Source: kL1iGwj1Iu.exe |
ReversingLabs: Detection: 82% |
Source: kL1iGwj1Iu.exe |
Virustotal: Detection: 67% |
Perma Link |
Source: kL1iGwj1Iu.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll |
Jump to behavior |
Source: kL1iGwj1Iu.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: kL1iGwj1Iu.exe, 00000000.00000000.1654186321.00000000004C4000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameA vs kL1iGwj1Iu.exe |
Source: kL1iGwj1Iu.exe, 00000000.00000002.1656056615.000000000092E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamemscorwks.dllT vs kL1iGwj1Iu.exe |
Source: kL1iGwj1Iu.exe |
Binary or memory string: OriginalFilenameA vs kL1iGwj1Iu.exe |
Source: kL1iGwj1Iu.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal60.winEXE@1/1@0/0 |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
File created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\kL1iGwj1Iu.exe.log |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Mutant created: NULL |
Source: kL1iGwj1Iu.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: kL1iGwj1Iu.exe |
Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83% |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: kL1iGwj1Iu.exe |
ReversingLabs: Detection: 82% |
Source: kL1iGwj1Iu.exe |
Virustotal: Detection: 67% |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
Jump to behavior |
Source: kL1iGwj1Iu.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll |
Jump to behavior |
Source: kL1iGwj1Iu.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Memory allocated: E60000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Memory allocated: 2B30000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Memory allocated: 4B30000 memory commit | memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe TID: 6744 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\kL1iGwj1Iu.exe |
Memory allocated: page read and write | page guard |
Jump to behavior |