Source: PROFOMA INVOICE-2024-0419 .exe |
Avira: detected |
Source: PROFOMA INVOICE-2024-0419 .exe |
ReversingLabs: Detection: 57% |
Source: PROFOMA INVOICE-2024-0419 .exe |
Joe Sandbox ML: detected |
Source: PROFOMA INVOICE-2024-0419 .exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: 8cb03cfb-750e-41f5-9111-95ff37f34e9b<Module>costura.costura.dll.compressedcostura.dotnetzip.dll.compressedcostura.dotnetzip.pdb.compressedcostura.protobuf-net.dll.compressedNlswidup.g.resourcesaR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources% source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: Nlswidup.pdb source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000012B71000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3274205812.000000001B330000.00000004.08000000.00040000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: costura.dotnetzip.pdb.compressed source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: Nlswidup.pdb( source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000012B71000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3274205812.000000001B330000.00000004.08000000.00040000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: costura.dotnetzip.pdb.compressed source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: @costura.dotnetzip.pdb.compressed source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdbSHA256}Lq source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013504000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270171709.00000000028C0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdb source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013504000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270171709.00000000028C0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: /home/jskinner/.release_build/build/gn/lto_win_x64/subl.pdb source: PROFOMA INVOICE-2024-0419 .exe |
Source: |
Binary string: costura.dotnetzip.pdb.compressed2 source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp |
Source: unknown |
DNS query: name: pukrilug.duckdns.org |
Source: global traffic |
TCP traffic: 192.168.2.5:49705 -> 150.114.84.125:7702 |
Source: Joe Sandbox View |
ASN Name: KDDIKDDICORPORATIONJP KDDIKDDICORPORATIONJP |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
DNS traffic detected: queries for: pukrilug.duckdns.org |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crt0 |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crl0N |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crl0 |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: http://ocsp.digicert.com0W |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://archive.torproject.org/tor-package-archive/torbrowser/13.0.9/tor-expert-bundle-windows-i686- |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013504000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270171709.00000000028C0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/mgravell/protobuf-net |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013504000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270171709.00000000028C0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/mgravell/protobuf-netJ |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013504000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270171709.00000000028C0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/mgravell/protobuf-neti |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013504000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270171709.00000000028C0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/q/11564914/23354; |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013504000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270171709.00000000028C0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/q/14436606/23354 |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013504000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270171709.00000000028C0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/q/2152978/23354 |
Source: PROFOMA INVOICE-2024-0419 .exe, Program.cs |
Large array initialization: Main: array initializer size 851020 |
Source: initial sample |
Static PE information: Filename: PROFOMA INVOICE-2024-0419 .exe |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Code function: 0_2_00007FF848FD1C41 |
0_2_00007FF848FD1C41 |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000012B71000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameNlswidup.dll" vs PROFOMA INVOICE-2024-0419 .exe |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs PROFOMA INVOICE-2024-0419 .exe |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000000.2028015937.00000000006B4000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameEgttcbp.exe" vs PROFOMA INVOICE-2024-0419 .exe |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013504000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs PROFOMA INVOICE-2024-0419 .exe |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3274205812.000000001B330000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameNlswidup.dll" vs PROFOMA INVOICE-2024-0419 .exe |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameNlswidup.dll" vs PROFOMA INVOICE-2024-0419 .exe |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs PROFOMA INVOICE-2024-0419 .exe |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270171709.00000000028C0000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs PROFOMA INVOICE-2024-0419 .exe |
Source: PROFOMA INVOICE-2024-0419 .exe |
Binary or memory string: OriginalFilenameEgttcbp.exe" vs PROFOMA INVOICE-2024-0419 .exe |
Source: PROFOMA INVOICE-2024-0419 .exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.13248cd0.6.raw.unpack, rn2hy1KD9WvlWJ206dY.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.13248cd0.6.raw.unpack, rn2hy1KD9WvlWJ206dY.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.13248cd0.6.raw.unpack, rn2hy1KD9WvlWJ206dY.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b330000.9.raw.unpack, rn2hy1KD9WvlWJ206dY.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b330000.9.raw.unpack, rn2hy1KD9WvlWJ206dY.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b330000.9.raw.unpack, rn2hy1KD9WvlWJ206dY.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: classification engine |
Classification label: mal96.troj.evad.winEXE@1/0@2/1 |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Mutant created: NULL |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Mutant created: \Sessions\1\BaseNamedObjects\3773f709858a89ca |
Source: PROFOMA INVOICE-2024-0419 .exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: PROFOMA INVOICE-2024-0419 .exe |
Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80% |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: PROFOMA INVOICE-2024-0419 .exe |
ReversingLabs: Detection: 57% |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: --launch-or-new-window |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: bodycy--staysgibrightgraysgiverylightgraysgilightgraysgimediumgraydimgraysgiverydarkgraysgidarkgraylightslategraydarkslategrayoverlaykOverlaydisplayposition.ypxtexture_boxsand boxUnixSkPixelRef::lockPixelsMutexaccent_tint_indexInvalid background palette index/IndexwbxPackages/Rails/Ruby on Rails.sublime-syntaxPackages/Rails/Ruby Haml.sublime-syntaxPackages/ASP/HTML-ASP.sublime-syntaxPackages/JavaScript/JSON.sublime-syntaxPackages/JSON/JSON.sublime-syntaxPackages/Rails/HAML.sublime-syntaxPackages/Rails/Ruby (Rails).sublime-syntaxPackages/Java/Java Server Pages (JSP).sublime-syntaxPackages/Java/HTML (JSP).sublime-syntaxPackages/ASP/HTML (ASP).sublime-syntax#%02x%02x%02x<dt>Color:</dt><dd>0xSkModeColorFilter: color: 0xposition.xswrwsk_throwtable_rowtree_rowUninitialized rowsnowlightyellowgreenyellowlightgoldenrodyellowannotation_popup_windowhtml_popup_windowauto_complete_window--launch-or-new-window--new-windowright_shadowleft_shadowtop_shadowbottom_shadowwarm shadowLowhoneydewsvlvgvperuqulukuiuhugueuLu |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: /Installed Packages |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: classkeyword length must be 1 - 79 characterspspatternscannot parse partitionszh-Hanssmstoo many length or distance symbolsWidth is too large for libpng to process pixelsToo much data in IDAT chunksisinvalid stored block lengthsbad code lengthssettingsgray cliffspearly gatescapturesbeginCapturesendCaptures/resfileTypesexcludeTrailingNewlinesTimesValid palette required for paletted images/Packages/Installed Packagestoo many codescsbsConsolasAntiAliasMissing IHDR before pHYsMissing IHDR before oFFsApplication was compiled with png.h from libpng-%.20sApplication is running with png.c from libpng-%.20s%s:%-3d %slibpng error: %slibpng warning: %s mode: %sconvolveAlpha: %srrect-blurrects-blurtrsrfilter_font_descriptorbad Image DescriptorInvalid operatorzlib failed to initialize compressormirrorzlib memory errorbuffer errorunknown errorUnknown errorzlib version errorzlib failed to initialize compressor -- version errorzlib failed to initialize compressor -- mem errorzlib failed to initialize compressor -- stream errorUnknown zlib errorCRC errorNo ErrorDecompression ErrorWrite ErrorParse ErrorRead Errorshadow_colorviewport_colorborder_colorlink_colormonospace_colormonospace_background_colorborder-right-colorborder-left-colorborder-colorborder-top-colorborder-bottom-colorbackground-colorOverrideColorkXormr |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: --help |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: --help |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: brvarregular RegularSkArithmeticMode_scalarkClearsq!q../../../third_party/skia/src/ports/SkFontMgr_win_dw.cpp../../../third_party/skia/src/ports/SkTypeface_win_dw.cpp../../../third_party/skia/src/core/SkDraw.cpp../../../third_party/skia/src/core/SkBitmapController.cpp../../../third_party/skia/src/images/SkPNGImageEncoder.cpp../../../third_party/skia/src/core/SkRasterClip.cpp../../../third_party/skia/src/core/SkAAClip.cpp../../../third_party/skia/src/core/SkMipMap.cpp../../../third_party/skia/src/core/SkPath.cpp../../../third_party/skia/src/core/SkPathMeasure.cpp../../../third_party/skia/src/core/SkLinearBitmapPipeline.cpp../../../third_party/skia/src/core/SkDevice.cpp../../../third_party/skia/src/core/SkTextBlob.cpp../../../third_party/skia/src/core/SkData.cpp../../../third_party/skia/src/core/SkBlitter_ARGB32.cppborder-topmargin-toppadding-topkDstATopkSrcATop.%x%d.tmpclamp--helppapayawhipnowrapbitmapmipmaptab_overlap%ptomatosogainsboroSetting negative gamma to zeroZeromolokoindigofoeoborosybrownsandybrownsaddlebrownaz-Latnjv-Latnsu-Latnms-LatnkColorBurnfar horizontab_close_buttoncrimsonmaroonlightsalmondarksalmonsgisalmonUnknown exceptioninvalid string positionCall to NULL write functionCall to NULL read functionsaturationSaturationtext-decorationInvalid OperationsymbolIndexTransformationsymbolTransformationkExclusion/Options/Session.sublime-sessionPNG file corrupted by ASCII conversion--versionlemonchiffonnnknmoccasinultrathinultra-thinultra thinbox_margincontent_margininner_marginbeginplainAttempted to set both read_data_fn and write_data_fn intext-alignkLightenlinenbad SOS lenbad DNL lenkDarkenInvalid tokenyellowgreenforestgreenlightgreenlawngreendarkgreenmediumspringgreendarkolivegreenlimegreenpalegreenlightseagreenmediumseagreendarkseagreenkScreenhiddenbnlightcyandarkcyancarmel tanromankDstInkSrcInplummediumMediumIgnoreTransformIgnoreXformborder-bottommargin-bottompadding-bottomkmmax_margin_trimsystemlist-itemremoutofmem |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: brvarregular RegularSkArithmeticMode_scalarkClearsq!q../../../third_party/skia/src/ports/SkFontMgr_win_dw.cpp../../../third_party/skia/src/ports/SkTypeface_win_dw.cpp../../../third_party/skia/src/core/SkDraw.cpp../../../third_party/skia/src/core/SkBitmapController.cpp../../../third_party/skia/src/images/SkPNGImageEncoder.cpp../../../third_party/skia/src/core/SkRasterClip.cpp../../../third_party/skia/src/core/SkAAClip.cpp../../../third_party/skia/src/core/SkMipMap.cpp../../../third_party/skia/src/core/SkPath.cpp../../../third_party/skia/src/core/SkPathMeasure.cpp../../../third_party/skia/src/core/SkLinearBitmapPipeline.cpp../../../third_party/skia/src/core/SkDevice.cpp../../../third_party/skia/src/core/SkTextBlob.cpp../../../third_party/skia/src/core/SkData.cpp../../../third_party/skia/src/core/SkBlitter_ARGB32.cppborder-topmargin-toppadding-topkDstATopkSrcATop.%x%d.tmpclamp--helppapayawhipnowrapbitmapmipmaptab_overlap%ptomatosogainsboroSetting negative gamma to zeroZeromolokoindigofoeoborosybrownsandybrownsaddlebrownaz-Latnjv-Latnsu-Latnms-LatnkColorBurnfar horizontab_close_buttoncrimsonmaroonlightsalmondarksalmonsgisalmonUnknown exceptioninvalid string positionCall to NULL write functionCall to NULL read functionsaturationSaturationtext-decorationInvalid OperationsymbolIndexTransformationsymbolTransformationkExclusion/Options/Session.sublime-sessionPNG file corrupted by ASCII conversion--versionlemonchiffonnnknmoccasinultrathinultra-thinultra thinbox_margincontent_margininner_marginbeginplainAttempted to set both read_data_fn and write_data_fn intext-alignkLightenlinenbad SOS lenbad DNL lenkDarkenInvalid tokenyellowgreenforestgreenlightgreenlawngreendarkgreenmediumspringgreendarkolivegreenlimegreenpalegreenlightseagreenmediumseagreendarkseagreenkScreenhiddenbnlightcyandarkcyancarmel tanromankDstInkSrcInplummediumMediumIgnoreTransformIgnoreXformborder-bottommargin-bottompadding-bottomkmmax_margin_trimsystemlist-itemremoutofmem |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: --add |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: idgdAutohintedIgnoring extra png_read_update_info() call; row buffer not reallocatedmediumvioletredpalevioletredindianreddarkredorangeredUndefinedconnect_to_namedFrame setup faileddecode image failedbase64 decode failedInvalid sRGB rendering intent specifiedInvalid number of transparent colors specifiedInvalid number of histogram entries specifiedInvalid sBIT depth specifiedInvalid image color type specifiedInvalid filter type specifiedInvalid compression type specifiedInvalid interlace type specifiedfaded--add" could not be used with direct write, using gdi instead |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: --launch-or-new-window: Only open a new window if the application is open |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: -a or --add: Add folders to the current window |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: -h or --help: Show help (this message) and exit |
Source: PROFOMA INVOICE-2024-0419 .exe |
String found in binary or memory: -h or --help: Show help (this message) and exit |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll |
Jump to behavior |
Source: PROFOMA INVOICE-2024-0419 .exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: PROFOMA INVOICE-2024-0419 .exe |
Static file information: File size 3473984 > 1048576 |
Source: PROFOMA INVOICE-2024-0419 .exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: PROFOMA INVOICE-2024-0419 .exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: 8cb03cfb-750e-41f5-9111-95ff37f34e9b<Module>costura.costura.dll.compressedcostura.dotnetzip.dll.compressedcostura.dotnetzip.pdb.compressedcostura.protobuf-net.dll.compressedNlswidup.g.resourcesaR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources% source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: Nlswidup.pdb source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000012B71000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3274205812.000000001B330000.00000004.08000000.00040000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: costura.dotnetzip.pdb.compressed source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: Nlswidup.pdb( source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000012B71000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3274205812.000000001B330000.00000004.08000000.00040000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: costura.dotnetzip.pdb.compressed source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: @costura.dotnetzip.pdb.compressed source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdbSHA256}Lq source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013504000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270171709.00000000028C0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdb source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013504000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp, PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270171709.00000000028C0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: /home/jskinner/.release_build/build/gn/lto_win_x64/subl.pdb source: PROFOMA INVOICE-2024-0419 .exe |
Source: |
Binary string: costura.dotnetzip.pdb.compressed2 source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.13248cd0.6.raw.unpack, rn2hy1KD9WvlWJ206dY.cs |
.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)}) |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b330000.9.raw.unpack, rn2hy1KD9WvlWJ206dY.cs |
.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)}) |
Source: PROFOMA INVOICE-2024-0419 .exe, Program.cs |
.Net Code: Main System.Reflection.Assembly.Load(byte[]) |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b330000.9.raw.unpack, AssemblyLoader.cs |
.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[]) |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.28c0000.1.raw.unpack, TypeModel.cs |
.Net Code: TryDeserializeList |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.28c0000.1.raw.unpack, ListDecorator.cs |
.Net Code: Read |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.28c0000.1.raw.unpack, TypeSerializer.cs |
.Net Code: CreateInstance |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.28c0000.1.raw.unpack, TypeSerializer.cs |
.Net Code: EmitCreateInstance |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.28c0000.1.raw.unpack, TypeSerializer.cs |
.Net Code: EmitCreateIfNull |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b440000.10.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b330000.9.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.133f2340.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.13248cd0.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.3274703681.000000001B440000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: PROFOMA INVOICE-2024-0419 .exe PID: 5572, type: MEMORYSTR |
Source: PROFOMA INVOICE-2024-0419 .exe |
Static PE information: 0xA913349D [Fri Nov 21 02:42:37 2059 UTC] |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Code function: 0_2_00007FF848F21A90 pushad ; ret |
0_2_00007FF848F21BB1 |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Code function: 0_2_00007FF848F21AF3 pushad ; ret |
0_2_00007FF848F21BB1 |
Source: PROFOMA INVOICE-2024-0419 .exe |
Static PE information: section name: .text entropy: 7.9991319058900325 |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.13248cd0.6.raw.unpack, rn2hy1KD9WvlWJ206dY.cs |
High entropy of concatenated method names: 'QVyRihSDS5H9jEYh93B', 'rIxvRZSmOcoYwCEo9h1', 'P41WUD6gFP', 'M3pVQ4Star4TvYTcBRY', 'DbQxYqSGeLWOM0dLMl0', 'p8IGGqSBcV80qv4F7je', 'EW24ukSNv7oeS2ysydx', 'GmU6wlSwtdRHUjRI8w8', 'HTvqHMSrP8gx9ChqmWj', 'dbNRv1SROqdmOku1Il3' |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.13248cd0.6.raw.unpack, AssemblyLoader.cs |
High entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'AWrNtO9IxrcwrTSBRUJ' |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.13248cd0.6.raw.unpack, alfaphWjcdsBgJhWXq2.cs |
High entropy of concatenated method names: 'd0wM2IfUn1', 'S5nMZOiRQp', 'hnIMIAqHZJ', 'XKSMvmH4u6', 'jHBM0lYUuD', 'BOKMCjA5gV', 'LnUMqWlwOD', 'T4AegrgQKX', 'lojMxvltcR', 'XXjM9kJpeY' |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.13248cd0.6.raw.unpack, RPaZPHW33lAsijJP1L4.cs |
High entropy of concatenated method names: 'BdjWwdcH5c', 'b3hWrTD0Pq', 'YsgWRuRRMZ', 'U5TWTB0kCj', 'MwGWl7gf3y', 'ootWYOEj8w', 'etYWc6bpSu', 'CtvWo7FTBw', 'dMGWQgZ0XV', 'zNyWJcKWLI' |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.13248cd0.6.raw.unpack, eIheL0QOjKp3BVsrm4.cs |
High entropy of concatenated method names: 'V8mjGUqk8', 'RbqzWXDb8', 'sJI5aYe2DA', 'DSB55NUV5T', 'd0k5pIYZ3R', 'NHC5VObwvf', 'NrV5F2t3jU', 'Tq35OubvSW', 'ksI5bfIpJM', 'KLl5dW3Rj7' |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b330000.9.raw.unpack, rn2hy1KD9WvlWJ206dY.cs |
High entropy of concatenated method names: 'QVyRihSDS5H9jEYh93B', 'rIxvRZSmOcoYwCEo9h1', 'P41WUD6gFP', 'M3pVQ4Star4TvYTcBRY', 'DbQxYqSGeLWOM0dLMl0', 'p8IGGqSBcV80qv4F7je', 'EW24ukSNv7oeS2ysydx', 'GmU6wlSwtdRHUjRI8w8', 'HTvqHMSrP8gx9ChqmWj', 'dbNRv1SROqdmOku1Il3' |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b330000.9.raw.unpack, AssemblyLoader.cs |
High entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'AWrNtO9IxrcwrTSBRUJ' |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b330000.9.raw.unpack, alfaphWjcdsBgJhWXq2.cs |
High entropy of concatenated method names: 'd0wM2IfUn1', 'S5nMZOiRQp', 'hnIMIAqHZJ', 'XKSMvmH4u6', 'jHBM0lYUuD', 'BOKMCjA5gV', 'LnUMqWlwOD', 'T4AegrgQKX', 'lojMxvltcR', 'XXjM9kJpeY' |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b330000.9.raw.unpack, RPaZPHW33lAsijJP1L4.cs |
High entropy of concatenated method names: 'BdjWwdcH5c', 'b3hWrTD0Pq', 'YsgWRuRRMZ', 'U5TWTB0kCj', 'MwGWl7gf3y', 'ootWYOEj8w', 'etYWc6bpSu', 'CtvWo7FTBw', 'dMGWQgZ0XV', 'zNyWJcKWLI' |
Source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b330000.9.raw.unpack, eIheL0QOjKp3BVsrm4.cs |
High entropy of concatenated method names: 'V8mjGUqk8', 'RbqzWXDb8', 'sJI5aYe2DA', 'DSB55NUV5T', 'd0k5pIYZ3R', 'NHC5VObwvf', 'NrV5F2t3jU', 'Tq35OubvSW', 'ksI5bfIpJM', 'KLl5dW3Rj7' |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002F84000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: SBIEDLL.DLL |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002F84000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: SBIEDLL.DLL@E |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Memory allocated: 28A0000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Memory allocated: 1AB70000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3271394645.0000000012B71000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: E2FrFadU1HgFSGp3yyp |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002F84000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMware |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002F84000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: 1:en-CH:VMware|VIRTUAL|A M I|Xen |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002F84000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: 1:en-CH:Microsoft|VMWare|Virtual |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002F84000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmware |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002F84000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMware|VIRTUAL|A M I|Xen2 |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002B71000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMware|VIRTUAL|A M I|Xen |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002F84000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: 0VMware|VIRTUAL|A M I|Xen |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002F84000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: 0Microsoft|VMWare|Virtual |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002F84000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMWare |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3275059500.000000001B80D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllG |
Source: PROFOMA INVOICE-2024-0419 .exe, 00000000.00000002.3270275022.0000000002F84000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Microsoft|VMWare|Virtual |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Process token adjusted: Debug |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Memory allocated: page read and write | page guard |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Queries volume information: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PROFOMA INVOICE-2024-0419 .exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Jump to behavior |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.12e68bb8.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.12ec8c28.7.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b330000.9.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.12e88bf0.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.13248cd0.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b330000.9.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.12ec8c28.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.12e88bf0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.12e68bb8.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.13248cd0.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.3274205812.000000001B330000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3271394645.0000000012B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.12e68bb8.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.12ec8c28.7.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b330000.9.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.12e88bf0.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.13248cd0.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.1b330000.9.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.12ec8c28.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.12e88bf0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.12e68bb8.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PROFOMA INVOICE-2024-0419 .exe.13248cd0.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.3274205812.000000001B330000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3271394645.0000000013248000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.3271394645.0000000012B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |