| Source: HyperThread.exe |
ReversingLabs: Detection: 34% |
| Source: HyperThread.exe |
Virustotal: Detection: 37% |
Perma Link |
| Source: HyperThread.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Source: HyperThread.exe |
Static PE information: section name: .i1* |
| Source: HyperThread.exe |
Static PE information: section name: .#$r |
| Source: classification engine |
Classification label: mal56.winEXE@1/0@0/0 |
| Source: C:\Users\user\Desktop\HyperThread.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
| Source: HyperThread.exe |
ReversingLabs: Detection: 34% |
| Source: HyperThread.exe |
Virustotal: Detection: 37% |
| Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: d3d11.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: d3dcompiler_43.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: d3dx11_43.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: dxgi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\HyperThread.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
| Source: HyperThread.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
| Source: HyperThread.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
| Source: HyperThread.exe |
Static file information: File size 15065600 > 1048576 |
| Source: HyperThread.exe |
Static PE information: Raw size of .#$r is bigger than: 0x100000 < 0xe5c400 |
| Source: HyperThread.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Source: initial sample |
Static PE information: section where entry point is pointing to: .#$r |
| Source: HyperThread.exe |
Static PE information: section name: .i1* |
| Source: HyperThread.exe |
Static PE information: section name: .hi3 |
| Source: HyperThread.exe |
Static PE information: section name: .#$r |
| Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
| Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet