Windows Analysis Report
125.exe

Overview

General Information

Sample name: 125.exe
Analysis ID: 1428867
MD5: 44b14057ff868e25ad444fac098d89f0
SHA1: 2dceab58c101c2f5e922e5a40adcc685b557ac53
SHA256: 5a54cda9e42baea3defa9f1024858f7c44f79242b8765c9e886a8f54db6e1934
Infos:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Detected potential crypto function
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Potential time zone aware malware
Program does not show much activity (idle)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: 125.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: 125.exe ReversingLabs: Detection: 25%
Uses 32bit PE files
Source: 125.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: 125.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH
Detected potential crypto function
Source: C:\Users\user\Desktop\125.exe Code function: 0_2_00408950 0_2_00408950
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\125.exe Code function: String function: 0040B6B0 appears 40 times
Uses 32bit PE files
Source: 125.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: classification engine Classification label: mal56.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\125.exe Code function: 0_2_00401F36 GetLastError,fprintf,FormatMessageA,fprintf,strcat,strcat,LocalFree,fprintf,ShellExecuteA, 0_2_00401F36
Source: C:\Users\user\Desktop\125.exe Code function: 0_2_0040206E fprintf,FindResourceExA,LoadResource,LockResource,fprintf,SetLastError,fputs, 0_2_0040206E
Source: 125.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\125.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: 125.exe ReversingLabs: Detection: 25%
Source: 125.exe String found in binary or memory: JPHP-INF/launcher.confSV
Source: 125.exe String found in binary or memory: php/runtime/launcher/PK
Source: 125.exe String found in binary or memory: php/runtime/launcher/Launcher$1.class
Source: 125.exe String found in binary or memory: %php/runtime/launcher/Launcher$1.class
Source: 125.exe String found in binary or memory: php/runtime/launcher/Launcher.class
Source: 125.exe String found in binary or memory: 3:#php/runtime/launcher/Launcher.class
Source: 125.exe String found in binary or memory: php/runtime/loader/PK
Source: 125.exe String found in binary or memory: php/runtime/loader/compile/PK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/PK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/io/PK
Source: 125.exe String found in binary or memory: php/runtime/loader/sourcemap/PK
Source: 125.exe String found in binary or memory: php/runtime/launcher/LaunchException.class
Source: 125.exe String found in binary or memory: *php/runtime/launcher/LaunchException.class
Source: 125.exe String found in binary or memory: php/runtime/launcher/StandaloneLauncher.class
Source: 125.exe String found in binary or memory: -php/runtime/launcher/StandaloneLauncher.class
Source: 125.exe String found in binary or memory: php/runtime/loader/RuntimeClassLoader.class
Source: 125.exe String found in binary or memory: +php/runtime/loader/RuntimeClassLoader.class
Source: 125.exe String found in binary or memory: php/runtime/loader/StandaloneLoader$1.class
Source: 125.exe String found in binary or memory: +php/runtime/loader/StandaloneLoader$1.class
Source: 125.exe String found in binary or memory: php/runtime/loader/StandaloneLoader$2.class
Source: 125.exe String found in binary or memory: +php/runtime/loader/StandaloneLoader$2.class
Source: 125.exe String found in binary or memory: php/runtime/loader/StandaloneLoader$3.class
Source: 125.exe String found in binary or memory: +php/runtime/loader/StandaloneLoader$3.class
Source: 125.exe String found in binary or memory: php/runtime/loader/StandaloneLoader$4.class
Source: 125.exe String found in binary or memory: +php/runtime/loader/StandaloneLoader$4.class
Source: 125.exe String found in binary or memory: php/runtime/loader/StandaloneLoader.class
Source: 125.exe String found in binary or memory: 1)php/runtime/loader/StandaloneLoader.class
Source: 125.exe String found in binary or memory: php/runtime/loader/compile/StandaloneCompiler$1.class
Source: 125.exe String found in binary or memory: 5php/runtime/loader/compile/StandaloneCompiler$1.class
Source: 125.exe String found in binary or memory: php/runtime/loader/compile/StandaloneCompiler$2.class
Source: 125.exe String found in binary or memory: 5php/runtime/loader/compile/StandaloneCompiler$2.class
Source: 125.exe String found in binary or memory: php/runtime/loader/compile/StandaloneCompiler.class
Source: 125.exe String found in binary or memory: 83php/runtime/loader/compile/StandaloneCompiler.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/ClassDumper.class
Source: 125.exe String found in binary or memory: /)php/runtime/loader/dump/ClassDumper.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/ClosureDumper.class
Source: 125.exe String found in binary or memory: +php/runtime/loader/dump/ClosureDumper.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/ConstantDumper.class
Source: 125.exe String found in binary or memory: ,php/runtime/loader/dump/ConstantDumper.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/Dumper.class
Source: 125.exe String found in binary or memory: $php/runtime/loader/dump/Dumper.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/FunctionDumper.class
Source: 125.exe String found in binary or memory: ,php/runtime/loader/dump/FunctionDumper.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/GeneratorDumper.class
Source: 125.exe String found in binary or memory: -php/runtime/loader/dump/GeneratorDumper.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/MethodDumper.class
Source: 125.exe String found in binary or memory: *php/runtime/loader/dump/MethodDumper.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/ModuleDumper.class
Source: 125.exe String found in binary or memory: *php/runtime/loader/dump/ModuleDumper.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/ParameterDumper.class
Source: 125.exe String found in binary or memory: -php/runtime/loader/dump/ParameterDumper.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/PropertyDumper.class
Source: 125.exe String found in binary or memory: ,php/runtime/loader/dump/PropertyDumper.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/StandaloneLibrary$Module.class
Source: 125.exe String found in binary or memory: 6php/runtime/loader/dump/StandaloneLibrary$Module.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/StandaloneLibrary.class
Source: 125.exe String found in binary or memory: /php/runtime/loader/dump/StandaloneLibrary.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/StandaloneLibraryDumper.class
Source: 125.exe String found in binary or memory: 5php/runtime/loader/dump/StandaloneLibraryDumper.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/Types.classM
Source: 125.exe String found in binary or memory: #php/runtime/loader/dump/Types.classM
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/io/DumpException.class
Source: 125.exe String found in binary or memory: .php/runtime/loader/dump/io/DumpException.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/io/DumpInputStream$1.class
Source: 125.exe String found in binary or memory: 2php/runtime/loader/dump/io/DumpInputStream$1.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/io/DumpInputStream.class
Source: 125.exe String found in binary or memory: 0php/runtime/loader/dump/io/DumpInputStream.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/io/DumpOutputStream$1.class
Source: 125.exe String found in binary or memory: 3php/runtime/loader/dump/io/DumpOutputStream$1.class
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/io/DumpOutputStream.class
Source: 125.exe String found in binary or memory: 1php/runtime/loader/dump/io/DumpOutputStream.class
Source: 125.exe String found in binary or memory: php/runtime/loader/sourcemap/SourceMap$Item.class
Source: 125.exe String found in binary or memory: 1php/runtime/loader/sourcemap/SourceMap$Item.class
Source: 125.exe String found in binary or memory: php/runtime/loader/sourcemap/SourceMap.class
Source: 125.exe String found in binary or memory: ,php/runtime/loader/sourcemap/SourceMap.class
Source: 125.exe String found in binary or memory: javax/mail/Address.classeP
Source: 125.exe String found in binary or memory: javax/mail/internet/AddressException.class
Source: 125.exe String found in binary or memory: *javax/mail/internet/AddressException.class
Source: 125.exe String found in binary or memory: javax/mail/search/AddressStringTerm.class
Source: 125.exe String found in binary or memory: )javax/mail/search/AddressStringTerm.class
Source: 125.exe String found in binary or memory: javax/mail/search/AddressTerm.class}
Source: 125.exe String found in binary or memory: #javax/mail/search/AddressTerm.class}
Source: 125.exe String found in binary or memory: javassist/Loader.class
Source: 125.exe String found in binary or memory: javassist/LoaderClassPath.class
Source: 125.exe String found in binary or memory: javassist/tools/reflect/Loader.class
Source: 125.exe String found in binary or memory: $javassist/tools/reflect/Loader.class
Source: 125.exe String found in binary or memory: com/mysql/jdbc/LoadBalanceExceptionChecker.class}
Source: 125.exe String found in binary or memory: 0com/mysql/jdbc/LoadBalanceExceptionChecker.class}
Source: 125.exe String found in binary or memory: com/mysql/jdbc/LoadBalancedAutoCommitInterceptor.class
Source: 125.exe String found in binary or memory: 6com/mysql/jdbc/LoadBalancedAutoCommitInterceptor.class
Source: 125.exe String found in binary or memory: com/mysql/jdbc/LoadBalancedConnection.class}P
Source: 125.exe String found in binary or memory: +com/mysql/jdbc/LoadBalancedConnection.class}P
Source: 125.exe String found in binary or memory: com/mysql/jdbc/LoadBalancedConnectionProxy$NullLoadBalancedConnectionProxy.class
Source: 125.exe String found in binary or memory: Pcom/mysql/jdbc/LoadBalancedConnectionProxy$NullLoadBalancedConnectionProxy.class
Source: 125.exe String found in binary or memory: com/mysql/jdbc/LoadBalancedConnectionProxy.class
Source: 125.exe String found in binary or memory: O0com/mysql/jdbc/LoadBalancedConnectionProxy.class
Source: 125.exe String found in binary or memory: com/mysql/jdbc/LoadBalancedMySQLConnection.class
Source: 125.exe String found in binary or memory: 0com/mysql/jdbc/LoadBalancedMySQLConnection.class
Source: 125.exe String found in binary or memory: com/mysql/jdbc/jmx/LoadBalanceConnectionGroupManager.class
Source: 125.exe String found in binary or memory: :com/mysql/jdbc/jmx/LoadBalanceConnectionGroupManager.class
Source: 125.exe String found in binary or memory: com/mysql/jdbc/jmx/LoadBalanceConnectionGroupManagerMBean.class
Source: 125.exe String found in binary or memory: ?com/mysql/jdbc/jmx/LoadBalanceConnectionGroupManagerMBean.class
Source: 125.exe String found in binary or memory: JPHP-INF/launcher.confPK
Source: 125.exe String found in binary or memory: php/runtime/launcher/Launcher$1.classPK
Source: 125.exe String found in binary or memory: php/runtime/launcher/Launcher.classPK
Source: 125.exe String found in binary or memory: php/runtime/launcher/LaunchException.classPK
Source: 125.exe String found in binary or memory: !php/runtime/launcher/LaunchException.classPK
Source: 125.exe String found in binary or memory: php/runtime/launcher/StandaloneLauncher.classPK
Source: 125.exe String found in binary or memory: !php/runtime/launcher/StandaloneLauncher.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/RuntimeClassLoader.classPK
Source: 125.exe String found in binary or memory: !php/runtime/loader/RuntimeClassLoader.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/StandaloneLoader$1.classPK
Source: 125.exe String found in binary or memory: !php/runtime/loader/StandaloneLoader$1.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/StandaloneLoader$2.classPK
Source: 125.exe String found in binary or memory: !php/runtime/loader/StandaloneLoader$2.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/StandaloneLoader$3.classPK
Source: 125.exe String found in binary or memory: !php/runtime/loader/StandaloneLoader$3.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/StandaloneLoader$4.classPK
Source: 125.exe String found in binary or memory: !php/runtime/loader/StandaloneLoader$4.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/StandaloneLoader.classPK
Source: 125.exe String found in binary or memory: !php/runtime/loader/StandaloneLoader.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/compile/StandaloneCompiler$1.classPK
Source: 125.exe String found in binary or memory: !php/runtime/loader/compile/StandaloneCompiler$1.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/compile/StandaloneCompiler$2.classPK
Source: 125.exe String found in binary or memory: !php/runtime/loader/compile/StandaloneCompiler$2.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/compile/StandaloneCompiler.classPK
Source: 125.exe String found in binary or memory: !php/runtime/loader/compile/StandaloneCompiler.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/ClassDumper.classPK
Source: 125.exe String found in binary or memory: !php/runtime/loader/dump/ClassDumper.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/ClosureDumper.classPK
Source: 125.exe String found in binary or memory: !php/runtime/loader/dump/ClosureDumper.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/ConstantDumper.classPK
Source: 125.exe String found in binary or memory: "php/runtime/loader/dump/ConstantDumper.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/Dumper.classPK
Source: 125.exe String found in binary or memory: "php/runtime/loader/dump/Dumper.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/FunctionDumper.classPK
Source: 125.exe String found in binary or memory: "php/runtime/loader/dump/FunctionDumper.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/GeneratorDumper.classPK
Source: 125.exe String found in binary or memory: "php/runtime/loader/dump/GeneratorDumper.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/MethodDumper.classPK
Source: 125.exe String found in binary or memory: 9 "php/runtime/loader/dump/MethodDumper.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/ModuleDumper.classPK
Source: 125.exe String found in binary or memory: R*"php/runtime/loader/dump/ModuleDumper.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/ParameterDumper.classPK
Source: 125.exe String found in binary or memory: D7"php/runtime/loader/dump/ParameterDumper.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/PropertyDumper.classPK
Source: 125.exe String found in binary or memory: >"php/runtime/loader/dump/PropertyDumper.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/StandaloneLibrary$Module.classPK
Source: 125.exe String found in binary or memory: C"php/runtime/loader/dump/StandaloneLibrary$Module.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/StandaloneLibrary.classPK
Source: 125.exe String found in binary or memory: H"php/runtime/loader/dump/StandaloneLibrary.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/StandaloneLibraryDumper.classPK
Source: 125.exe String found in binary or memory: M"php/runtime/loader/dump/StandaloneLibraryDumper.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/Types.classPK
Source: 125.exe String found in binary or memory: V"php/runtime/loader/dump/Types.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/io/DumpException.classPK
Source: 125.exe String found in binary or memory: W"php/runtime/loader/dump/io/DumpException.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/io/DumpInputStream$1.classPK
Source: 125.exe String found in binary or memory: TY"php/runtime/loader/dump/io/DumpInputStream$1.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/io/DumpInputStream.classPK
Source: 125.exe String found in binary or memory: ["php/runtime/loader/dump/io/DumpInputStream.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/io/DumpOutputStream$1.classPK
Source: 125.exe String found in binary or memory: e"php/runtime/loader/dump/io/DumpOutputStream$1.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/dump/io/DumpOutputStream.classPK
Source: 125.exe String found in binary or memory: Nh"php/runtime/loader/dump/io/DumpOutputStream.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/sourcemap/SourceMap$Item.classPK
Source: 125.exe String found in binary or memory: p"php/runtime/loader/sourcemap/SourceMap$Item.classPK
Source: 125.exe String found in binary or memory: php/runtime/loader/sourcemap/SourceMap.classPK
Source: 125.exe String found in binary or memory: Sr"php/runtime/loader/sourcemap/SourceMap.classPK
Source: 125.exe String found in binary or memory: javax/mail/Address.classPK
Source: 125.exe String found in binary or memory: }javax/mail/Address.classPK
Source: 125.exe String found in binary or memory: javax/mail/internet/AddressException.classPK
Source: 125.exe String found in binary or memory: ~javax/mail/internet/AddressException.classPK
Source: 125.exe String found in binary or memory: javax/mail/search/AddressStringTerm.classPK
Source: 125.exe String found in binary or memory: javax/mail/search/AddressTerm.classPK
Source: 125.exe String found in binary or memory: javassist/Loader.classPK
Source: 125.exe String found in binary or memory: javassist/LoaderClassPath.classPK
Source: 125.exe String found in binary or memory: javassist/tools/reflect/Loader.classPK
Source: 125.exe String found in binary or memory: com/mysql/jdbc/LoadBalanceExceptionChecker.classPK
Source: 125.exe String found in binary or memory: com/mysql/jdbc/LoadBalancedAutoCommitInterceptor.classPK
Source: 125.exe String found in binary or memory: com/mysql/jdbc/LoadBalancedConnection.classPK
Source: 125.exe String found in binary or memory: com/mysql/jdbc/LoadBalancedConnectionProxy$NullLoadBalancedConnectionProxy.classPK
Source: 125.exe String found in binary or memory: com/mysql/jdbc/LoadBalancedConnectionProxy.classPK
Source: 125.exe String found in binary or memory: com/mysql/jdbc/LoadBalancedMySQLConnection.classPK
Source: 125.exe String found in binary or memory: com/mysql/jdbc/jmx/LoadBalanceConnectionGroupManager.classPK
Source: 125.exe String found in binary or memory: com/mysql/jdbc/jmx/LoadBalanceConnectionGroupManagerMBean.classPK
Source: C:\Users\user\Desktop\125.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\125.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\125.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\125.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\125.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\125.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\125.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\125.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\125.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\125.exe Section loaded: wintypes.dll Jump to behavior
Source: 125.exe Static file information: File size 19177181 > 1048576
Source: 125.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH
PE file contains sections with non-standard names
Source: 125.exe Static PE information: section name: .eh_fram
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\125.exe Code function: 0_2_00401803 push edi; mov dword ptr [esp], ebx 0_2_00401842
Source: C:\Users\user\Desktop\125.exe Code function: 0_2_00401803 push eax; mov dword ptr [esp], 00000000h 0_2_00401A6A
Source: C:\Users\user\Desktop\125.exe Code function: 0_2_00401803 push ebx; mov dword ptr [esp], eax 0_2_00401AEB
Source: C:\Users\user\Desktop\125.exe Code function: 0_2_00401803 push esi; mov dword ptr [esp], ebx 0_2_00401BC8
Source: C:\Users\user\Desktop\125.exe Code function: 0_2_00401F36 push ecx; mov dword ptr [esp], 00419168h 0_2_00401FF7
Source: C:\Users\user\Desktop\125.exe Code function: 0_2_0040E827 push esi; ret 0_2_0040E83A
Source: C:\Users\user\Desktop\125.exe Code function: 0_2_004015D0 push eax; mov dword ptr [esp], 00000000h 0_2_004016BB
Source: C:\Users\user\Desktop\125.exe Code function: 0_2_0040DB23 push es; iretd 0_2_0040DC34
Potential time zone aware malware
Source: C:\Users\user\Desktop\125.exe System information queried: CurrentTimeZoneInformation Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\125.exe Code function: 0_2_00401180 SetUnhandledExceptionFilter,GetCommandLineA,_iob,_setmode,_setmode,_setmode,__p__fmode,__p__environ,_cexit,ExitProcess,__getmainargs, 0_2_00401180
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1428867 Sample: 125.exe Startdate: 19/04/2024 Architecture: WINDOWS Score: 56 7 Antivirus / Scanner detection for submitted sample 2->7 9 Multi AV Scanner detection for submitted file 2->9 5 125.exe 2->5         started        process3
No contacted IP infos