |
Source: AvastSvc.exe |
Binary or memory string: OriginalFilenamewsc_proxy.exeB vs AvastSvc.exe |
Source: AvastSvc.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean2.winEXE@1/0@0/0 |
Source: AvastSvc.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\AvastSvc.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\AvastSvc.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\AvastSvc.exe |
Section loaded: wsc.dll |
Jump to behavior |
Source: AvastSvc.exe |
Static PE information: certificate valid |
Source: AvastSvc.exe |
Static PE information: DYNAMIC_BASE, FORCE_INTEGRITY, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: AvastSvc.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: d:\Workspace\workspace\ProductionClients-ForRelease\AVBranding\avast\CONFIG\Release\label_exp\WinClient\BUILDS\Release\x86\wsc_proxy.pdb source: AvastSvc.exe |
Source: C:\Users\user\Desktop\AvastSvc.exe |
Code function: 0_2_00BB1000 EntryPoint,LoadLibraryW,GetProcAddress,GetCommandLineW,FreeLibrary,GetLastError,FreeLibrary,GetLastError,ExitProcess, |
0_2_00BB1000 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\AvastSvc.exe |
Code function: 0_2_00BB1000 EntryPoint,LoadLibraryW,GetProcAddress,GetCommandLineW,FreeLibrary,GetLastError,FreeLibrary,GetLastError,ExitProcess, |
0_2_00BB1000 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |