Windows Analysis Report
S34C65xU.exe

Overview

General Information

Sample name:	S34C65xU.exe
Analysis ID:	1428818
MD5:	1cd84bbd0b0dc7c19bedc0f5d292070b
SHA1:	68840931dfaf6652cec3165b79de3daa9c100b64
SHA256:	58ec960ce6f2f0c2f04fb70915767bb2caebf6a7b63411e92fbee6cc9e9bbad7
Infos:

Detection

Score:	39
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Compliance

Score:	48
Range:	0 - 100

Signatures

Machine Learning detection for sample

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Drops certificate files (DER)

Found evasive API chain (may stop execution after checking a module file name)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Machine Learning detection for sample

Source: S34C65xU.exe

Joe Sandbox ML: detected

Compliance

Uses 32bit PE files

Source: S34C65xU.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: S34C65xU.exe

Static PE information: certificate valid

Source: C:\Driver\Samsung_Driver_Installer.exe

File opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\MSVCR80.dll

Jump to behavior

Source: S34C65xU.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: UxTheme.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rsaenh.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: fastprox.pdbRSDS$ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rsaenh.pdbRSDS! source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptbase.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imagehlp.pdbRSDS y= source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcrypt.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: advapi32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ucrtbase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemcomn.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcrt.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: comctl32.pdbRSDS8 source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorjit.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Windows.Forms.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: crypt32.pdbRSDSii source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptsp.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: advapi32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: comctl32v582.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ws2_32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: CLBCatQ.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: profapi.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shlwapi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernel32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: userenv.pdbRSDSo source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msasn1.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorsec.pdbRSDSjw) source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: win32u.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WLDP.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcr80.AMD64.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoreei.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoree.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imm32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: oleaut32.pdbRSDS/ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ws2_32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcryptprimitives.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\Visual Studio 2019\Projects\MonitorDriverWinForms\obj\Debug\Samsung_Driver_Installer.pdbH source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcrt.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gpapi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imm32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ole32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: version.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernel32.pdbRSDSJ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Management.pdbRSDSv3i source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msasn1.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WindowsCodecs.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorlib.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\Visual Studio 2019\Projects\MonitorDriverWinForms\obj\Debug\Samsung_Driver_Installer.pdb source: S34C65xU.exe, 00000000.00000003.1110186783.0000000002912000.00000004.00000020.00020000.00000000.sdmp, WER3508.tmp.mdmp.5.dr, Samsung_Driver_Installer.exe.0.dr
Source:	Binary string: comctl32v582.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Kernel.Appcore.pdbRSDSX source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: DWrite.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Windows.Storage.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: combase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Drawing.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Management.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\Visual Studio 2019\Projects\MonitorDriverWinForms\obj\Debug\Samsung_Driver_Installer.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemprox.pdbRSDSo source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcr80.AMD64.pdbRSDSY source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: apphelp.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: user32.pdbRSDS(. source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernelbase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorlib.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rpcrt4.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32full.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: DWrite.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: UxTheme.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: win32u.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rpcrt4.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shcore.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcrypt.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gpapi.pdbRSDS+ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wmiutils.pdbRSDSk source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Windows.Storage.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shell32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoree.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcp_win.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: userenv.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcp_win.pdbRSDSO<+ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ntdll.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imagehlp.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32full.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorsec.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wmiutils.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdiplus.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorwks.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: profapi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WindowsCodecs.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: sechost.pdbRSDS2L source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WMINet_Utils.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ucrtbase.pdbRSDS:r source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: apphelp.pdbRSDSM source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WLDP.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorjit.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: sechost.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shcore.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shlwapi.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msctf.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernelbase.pdbRSDS" source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemcomn.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: fastprox.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemsvc.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msctf.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Amsi.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: version.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wintrust.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdiplus.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Drawing.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: user32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Kernel.Appcore.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ole32.pdbRSDS*= source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: CLBCatQ.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WMINet_Utils.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shell32.pdbRSDSE source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptbase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoreei.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcryptprimitives.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ntdll.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Amsi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: oleaut32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorwks.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wintrust.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemsvc.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: combase.pdbRSDSV source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptsp.pdbRSDS8 source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\KHK\Source\git\alzip-windows\alzip-windows.v11\ALZip\Bin\EGGSFX.pdb source: S34C65xU.exe, S34C65xU.exe, 00000000.00000002.1196845795.0000000000401000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: IconCodecService.pdbRSDS8 source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: comctl32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemprox.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: crypt32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: IconCodecService.pdb source: WER3508.tmp.mdmp.5.dr

Spreading

Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0040420F __EH_prolog3_GS,_memset,FindFirstFileW,RemoveDirectoryW,GetFileAttributesW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_0040420F
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00406766 __EH_prolog3_GS,GetDlgItem,_memset,GetWindowTextW,MessageBoxW,FindFirstFileW,MessageBoxW,FindClose,EndDialog,	0_2_00406766
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00406CB9 __EH_prolog3_GS,LoadIconW,SendMessageW,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,RtlEnterCriticalSection,RtlLeaveCriticalSection,_memset,FindFirstFileW,FindClose,_memset,PathCompactPathExW,SetWindowTextW,SetWindowTextW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,_memset,SHGetFileInfoW,SendMessageW,SendMessageW,SendMessageW,	0_2_00406CB9
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0042FC86 FindFirstFileW,GetLastError,FindClose,SHGetFileInfoW,SHGetFileInfoW,SHGetFileInfoW,SHGetFileInfoW,	0_2_0042FC86

Software Vulnerabilities

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Driver\Samsung_Driver_Installer.exe

Code function: 4x nop then jmp 00007FF9D1DB2955h

2_2_00007FF9D1DB1519

Networking

Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Amcache.hve.5.dr	String found in binary or memory: http://upx.sf.net
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

E-Banking Fraud

Drops certificate files (DER)

Source: C:\Users\user\Desktop\S34C65xU.exe	File created: C:\Driver\Manual_S34C65xU\S34C65xU.cat			Jump to dropped file
Source: C:\Users\user\Desktop\S34C65xU.exe	File created: C:\Driver\S34C65xU.cat			Jump to dropped file

System Summary

Detected potential crypto function

Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00410073	0_2_00410073
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00405E69	0_2_00405E69
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0043A060	0_2_0043A060
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0043A359	0_2_0043A359
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0040E300	0_2_0040E300
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0043830F	0_2_0043830F
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004323FD	0_2_004323FD
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004386CB	0_2_004386CB
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0043C762	0_2_0043C762
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004487AB	0_2_004487AB
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00434868	0_2_00434868
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0041082C	0_2_0041082C
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004408B0	0_2_004408B0
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0044095D	0_2_0044095D
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0045096C	0_2_0045096C
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00438A0F	0_2_00438A0F
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0044EA8B	0_2_0044EA8B
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00434A97	0_2_00434A97
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00438DB1	0_2_00438DB1
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00440E32	0_2_00440E32
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00438EB6	0_2_00438EB6
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0044EFCF	0_2_0044EFCF
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004390E4	0_2_004390E4
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004331B6	0_2_004331B6
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00441206	0_2_00441206
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0043D2DD	0_2_0043D2DD
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004112BA	0_2_004112BA
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0044F513	0_2_0044F513
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00441612	0_2_00441612
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0040F747	0_2_0040F747
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00441A32	0_2_00441A32
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00439A85	0_2_00439A85
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0040FB0D	0_2_0040FB0D
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0044FC0B	0_2_0044FC0B
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00433E23	0_2_00433E23
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00439EB2	0_2_00439EB2
Source: C:\Driver\Samsung_Driver_Installer.exe	Code function: 2_2_00007FF9D1DB0979	2_2_00007FF9D1DB0979

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: String function: 0044396C appears 43 times
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: String function: 00442764 appears 51 times
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: String function: 004426FB appears 221 times

One or more processes crash

Source: C:\Driver\Samsung_Driver_Installer.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4560 -s 1800

Sample file is different than original file name gathered from version info

Source: S34C65xU.exe, 00000000.00000003.1110186783.0000000002912000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSamsung_Driver_Installer.exeL vs S34C65xU.exe
Source: S34C65xU.exe, 00000000.00000003.1196372439.0000000000644000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSamsung_Driver_Installer.exeL vs S34C65xU.exe
Source: S34C65xU.exe, 00000000.00000000.1108134487.0000000000488000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameEGGSFX.sfx. vs S34C65xU.exe
Source: S34C65xU.exe, 00000000.00000002.1197126488.0000000000495000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameEGGSFX.sfx. vs S34C65xU.exe
Source: S34C65xU.exe	Binary or memory string: OriginalFilenameEGGSFX.sfx. vs S34C65xU.exe

Uses 32bit PE files

Source: S34C65xU.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus39.evad.winEXE@4/12@0/0

Source: C:\Driver\Samsung_Driver_Installer.exe	Mutant created: NULL
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4560

Source: C:\Windows\System32\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\729adeb0-488a-4a23-aa81-8d6b88d7ec51

Jump to behavior

Source: C:\Users\user\Desktop\S34C65xU.exe

Command line argument: KD

0_2_00444B30

Source: C:\Users\user\Desktop\S34C65xU.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\S34C65xU.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\S34C65xU.exe

File read: C:\Users\user\Desktop\S34C65xU.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\S34C65xU.exe "C:\Users\user\Desktop\S34C65xU.exe"
Source: C:\Users\user\Desktop\S34C65xU.exe	Process created: C:\Driver\Samsung_Driver_Installer.exe "C:\Driver\Samsung_Driver_Installer.exe"
Source: C:\Driver\Samsung_Driver_Installer.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4560 -s 1800
Source: C:\Users\user\Desktop\S34C65xU.exe	Process created: C:\Driver\Samsung_Driver_Installer.exe "C:\Driver\Samsung_Driver_Installer.exe"	Jump to behavior

Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: userenv.dll	Jump to behavior

Source: C:\Users\user\Desktop\S34C65xU.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Driver\Samsung_Driver_Installer.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dll

Jump to behavior

Source: S34C65xU.exe

Static PE information: certificate valid

Source: S34C65xU.exe

Static file information: File size 3593752 > 1048576

Source: C:\Driver\Samsung_Driver_Installer.exe

File opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\MSVCR80.dll

Jump to behavior

Source: S34C65xU.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: UxTheme.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rsaenh.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: fastprox.pdbRSDS$ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rsaenh.pdbRSDS! source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptbase.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imagehlp.pdbRSDS y= source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcrypt.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: advapi32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ucrtbase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemcomn.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcrt.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: comctl32.pdbRSDS8 source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorjit.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Windows.Forms.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: crypt32.pdbRSDSii source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptsp.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: advapi32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: comctl32v582.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ws2_32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: CLBCatQ.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: profapi.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shlwapi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernel32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: userenv.pdbRSDSo source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msasn1.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorsec.pdbRSDSjw) source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: win32u.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WLDP.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcr80.AMD64.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoreei.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoree.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imm32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: oleaut32.pdbRSDS/ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ws2_32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcryptprimitives.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\Visual Studio 2019\Projects\MonitorDriverWinForms\obj\Debug\Samsung_Driver_Installer.pdbH source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcrt.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gpapi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imm32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ole32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: version.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernel32.pdbRSDSJ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Management.pdbRSDSv3i source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msasn1.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WindowsCodecs.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorlib.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\Visual Studio 2019\Projects\MonitorDriverWinForms\obj\Debug\Samsung_Driver_Installer.pdb source: S34C65xU.exe, 00000000.00000003.1110186783.0000000002912000.00000004.00000020.00020000.00000000.sdmp, WER3508.tmp.mdmp.5.dr, Samsung_Driver_Installer.exe.0.dr
Source:	Binary string: comctl32v582.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Kernel.Appcore.pdbRSDSX source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: DWrite.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Windows.Storage.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: combase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Drawing.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Management.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\Visual Studio 2019\Projects\MonitorDriverWinForms\obj\Debug\Samsung_Driver_Installer.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemprox.pdbRSDSo source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcr80.AMD64.pdbRSDSY source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: apphelp.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: user32.pdbRSDS(. source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernelbase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorlib.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rpcrt4.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32full.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: DWrite.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: UxTheme.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: win32u.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rpcrt4.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shcore.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcrypt.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gpapi.pdbRSDS+ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wmiutils.pdbRSDSk source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Windows.Storage.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shell32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoree.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcp_win.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: userenv.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcp_win.pdbRSDSO<+ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ntdll.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imagehlp.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32full.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorsec.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wmiutils.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdiplus.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorwks.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: profapi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WindowsCodecs.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: sechost.pdbRSDS2L source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WMINet_Utils.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ucrtbase.pdbRSDS:r source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: apphelp.pdbRSDSM source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WLDP.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorjit.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: sechost.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shcore.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shlwapi.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msctf.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernelbase.pdbRSDS" source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemcomn.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: fastprox.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemsvc.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msctf.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Amsi.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: version.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wintrust.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdiplus.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Drawing.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: user32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Kernel.Appcore.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ole32.pdbRSDS*= source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: CLBCatQ.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WMINet_Utils.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shell32.pdbRSDSE source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptbase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoreei.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcryptprimitives.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ntdll.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Amsi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: oleaut32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorwks.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wintrust.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemsvc.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: combase.pdbRSDSV source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptsp.pdbRSDS8 source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\KHK\Source\git\alzip-windows\alzip-windows.v11\ALZip\Bin\EGGSFX.pdb source: S34C65xU.exe, S34C65xU.exe, 00000000.00000002.1196845795.0000000000401000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: IconCodecService.pdbRSDS8 source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: comctl32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemprox.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: crypt32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: IconCodecService.pdb source: WER3508.tmp.mdmp.5.dr

Data Obfuscation

Binary contains a suspicious time stamp

Source: Samsung_Driver_Installer.exe.0.dr

Static PE information: 0xC4A09AAF [Sun Jul 15 05:54:55 2074 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\S34C65xU.exe

Code function: 0_2_004136CA LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_004136CA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004427D3 push ecx; ret	0_2_004427E6
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004439B1 push ecx; ret	0_2_004439C4
Source: C:\Driver\Samsung_Driver_Installer.exe	Code function: 2_2_00007FF9D1DB4388 push EDE0B849h; retf	2_2_00007FF9D1DB43A8

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\S34C65xU.exe

File created: C:\Driver\Samsung_Driver_Installer.exe

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Driver\Samsung_Driver_Installer.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT

Jump to behavior

Source: C:\Users\user\Desktop\S34C65xU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Driver\Samsung_Driver_Installer.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity Where DeviceID Like 'DISPLAY%'

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Driver\Samsung_Driver_Installer.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_VideoController

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Driver\Samsung_Driver_Installer.exe	Memory allocated: F60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Memory allocated: 2C00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Memory allocated: 1AC00000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Users\user\Desktop\S34C65xU.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\Desktop\S34C65xU.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep

Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0040420F __EH_prolog3_GS,_memset,FindFirstFileW,RemoveDirectoryW,GetFileAttributesW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_0040420F
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00406766 __EH_prolog3_GS,GetDlgItem,_memset,GetWindowTextW,MessageBoxW,FindFirstFileW,MessageBoxW,FindClose,EndDialog,	0_2_00406766
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00406CB9 __EH_prolog3_GS,LoadIconW,SendMessageW,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,RtlEnterCriticalSection,RtlLeaveCriticalSection,_memset,FindFirstFileW,FindClose,_memset,PathCompactPathExW,SetWindowTextW,SetWindowTextW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,_memset,SHGetFileInfoW,SendMessageW,SendMessageW,SendMessageW,	0_2_00406CB9
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0042FC86 FindFirstFileW,GetLastError,FindClose,SHGetFileInfoW,SHGetFileInfoW,SHGetFileInfoW,SHGetFileInfoW,	0_2_0042FC86

Source: Amcache.hve.5.dr	Binary or memory string: VMware
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.5.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.5.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.5.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.5.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.5.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.5.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.5.dr	Binary or memory string: VMware-42 27 b8 c1 67 22 50 4e-8b 1e 52 5b b1 3b 4a 34
Source: Amcache.hve.5.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.5.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.5.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.5.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.5.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.5.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.5.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.5.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.5.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.5.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.5.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.5.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.5.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.5.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.5.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.5.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.5.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.5.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\S34C65xU.exe

API call chain: ExitProcess graph end node

Anti Debugging

Checks if the current process is being debugged

Source: C:\Driver\Samsung_Driver_Installer.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process queried: DebugPort			Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\S34C65xU.exe

Code function: 0_2_0043E025 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_0043E025

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\S34C65xU.exe

Code function: 0_2_004136CA LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_004136CA

Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0043E025 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0043E025
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00444D9E __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00444D9E
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00449993 SetUnhandledExceptionFilter,	0_2_00449993
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0043DE6E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0043DE6E

Source: C:\Driver\Samsung_Driver_Installer.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Contains functionality to launch a program with higher privileges

Source: C:\Users\user\Desktop\S34C65xU.exe

Code function: 0_2_00408E7F _wcslen,_memset,ShellExecuteExW,WaitForSingleObject,WaitForSingleObject,PeekMessageW,TranslateMessage,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,

0_2_00408E7F

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\S34C65xU.exe

Process created: C:\Driver\Samsung_Driver_Installer.exe "C:\Driver\Samsung_Driver_Installer.exe"

Jump to behavior

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\S34C65xU.exe

Code function: 0_2_0043A2F5 cpuid

0_2_0043A2F5

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: GetLocaleInfoA,		0_2_0044C1AE
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: GetLocaleInfoW,		0_2_0041F0FE

Queries the volume information (name, serial number etc) of a device

Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\S34C65xU.exe

Code function: 0_2_0043FA7B GetSystemTimeAsFileTime,__aulldiv,

0_2_0043FA7B

Source: C:\Users\user\Desktop\S34C65xU.exe

Code function: 0_2_00445936 __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,

0_2_00445936

Source: C:\Users\user\Desktop\S34C65xU.exe

Code function: 0_2_00405E69 __EH_prolog3_GS,GetVersion,MessageBoxW,PostMessageW,GetDlgItem,GetDlgItem,SendMessageW,GetDlgItem,SetWindowTextW,SetWindowTextW,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,GetDlgItem,SetWindowTextW,SetFocus,ShowWindow,KiUserCallbackDispatcher,EnableWindow,ShowWindow,GetDlgItem,GetDlgItem,SendMessageW,ShellExecuteW,SetWindowTextW,EnableWindow,SetTimer,PostMessageW,

0_2_00405E69

Source: C:\Driver\Samsung_Driver_Installer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

AV process strings found (often used to terminate AV products)

Source: Amcache.hve.5.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: MsMpEng.exe

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

AV Detection

Machine Learning detection for sample

Source: S34C65xU.exe

Joe Sandbox ML: detected

Compliance

Uses 32bit PE files

Source: S34C65xU.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: S34C65xU.exe

Static PE information: certificate valid

Source: C:\Driver\Samsung_Driver_Installer.exe

File opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\MSVCR80.dll

Jump to behavior

Source: S34C65xU.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: UxTheme.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rsaenh.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: fastprox.pdbRSDS$ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rsaenh.pdbRSDS! source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptbase.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imagehlp.pdbRSDS y= source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcrypt.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: advapi32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ucrtbase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemcomn.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcrt.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: comctl32.pdbRSDS8 source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorjit.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Windows.Forms.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: crypt32.pdbRSDSii source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptsp.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: advapi32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: comctl32v582.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ws2_32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: CLBCatQ.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: profapi.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shlwapi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernel32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: userenv.pdbRSDSo source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msasn1.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorsec.pdbRSDSjw) source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: win32u.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WLDP.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcr80.AMD64.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoreei.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoree.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imm32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: oleaut32.pdbRSDS/ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ws2_32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcryptprimitives.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\Visual Studio 2019\Projects\MonitorDriverWinForms\obj\Debug\Samsung_Driver_Installer.pdbH source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcrt.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gpapi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imm32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ole32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: version.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernel32.pdbRSDSJ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Management.pdbRSDSv3i source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msasn1.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WindowsCodecs.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorlib.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\Visual Studio 2019\Projects\MonitorDriverWinForms\obj\Debug\Samsung_Driver_Installer.pdb source: S34C65xU.exe, 00000000.00000003.1110186783.0000000002912000.00000004.00000020.00020000.00000000.sdmp, WER3508.tmp.mdmp.5.dr, Samsung_Driver_Installer.exe.0.dr
Source:	Binary string: comctl32v582.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Kernel.Appcore.pdbRSDSX source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: DWrite.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Windows.Storage.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: combase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Drawing.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Management.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\Visual Studio 2019\Projects\MonitorDriverWinForms\obj\Debug\Samsung_Driver_Installer.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemprox.pdbRSDSo source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcr80.AMD64.pdbRSDSY source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: apphelp.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: user32.pdbRSDS(. source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernelbase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorlib.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rpcrt4.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32full.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: DWrite.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: UxTheme.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: win32u.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rpcrt4.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shcore.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcrypt.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gpapi.pdbRSDS+ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wmiutils.pdbRSDSk source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Windows.Storage.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shell32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoree.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcp_win.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: userenv.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcp_win.pdbRSDSO<+ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ntdll.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imagehlp.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32full.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorsec.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wmiutils.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdiplus.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorwks.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: profapi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WindowsCodecs.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: sechost.pdbRSDS2L source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WMINet_Utils.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ucrtbase.pdbRSDS:r source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: apphelp.pdbRSDSM source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WLDP.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorjit.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: sechost.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shcore.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shlwapi.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msctf.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernelbase.pdbRSDS" source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemcomn.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: fastprox.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemsvc.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msctf.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Amsi.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: version.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wintrust.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdiplus.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Drawing.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: user32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Kernel.Appcore.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ole32.pdbRSDS*= source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: CLBCatQ.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WMINet_Utils.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shell32.pdbRSDSE source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptbase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoreei.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcryptprimitives.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ntdll.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Amsi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: oleaut32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorwks.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wintrust.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemsvc.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: combase.pdbRSDSV source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptsp.pdbRSDS8 source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\KHK\Source\git\alzip-windows\alzip-windows.v11\ALZip\Bin\EGGSFX.pdb source: S34C65xU.exe, S34C65xU.exe, 00000000.00000002.1196845795.0000000000401000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: IconCodecService.pdbRSDS8 source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: comctl32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemprox.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: crypt32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: IconCodecService.pdb source: WER3508.tmp.mdmp.5.dr

Spreading

Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0040420F __EH_prolog3_GS,_memset,FindFirstFileW,RemoveDirectoryW,GetFileAttributesW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_0040420F
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00406766 __EH_prolog3_GS,GetDlgItem,_memset,GetWindowTextW,MessageBoxW,FindFirstFileW,MessageBoxW,FindClose,EndDialog,	0_2_00406766
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00406CB9 __EH_prolog3_GS,LoadIconW,SendMessageW,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,RtlEnterCriticalSection,RtlLeaveCriticalSection,_memset,FindFirstFileW,FindClose,_memset,PathCompactPathExW,SetWindowTextW,SetWindowTextW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,_memset,SHGetFileInfoW,SendMessageW,SendMessageW,SendMessageW,	0_2_00406CB9
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0042FC86 FindFirstFileW,GetLastError,FindClose,SHGetFileInfoW,SHGetFileInfoW,SHGetFileInfoW,SHGetFileInfoW,	0_2_0042FC86

Software Vulnerabilities

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Driver\Samsung_Driver_Installer.exe

Code function: 4x nop then jmp 00007FF9D1DB2955h

2_2_00007FF9D1DB1519

Networking

Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Amcache.hve.5.dr	String found in binary or memory: http://upx.sf.net
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: S34C65xU.exe, Samsung_Driver_Installer.exe.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Samsung_Driver_Installer.exe, 00000002.00000002.1192644366.000000001CD02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

E-Banking Fraud

Drops certificate files (DER)

Source: C:\Users\user\Desktop\S34C65xU.exe	File created: C:\Driver\Manual_S34C65xU\S34C65xU.cat			Jump to dropped file
Source: C:\Users\user\Desktop\S34C65xU.exe	File created: C:\Driver\S34C65xU.cat			Jump to dropped file

System Summary

Detected potential crypto function

Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00410073	0_2_00410073
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00405E69	0_2_00405E69
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0043A060	0_2_0043A060
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0043A359	0_2_0043A359
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0040E300	0_2_0040E300
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0043830F	0_2_0043830F
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004323FD	0_2_004323FD
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004386CB	0_2_004386CB
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0043C762	0_2_0043C762
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004487AB	0_2_004487AB
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00434868	0_2_00434868
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0041082C	0_2_0041082C
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004408B0	0_2_004408B0
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0044095D	0_2_0044095D
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0045096C	0_2_0045096C
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00438A0F	0_2_00438A0F
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0044EA8B	0_2_0044EA8B
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00434A97	0_2_00434A97
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00438DB1	0_2_00438DB1
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00440E32	0_2_00440E32
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00438EB6	0_2_00438EB6
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0044EFCF	0_2_0044EFCF
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004390E4	0_2_004390E4
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004331B6	0_2_004331B6
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00441206	0_2_00441206
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0043D2DD	0_2_0043D2DD
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004112BA	0_2_004112BA
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0044F513	0_2_0044F513
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00441612	0_2_00441612
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0040F747	0_2_0040F747
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00441A32	0_2_00441A32
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00439A85	0_2_00439A85
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0040FB0D	0_2_0040FB0D
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0044FC0B	0_2_0044FC0B
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00433E23	0_2_00433E23
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00439EB2	0_2_00439EB2
Source: C:\Driver\Samsung_Driver_Installer.exe	Code function: 2_2_00007FF9D1DB0979	2_2_00007FF9D1DB0979

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: String function: 0044396C appears 43 times
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: String function: 00442764 appears 51 times
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: String function: 004426FB appears 221 times

One or more processes crash

Source: C:\Driver\Samsung_Driver_Installer.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4560 -s 1800

Sample file is different than original file name gathered from version info

Source: S34C65xU.exe, 00000000.00000003.1110186783.0000000002912000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSamsung_Driver_Installer.exeL vs S34C65xU.exe
Source: S34C65xU.exe, 00000000.00000003.1196372439.0000000000644000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSamsung_Driver_Installer.exeL vs S34C65xU.exe
Source: S34C65xU.exe, 00000000.00000000.1108134487.0000000000488000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameEGGSFX.sfx. vs S34C65xU.exe
Source: S34C65xU.exe, 00000000.00000002.1197126488.0000000000495000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameEGGSFX.sfx. vs S34C65xU.exe
Source: S34C65xU.exe	Binary or memory string: OriginalFilenameEGGSFX.sfx. vs S34C65xU.exe

Uses 32bit PE files

Source: S34C65xU.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus39.evad.winEXE@4/12@0/0

Source: C:\Driver\Samsung_Driver_Installer.exe	Mutant created: NULL
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4560

Source: C:\Windows\System32\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\729adeb0-488a-4a23-aa81-8d6b88d7ec51

Jump to behavior

Source: C:\Users\user\Desktop\S34C65xU.exe

Command line argument: KD

0_2_00444B30

Source: C:\Users\user\Desktop\S34C65xU.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\S34C65xU.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\S34C65xU.exe

File read: C:\Users\user\Desktop\S34C65xU.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\S34C65xU.exe "C:\Users\user\Desktop\S34C65xU.exe"
Source: C:\Users\user\Desktop\S34C65xU.exe	Process created: C:\Driver\Samsung_Driver_Installer.exe "C:\Driver\Samsung_Driver_Installer.exe"
Source: C:\Driver\Samsung_Driver_Installer.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4560 -s 1800
Source: C:\Users\user\Desktop\S34C65xU.exe	Process created: C:\Driver\Samsung_Driver_Installer.exe "C:\Driver\Samsung_Driver_Installer.exe"	Jump to behavior

Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\S34C65xU.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Section loaded: userenv.dll	Jump to behavior

Source: C:\Users\user\Desktop\S34C65xU.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Driver\Samsung_Driver_Installer.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dll

Jump to behavior

Source: S34C65xU.exe

Static PE information: certificate valid

Source: S34C65xU.exe

Static file information: File size 3593752 > 1048576

Source: C:\Driver\Samsung_Driver_Installer.exe

File opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\MSVCR80.dll

Jump to behavior

Source: S34C65xU.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: UxTheme.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rsaenh.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: fastprox.pdbRSDS$ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rsaenh.pdbRSDS! source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptbase.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imagehlp.pdbRSDS y= source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcrypt.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: advapi32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ucrtbase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemcomn.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcrt.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: comctl32.pdbRSDS8 source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorjit.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Windows.Forms.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: crypt32.pdbRSDSii source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptsp.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: advapi32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: comctl32v582.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ws2_32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: CLBCatQ.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: profapi.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shlwapi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernel32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: userenv.pdbRSDSo source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msasn1.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorsec.pdbRSDSjw) source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: win32u.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WLDP.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcr80.AMD64.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoreei.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoree.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imm32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: oleaut32.pdbRSDS/ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ws2_32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcryptprimitives.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\Visual Studio 2019\Projects\MonitorDriverWinForms\obj\Debug\Samsung_Driver_Installer.pdbH source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcrt.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gpapi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imm32.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ole32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: version.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernel32.pdbRSDSJ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Management.pdbRSDSv3i source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msasn1.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WindowsCodecs.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorlib.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\Visual Studio 2019\Projects\MonitorDriverWinForms\obj\Debug\Samsung_Driver_Installer.pdb source: S34C65xU.exe, 00000000.00000003.1110186783.0000000002912000.00000004.00000020.00020000.00000000.sdmp, WER3508.tmp.mdmp.5.dr, Samsung_Driver_Installer.exe.0.dr
Source:	Binary string: comctl32v582.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Kernel.Appcore.pdbRSDSX source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: DWrite.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Windows.Storage.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: combase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Drawing.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Management.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\Visual Studio 2019\Projects\MonitorDriverWinForms\obj\Debug\Samsung_Driver_Installer.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemprox.pdbRSDSo source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcr80.AMD64.pdbRSDSY source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: apphelp.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: user32.pdbRSDS(. source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernelbase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorlib.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rpcrt4.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32full.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: DWrite.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: UxTheme.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: win32u.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: rpcrt4.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shcore.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcrypt.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gpapi.pdbRSDS+ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wmiutils.pdbRSDSk source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Windows.Storage.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shell32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoree.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcp_win.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: userenv.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msvcp_win.pdbRSDSO<+ source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ntdll.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: imagehlp.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32full.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorsec.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wmiutils.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdiplus.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorwks.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdi32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: profapi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WindowsCodecs.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: sechost.pdbRSDS2L source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WMINet_Utils.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ucrtbase.pdbRSDS:r source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: apphelp.pdbRSDSM source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WLDP.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorjit.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: sechost.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shcore.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shlwapi.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msctf.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: kernelbase.pdbRSDS" source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemcomn.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: fastprox.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemsvc.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: msctf.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Amsi.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: version.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wintrust.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: gdiplus.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Drawing.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: user32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Kernel.Appcore.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ole32.pdbRSDS*= source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: CLBCatQ.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: WMINet_Utils.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: shell32.pdbRSDSE source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptbase.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscoreei.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: bcryptprimitives.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: ntdll.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: Amsi.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: oleaut32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: mscorwks.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wintrust.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemsvc.pdbRSDS source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: combase.pdbRSDSV source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: cryptsp.pdbRSDS8 source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: D:\KHK\Source\git\alzip-windows\alzip-windows.v11\ALZip\Bin\EGGSFX.pdb source: S34C65xU.exe, S34C65xU.exe, 00000000.00000002.1196845795.0000000000401000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: IconCodecService.pdbRSDS8 source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: comctl32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: wbemprox.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: crypt32.pdb source: WER3508.tmp.mdmp.5.dr
Source:	Binary string: IconCodecService.pdb source: WER3508.tmp.mdmp.5.dr

Data Obfuscation

Binary contains a suspicious time stamp

Source: Samsung_Driver_Installer.exe.0.dr

Static PE information: 0xC4A09AAF [Sun Jul 15 05:54:55 2074 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\S34C65xU.exe

Code function: 0_2_004136CA LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_004136CA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004427D3 push ecx; ret	0_2_004427E6
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_004439B1 push ecx; ret	0_2_004439C4
Source: C:\Driver\Samsung_Driver_Installer.exe	Code function: 2_2_00007FF9D1DB4388 push EDE0B849h; retf	2_2_00007FF9D1DB43A8

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\S34C65xU.exe

File created: C:\Driver\Samsung_Driver_Installer.exe

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Driver\Samsung_Driver_Installer.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT

Jump to behavior

Source: C:\Users\user\Desktop\S34C65xU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Driver\Samsung_Driver_Installer.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity Where DeviceID Like 'DISPLAY%'

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Driver\Samsung_Driver_Installer.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_VideoController

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Driver\Samsung_Driver_Installer.exe	Memory allocated: F60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Memory allocated: 2C00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Memory allocated: 1AC00000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Users\user\Desktop\S34C65xU.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\Desktop\S34C65xU.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep

Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0040420F __EH_prolog3_GS,_memset,FindFirstFileW,RemoveDirectoryW,GetFileAttributesW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_0040420F
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00406766 __EH_prolog3_GS,GetDlgItem,_memset,GetWindowTextW,MessageBoxW,FindFirstFileW,MessageBoxW,FindClose,EndDialog,	0_2_00406766
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00406CB9 __EH_prolog3_GS,LoadIconW,SendMessageW,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,RtlEnterCriticalSection,RtlLeaveCriticalSection,_memset,FindFirstFileW,FindClose,_memset,PathCompactPathExW,SetWindowTextW,SetWindowTextW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetWindowTextW,SetWindowTextW,SetWindowTextW,SetWindowTextW,_memset,SHGetFileInfoW,SendMessageW,SendMessageW,SendMessageW,	0_2_00406CB9
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0042FC86 FindFirstFileW,GetLastError,FindClose,SHGetFileInfoW,SHGetFileInfoW,SHGetFileInfoW,SHGetFileInfoW,	0_2_0042FC86

Source: Amcache.hve.5.dr	Binary or memory string: VMware
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.5.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.5.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.5.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.5.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.5.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.5.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.5.dr	Binary or memory string: VMware-42 27 b8 c1 67 22 50 4e-8b 1e 52 5b b1 3b 4a 34
Source: Amcache.hve.5.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.5.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.5.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.5.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.5.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.5.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.5.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.5.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.5.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.5.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.5.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.5.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.5.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.5.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.5.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.5.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.5.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.5.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\S34C65xU.exe

API call chain: ExitProcess graph end node

Anti Debugging

Checks if the current process is being debugged

Source: C:\Driver\Samsung_Driver_Installer.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Process queried: DebugPort			Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\S34C65xU.exe

Code function: 0_2_0043E025 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_0043E025

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\S34C65xU.exe

Code function: 0_2_004136CA LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_004136CA

Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0043E025 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0043E025
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00444D9E __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00444D9E
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_00449993 SetUnhandledExceptionFilter,	0_2_00449993
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: 0_2_0043DE6E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0043DE6E

Source: C:\Driver\Samsung_Driver_Installer.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Contains functionality to launch a program with higher privileges

Source: C:\Users\user\Desktop\S34C65xU.exe

Code function: 0_2_00408E7F _wcslen,_memset,ShellExecuteExW,WaitForSingleObject,WaitForSingleObject,PeekMessageW,TranslateMessage,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,

0_2_00408E7F

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\S34C65xU.exe

Process created: C:\Driver\Samsung_Driver_Installer.exe "C:\Driver\Samsung_Driver_Installer.exe"

Jump to behavior

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\S34C65xU.exe

Code function: 0_2_0043A2F5 cpuid

0_2_0043A2F5

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: GetLocaleInfoA,		0_2_0044C1AE
Source: C:\Users\user\Desktop\S34C65xU.exe	Code function: GetLocaleInfoW,		0_2_0041F0FE

Queries the volume information (name, serial number etc) of a device

Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Driver\Samsung_Driver_Installer.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\S34C65xU.exe

Code function: 0_2_0043FA7B GetSystemTimeAsFileTime,__aulldiv,

0_2_0043FA7B

Source: C:\Users\user\Desktop\S34C65xU.exe

0_2_00445936

Source: C:\Users\user\Desktop\S34C65xU.exe

0_2_00405E69

Source: C:\Driver\Samsung_Driver_Installer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

AV process strings found (often used to terminate AV products)

Source: Amcache.hve.5.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: MsMpEng.exe

ID:	1428818
Product:	CloudBasic
Start time:	17:00:12
Start date:	19.04.2024
Sample:	S34C65xU.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	1cd84bbd0b0dc7c19bedc0f5d292070b
SHA1:	68840931dfaf6652cec3165b79de3daa9c100b64
SHA256:	58ec960ce6f2f0c2f04fb70915767bb2caebf6a7b63411e92fbee6cc9e9bbad7
Filetype:	Win32 Executable (generic) a (10002005/4) 99.39%

Name	Type	MD5	SHA1	SHA256
C:\Driver\Manual_S34C65xU\S34C65xU.cat	data	4A1FD4ED8362D1C313C20893F0F438D8	FB2E9085857D12852E715E12DB1D6EB20962F9A4	83B3563350106F5217C401C17CCA42B7D547604BCE40D9BFACB1EF65A2A5672F
C:\Driver\Manual_S34C65xU\S34C65xU.icm	Microsoft color profile 2.2, RGB/XYZ-mntr device by SEC, 536 bytes, 14-3-2017 13:56:00, PCS, 0x3030303030303030 MD5 "Samsung S27C90xP"	6C345E7641695AA518D305FE0D24694D	17AF3229602735A26469D267E66D65B2E6352E97	AF8DC473F567F0885738F44AD02122C8CA27BBDEC1D7D77B74F4044A2762A591
C:\Driver\Manual_S34C65xU\S34C65xU.inf	Windows setup INFormation	F5EF5F497119CE33CC67885EBC562AE6	5EAE1EC3DC740BE244DFDDAB667423BC873932FD	35768E8E4FD77DA64EC94A00AA842C224321F89690ABC5316372B289B09B6B49
C:\Driver\S34C65xU.cat	data	4A1FD4ED8362D1C313C20893F0F438D8	FB2E9085857D12852E715E12DB1D6EB20962F9A4	83B3563350106F5217C401C17CCA42B7D547604BCE40D9BFACB1EF65A2A5672F
C:\Driver\S34C65xU.icm	Microsoft color profile 2.2, RGB/XYZ-mntr device by SEC, 536 bytes, 14-3-2017 13:56:00, PCS, 0x3030303030303030 MD5 "Samsung S27C90xP"	6C345E7641695AA518D305FE0D24694D	17AF3229602735A26469D267E66D65B2E6352E97	AF8DC473F567F0885738F44AD02122C8CA27BBDEC1D7D77B74F4044A2762A591
C:\Driver\S34C65xU.inf	Windows setup INFormation	F5EF5F497119CE33CC67885EBC562AE6	5EAE1EC3DC740BE244DFDDAB667423BC873932FD	35768E8E4FD77DA64EC94A00AA842C224321F89690ABC5316372B289B09B6B49
C:\Driver\Samsung_Driver_Installer.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	15770FC2AC6D46F841CB5B8E3C453F32	271BFDACFBF864A5A42E4E99C8687BD7E76B6381	9E81D01ACF9F8FBAB2D551668B29A8E6F0017EE79D651BD3320BF0E51282CC5A
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Samsung_Driver_I_8eed55e27c43b9c57636aa58c88d2e557d153d1_0cdd0738_c03bf17d-4e1a-409e-83ae-3bc1cc2052fe\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	CDF213E8902C90D195DDCF9D1A1973DB	A85EDEA62173510C5436296221540C47E247619A	9AC2858EDE5C233203D76D0C2B14CF21F2E8D77E8795053FDC5797040E72F9B9
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3508.tmp.mdmp	Mini DuMP crash report, 15 streams, Fri Apr 19 15:00:44 2024, 0x260521 type	1918906E12A8CE66B71ACCE2DFBD7F7F	ADDC953860B92C7D067D4F2F5F9193585C33E688	5A0F3137FDB0E3701C6A88FFEFE7C99BBFC1AA241E5D33D2A055C041E67F8FFF
C:\ProgramData\Microsoft\Windows\WER\Temp\WER38E1.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	951ED134794E45BD675F1C8DCA7B4DE7	1BCCA6DF83BEB427383395646A086BAD477D2AD5	511DB32EE7DCE4A608329F86ED7EF9B0CE62FA49E3B71AB8558D0E235230B339
C:\ProgramData\Microsoft\Windows\WER\Temp\WER394F.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	7817A2D847C9603AA0A2545F5EC6DC20	28D9331035BBB3D463C09F3A1353CA22364331EA	D9C29B8663BD3E5C6882F9EF4337353947BD3A87172A443F95BD7834E2314109
C:\Windows\appcompat\Programs\Amcache.hve	MS Windows registry file, NT/2000 or above	894A2492CC19B45C0A6170D6C0466F49	3AF211C76608543CBBC047D60951421EFF97051E	F75D556D92508DF486B1CB84174E82233D5722432BCDE3333B5C27866A6E31C0

Windows Analysis Report S34C65xU.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
S34C65xU.exe