Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Static PE information: certificate valid |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_00405D07 FindFirstFileA,FindClose, |
0_2_00405D07 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA, |
0_2_00405331 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_0040263E FindFirstFileA, |
0_2_0040263E |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
String found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
String found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0 |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0 |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
String found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0 |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_Error |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
String found in binary or memory: http://ocsps.ssl.com0 |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
String found in binary or memory: http://ocsps.ssl.com0? |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
String found in binary or memory: http://sslcom.crl.certum.pl/ctnca.crl0s |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
String found in binary or memory: http://sslcom.ocsp-certum.com08 |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
String found in binary or memory: http://sslcom.repository.certum.pl/ctnca.cer0: |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
String found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0 |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
String found in binary or memory: https://www.certum.pl/CPS0 |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
String found in binary or memory: https://www.ssl.com/repository0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_00404EE8 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_00404EE8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_004030FA EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess, |
0_2_004030FA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_00406128 |
0_2_00406128 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_004046F9 |
0_2_004046F9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_004068FF |
0_2_004068FF |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean4.winEXE@1/1@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_004041FC GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, |
0_2_004041FC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_00402020 CoCreateInstance,MultiByteToWideChar, |
0_2_00402020 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
File created: C:\Users\user\AppData\Local\Temp\nsf620B.tmp |
Jump to behavior |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
Jump to behavior |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Static PE information: certificate valid |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_00405D2E GetModuleHandleA,LoadLibraryA,GetProcAddress, |
0_2_00405D2E |
Source: SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Static PE information: real checksum: 0xe26bd should be: 0xe2b3d |
Source: System.dll.0.dr |
Static PE information: real checksum: 0x0 should be: 0xa27d |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_10002A10 push eax; ret |
0_2_10002A3E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
File created: C:\Users\user\AppData\Local\Temp\nsf620C.tmp\System.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf620C.tmp\System.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_00405D07 FindFirstFileA,FindClose, |
0_2_00405D07 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA, |
0_2_00405331 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_0040263E FindFirstFileA, |
0_2_0040263E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_00405D2E GetModuleHandleA,LoadLibraryA,GetProcAddress, |
0_2_00405D2E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71996476.31717.4987.exe |
Code function: 0_2_00405A2E GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA, |
0_2_00405A2E |