Windows Analysis Report
SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe

Overview

General Information

Sample name: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
Analysis ID: 1428726
MD5: d5f317dc88e71e133b8b4f547e7762a8
SHA1: 867e8e1790faf642b680e84dc128bf51842a5350
SHA256: 9d694811b5c1915fcebbe45352118cbfc22737e95aba2c2acc69667f7f7e7a34
Tags: exe
Infos:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe ReversingLabs: Detection: 13%
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.4:49730 -> 51.75.19.11:3306
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /download/versionhistoryforcreatorpricelist.txt HTTP/1.1User-Agent: BovSoftUploadHost: ttc.bovsoft.com
Source: unknown DNS traffic detected: queries for: bovsoft.com
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://autodielyvm.sk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://autodielyvm.sk/inshop/scripts/shop.aspx?ClearSearch=1&action=DoTecDocSearch&searchcode=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://autodily-hk.cz/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://autodily-hk.cz/?searchInput=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://chastite.bg/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://chastite.bg/search/?q=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://eshop.autocentrumm.sk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://eshop.autocentrumm.sk/partscatalogue/0
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://eshop.autotechna.sk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://eshop.autotechna.sk/Search/Number?number=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://pointgear.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://pointgear.de/autoteile/teile-g10001.html?q=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2914375591.00000000029D0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2914375591.0000000002A2F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ttc.bovsoft.com/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://ttc.bovsoft.com/buy.html#buycreatorpricelistopen
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://ttc.bovsoft.com/download/ExportPriceLists.exe
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://ttc.bovsoft.com/download/versionhistoryforcreatorpricelist.txt
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2913434906.00000000009C6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ttc.bovsoft.com/download/versionhistoryforcreatorpricelist.txt$uF
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2913434906.00000000009C6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ttc.bovsoft.com/download/versionhistoryforcreatorpricelist.txtSs
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://ttc.bovsoft.com/download/versionhistoryforcreatorpricelist.txtopenU
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://ttc.bovsoft.com/download/versionhistoryforcreatorpricelist.txtopenj
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://ttc.bovsoft.com/index.html#exporterpricelistsDVarFileInfo$
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2914375591.00000000029D0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ttc.bovsoft.com/ownload/versionhistoryforcreatorpricelist.txt
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://ttc.bovsoft.com/service/getcodefor_creatorpricelist.php?email=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.auto-doc.at/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.auto-doc.at/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.auto-doc.fr/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.auto-doc.fr/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.auto-doc.it/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.auto-doc.it/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.auto-doc.pt/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.auto-doc.pt/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.auto-onderdelenexpert.nl/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.auto-onderdelenexpert.nl/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.auto-onderdelenshop.be/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.auto-onderdelenshop.be/zoeken?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodielygafa.sk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodielygafa.sk/inshop/scripts/shop.aspx?ClearSearch=1&action=DoTecDocSearch&searchcode=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodielyonline24.sk
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodielyonline24.sk/spares-search.html?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.be/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.be/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.bg/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.bg/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.co.no/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.co.no/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.co.uk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.co.uk/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.cz/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.cz/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.de/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.dk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.dk/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.ee/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.ee/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.es/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.es/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.fi/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.fi/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.gr/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.gr/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.hu/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.hu/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.lt/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.lt/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.lu/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.lu/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.lv/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.lv/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.nl/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.nl/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.pl/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.pl/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.se/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.se/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.si/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.si/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.sk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc.sk/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc24.ro/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autodoc24.ro/search?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autokarma.ro/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autokarma.ro/cautare-dupa-cod-produs?search=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autonvaraosatpro.fi/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autonvaraosatpro.fi/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autoteiledirekt.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autoteiledirekt.de/suche.html?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autoteilemann.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autoteilemann.de/catalogsearch/result/?q=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autoteileprofi.at/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autoteileprofi.at/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autoteileprofi.ch/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autoteileprofi.ch/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autoteileprofi.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.autoteileprofi.de/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.benl.ebay.be/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.benl.ebay.be/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.bildelarexpert.se/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.bildelarexpert.se/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.bildeleekspert.dk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.bildeleekspert.dk/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.bildelerekspert.co.no/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.bildelerekspert.co.no/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.comco.sk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.comco.sk/vyhladavanie-a7?q=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.at/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.at/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.ch/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.ch/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.co.uk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.co.uk/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.com/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.com/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.de/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.ie/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.ie/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.it/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.it/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.nl/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.ebay.nl/sch/i.html?_nkw=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.espertoautoricambi.it/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.espertoautoricambi.it/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.expertautopecas.pt/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.expertautopecas.pt/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.expertoautorecambios.es/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.expertoautorecambios.es/ersatzteile-suche?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.fifoautoshop.sk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.fifoautoshop.sk/cautare_articol/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.maxxparts.gr/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.maxxparts.gr/antallaktika/search?s=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.at/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.at/de/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.be/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.be/fr/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.bg/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.bg/bg/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.ch/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.ch/de/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.co.uk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.co.uk/en/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.com/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.com/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.cz/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.cz/cs/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.de/de/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.dk/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.dk/da/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.es/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.es/es/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.fi/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.fi/fi/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.gf/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.gf/fr/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.gp/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.gp/fr/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.gr/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.gr/el/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.hu/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.hu/hu/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.ie/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.ie/en/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.it/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.it/it/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.lu/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.lu/fr/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.mq/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.mq/fr/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.nl/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.nl/fl/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.no/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.no/no/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.pt/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.pt/pt/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.re/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.re/fr/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.ro/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.ro/ro/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.se/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.mister-auto.se/sv/search_s_refoem_
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.onparts.gr/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.onparts.gr/antallaktika/search?s=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.oscaro.es/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.oscaro.es/Catalog/PartsList/Find?toFind=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.piecesauto-pro.fr/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.piecesauto-pro.fr/part-finder?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.piecesauto24.com/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.piecesauto24.com/rechercher?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.piecesautopro.be/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.piecesautopro.be/part-finder?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.recambiosviaweb.com/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.recambiosviaweb.com/referencia.html?ref=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.reservedeler24.co.no/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.reservedeler24.co.no/suche.html?keyword=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.yakarouler.com/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: http://www.yakarouler.com/recherche?q=
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: https://www.atp-autoteile.de/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: https://www.atp-autoteile.de/products/id/0/
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: https://www.autohut.ro
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: https://www.autohut.ro/piese-auto?c=
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000000.1659457918.000000000072D000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameL vs SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2914375591.00000000029D0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameNOTEPAD.EXE.MUIj% vs SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2914375591.00000000029D0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameNOTEPAD.EXEj% vs SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2914711204.0000000004320000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameL vs SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Binary or memory string: OriginalFilenameL vs SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engine Classification label: mal56.winEXE@3/3@2/1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe File created: C:\Users\user\Desktop\ExporterPriceLists.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000000.1658999797.0000000000401000.00000020.00000001.01000000.00000003.sdmp Binary or memory string: select DISTINCT CAST(LNG_ID AS VARCHAR(*)) as lngid, (LNG_ISO2) as name from TOF_LANGUAGES where LNG_ISO2 IS NOT NULL and LNG_ISO2 <> '' ORDER BY lngid;
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000000.1658999797.0000000000401000.00000020.00000001.01000000.00000003.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS `CLIENT` (`ID` int(11) NOT NULL AUTO_INCREMENT, `EMAIL` varchar(100) NOT NULL, `SECURKEY` varchar(100) NOT NULL DEFAULT '', `KEYDATA` datetime DEFAULT NULL, `BALLS` int(11) NOT NULL DEFAULT '0', `CONNECT` int(11) NOT NULL DEFAULT '0', PRIMARY KEY (`ID`), KEY `EMAIL_SECURKEY` (`EMAIL`, `SECURKEY`), KEY `KEYDATA` (`KEYDATA`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000000.1658999797.0000000000401000.00000020.00000001.01000000.00000003.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS `CONNECT` (`ID_CLIENT` int(11) NOT NULL DEFAULT '0', `IP` varchar(30) NOT NULL, `DATA_FOR_DEMO` datetime DEFAULT NULL, KEY `IP` (`IP`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe ReversingLabs: Detection: 13%
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: NATS-SEFI-ADD
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: NATS-DANO-ADD
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: JIS_C6229-1984-b-add
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: jp-ocr-b-add
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: JIS_C6229-1984-hand-add
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: jp-ocr-hand-add
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: ISO_6937-2-add
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe String found in binary or memory: . Re-start program
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Process created: C:\Windows\SysWOW64\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\help.txt
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Process created: C:\Windows\SysWOW64\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\help.txt Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: libeay32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: ssleay32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: libssl32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: efswrt.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe File written: C:\Users\user\Desktop\ExporterPriceLists.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Window found: window name: TComboBox Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Static file information: File size 3392000 > 1048576
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2bf200
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Static PE information: section name: .didata
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Queries keyboard layouts
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 Jump to behavior
Source: SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2913434906.000000000093E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe, 00000000.00000002.2913434906.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe Process created: C:\Windows\SysWOW64\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\help.txt Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\SysWOW64\notepad.exe Queries volume information: C:\Users\user\Desktop\help.txt VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1428726 Sample: SecuriteInfo.com.Trojan-Dow... Startdate: 19/04/2024 Architecture: WINDOWS Score: 56 12 ttc.bovsoft.com 2->12 14 bovsoft.com 2->14 18 Antivirus / Scanner detection for submitted sample 2->18 20 Multi AV Scanner detection for submitted file 2->20 7 SecuriteInfo.com.Trojan-Downloader.Win32.Banload.9643.12431.exe 3 9 2->7         started        signatures3 process4 dnsIp5 16 ttc.bovsoft.com 51.75.19.11, 3306, 49730, 49731 OVHFR France 7->16 10 notepad.exe 7->10         started        process6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
51.75.19.11
 bovsoft.com France
16276 OVHFR false

Contacted Domains

Name IP Active
bovsoft.com 51.75.19.11 true
ttc.bovsoft.com 51.75.19.11 true