Source: HyperThread.exe |
ReversingLabs: Detection: 34% |
Source: HyperThread.exe |
Virustotal: Detection: 37% |
Perma Link |
Source: HyperThread.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: HyperThread.exe |
Static PE information: section name: .i1* |
Source: HyperThread.exe |
Static PE information: section name: .#$r |
Source: classification engine |
Classification label: mal56.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\HyperThread.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: HyperThread.exe |
ReversingLabs: Detection: 34% |
Source: HyperThread.exe |
Virustotal: Detection: 37% |
Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: d3dcompiler_43.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: d3dx11_43.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: HyperThread.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: HyperThread.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: HyperThread.exe |
Static file information: File size 15065600 > 1048576 |
Source: HyperThread.exe |
Static PE information: Raw size of .#$r is bigger than: 0x100000 < 0xe5c400 |
Source: HyperThread.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: initial sample |
Static PE information: section where entry point is pointing to: .#$r |
Source: HyperThread.exe |
Static PE information: section name: .i1* |
Source: HyperThread.exe |
Static PE information: section name: .hi3 |
Source: HyperThread.exe |
Static PE information: section name: .#$r |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |