Source: Q7Ct3eA5NE.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: Q7Ct3eA5NE.exe |
String found in binary or memory: http://restools.hanzify.org/ |
Source: Q7Ct3eA5NE.exe |
String found in binary or memory: http://www.innosetup.com/ |
Source: Q7Ct3eA5NE.exe |
String found in binary or memory: http://www.remobjects.com/ps |
Source: Q7Ct3eA5NE.exe |
Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows |
Source: Q7Ct3eA5NE.exe |
Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
Source: Q7Ct3eA5NE.exe, 00000000.00000000.2052230073.0000000000569000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameshfolder.dll~/ vs Q7Ct3eA5NE.exe |
Source: Q7Ct3eA5NE.exe |
Binary or memory string: OriginalFilenameshfolder.dll~/ vs Q7Ct3eA5NE.exe |
Source: Q7Ct3eA5NE.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: classification engine |
Classification label: clean2.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: Q7Ct3eA5NE.exe |
String found in binary or memory: -Helper process exited with failure code: 0x%x |
Source: Q7Ct3eA5NE.exe |
String found in binary or memory: -HelperRegisterTypeLibrary: StatusCode invalidU |
Source: Q7Ct3eA5NE.exe |
String found in binary or memory: /LoadInf= |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
File read: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: Q7Ct3eA5NE.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: Q7Ct3eA5NE.exe |
Static file information: File size 1486848 > 1048576 |
Source: Q7Ct3eA5NE.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x148200 |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 |
Jump to behavior |
Source: C:\Users\user\Desktop\Q7Ct3eA5NE.exe |
Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |