Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Code function: 0_2_00402C5C Sleep,GetAsyncKeyState, |
0_2_00402C5C |
Source: SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Static PE information: Number of sections : 16 > 10 |
Source: classification engine |
Classification label: clean2.winEXE@2/0@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Code function: 0_2_00401656 CreateToolhelp32Snapshot,strcmp,_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc,_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc,_ZNSolsEPFRSoS_E,exit, |
0_2_00401656 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7504:120:WilError_03 |
Source: SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe" |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Section loaded: libgcc_s_sjlj-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Section loaded: libstdc++-6.dll |
Jump to behavior |
Source: SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Static PE information: section name: .xdata |
Source: SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Static PE information: section name: /4 |
Source: SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Static PE information: section name: /19 |
Source: SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Static PE information: section name: /31 |
Source: SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Static PE information: section name: /45 |
Source: SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Static PE information: section name: /57 |
Source: SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Static PE information: section name: /70 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Code function: 0_2_00403420 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort, |
0_2_00403420 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Code function: 0_2_004048A1 SetUnhandledExceptionFilter, |
0_2_004048A1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Code function: 0_2_0040C3E8 SetUnhandledExceptionFilter,Sleep, |
0_2_0040C3E8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Code function: 0_2_00401180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_cexit,_initterm,GetStartupInfoA, |
0_2_00401180 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Zmem.13051.25997.exe |
Code function: 0_2_00403340 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, |
0_2_00403340 |