Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
ReversingLabs: Detection: 18% |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: |
Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF771904150 FindFirstFileExA, |
0_2_00007FF771904150 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718DDDB0 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError, |
0_2_00007FF7718DDDB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718F3000 EndDialog,GetDlgItem,SetDlgItemTextW,FindFirstFileW,swprintf,SetDlgItemTextW,FindClose,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW, |
0_2_00007FF7718F3000 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718D903C: wcscpy,CreateFileW,CloseHandle,wcscpy,wcscpy,CreateDirectoryW,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW, |
0_2_00007FF7718D903C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718D42C4 |
0_2_00007FF7718D42C4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718F23F0 |
0_2_00007FF7718F23F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718E2550 |
0_2_00007FF7718E2550 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718E5008 |
0_2_00007FF7718E5008 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718E9AFC |
0_2_00007FF7718E9AFC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718D5A30 |
0_2_00007FF7718D5A30 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF771906290 |
0_2_00007FF771906290 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718E71AC |
0_2_00007FF7718E71AC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718E39C4 |
0_2_00007FF7718E39C4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718E0120 |
0_2_00007FF7718E0120 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF771900CDC |
0_2_00007FF771900CDC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718D7C4C |
0_2_00007FF7718D7C4C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718E3394 |
0_2_00007FF7718E3394 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718E9378 |
0_2_00007FF7718E9378 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718D370C |
0_2_00007FF7718D370C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718E4704 |
0_2_00007FF7718E4704 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718ECE2C |
0_2_00007FF7718ECE2C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718ED650 |
0_2_00007FF7718ED650 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718D2E60 |
0_2_00007FF7718D2E60 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718F0DAC |
0_2_00007FF7718F0DAC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718DADE8 |
0_2_00007FF7718DADE8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718D55F8 |
0_2_00007FF7718D55F8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718FCD18 |
0_2_00007FF7718FCD18 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718F353C |
0_2_00007FF7718F353C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718E2D78 |
0_2_00007FF7718E2D78 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718D78E4 |
0_2_00007FF7718D78E4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718D903C |
0_2_00007FF7718D903C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718E9060 |
0_2_00007FF7718E9060 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718E8858 |
0_2_00007FF7718E8858 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF771903F44 |
0_2_00007FF771903F44 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF771906760 |
0_2_00007FF771906760 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718FCF94 |
0_2_00007FF7718FCF94 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718E9790 |
0_2_00007FF7718E9790 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF771909F68 |
0_2_00007FF771909F68 |
Source: classification engine |
Classification label: sus36.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718D8AD4 GetLastError,FormatMessageW, |
0_2_00007FF7718D8AD4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718F0C0C FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree, |
0_2_00007FF7718F0C0C |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
File read: C:\Windows\win.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
ReversingLabs: Detection: 18% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
File read: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: <pi-ms-win-core-synch-l1-2-0.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: <pi-ms-win-core-synch-l1-2-0.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: <pi-ms-win-core-localization-l1-2-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: dxgidebug.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Automated click: OK |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static file information: File size 2311022 > 1048576 |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: section name: .didat |
Source: SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Static PE information: section name: _RDATA |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF771904150 FindFirstFileExA, |
0_2_00007FF771904150 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718DDDB0 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError, |
0_2_00007FF7718DDDB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718F3000 EndDialog,GetDlgItem,SetDlgItemTextW,FindFirstFileW,swprintf,SetDlgItemTextW,FindClose,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW,swprintf,SetDlgItemTextW, |
0_2_00007FF7718F3000 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718F5F78 VirtualQuery,GetSystemInfo, |
0_2_00007FF7718F5F78 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718FBB94 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF7718FBB94 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7719051D0 GetProcessHeap, |
0_2_00007FF7719051D0 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718FBB94 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF7718FBB94 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718F7388 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF7718F7388 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718F756C SetUnhandledExceptionFilter, |
0_2_00007FF7718F756C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718F6894 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF7718F6894 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718E4E78 cpuid |
0_2_00007FF7718E4E78 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: GetLocaleInfoW,GetNumberFormatW, |
0_2_00007FF7718F18DC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718F5334 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,CloseHandle, |
0_2_00007FF7718F5334 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.570962.17867.6737.exe |
Code function: 0_2_00007FF7718DEB40 GetVersionExW, |
0_2_00007FF7718DEB40 |