Windows Analysis Report
GateUtilityHelper.exe

ID:	1428920
Product:	CloudBasic
Start time:	21:12:15
Start date:	19.04.2024
Sample:	GateUtilityHelper.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	ea802d05db84a72cd98fe9b3628832c8
SHA1:	7c3c11e9dea2fdc111180d107daff5f3d0b71374
SHA256:	42e59f21ff168b461817dedeec34c97c06c2f675ebb2be932f0948024c96c34c
Filetype:	Win64 Executable Console Net Framework (206006/5) 48.58%

Name	Type	MD5	SHA1	SHA256

Compliance

Source: GateUtilityHelper.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:

Binary string: D:\Tycon\GateUtility\GateUtility\GateUtilityHelper\obj\Release\GateUtilityHelper.pdb source: GateUtilityHelper.exe

Spam, unwanted Advertisements and Ransom Demands

Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\GateUtilityHelper			Jump to behavior

Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\GateUtilityHelper			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System			Jump to behavior

System Summary

Source: GateUtilityHelper.exe

Static PE information: No import functions for PE file found

Source: classification engine

Classification label: mal48.evad.winEXE@4/0@0/0

Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6948:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6760:120:WilError_03

Source: GateUtilityHelper.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: GateUtilityHelper.exe

Static file information: TRID: Win64 Executable Console Net Framework (206006/5) 48.58%

Source: C:\Users\user\Desktop\GateUtilityHelper.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\GateUtilityHelper.exe "C:\Users\user\Desktop\GateUtilityHelper.exe"
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\GateUtilityHelper.exe "C:\Users\user\Desktop\GateUtilityHelper.exe"
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Section loaded: wintypes.dll			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: GateUtilityHelper.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: GateUtilityHelper.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: GateUtilityHelper.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: GateUtilityHelper.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: D:\Tycon\GateUtility\GateUtility\GateUtilityHelper\obj\Release\GateUtilityHelper.pdb source: GateUtilityHelper.exe

Data Obfuscation

Source: GateUtilityHelper.exe

Static PE information: 0xE330603D [Fri Oct 13 17:19:57 2090 UTC]

Boot Survival

Source: C:\Users\user\Desktop\GateUtilityHelper.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Memory allocated: 16F4AF10000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Memory allocated: 16F62F50000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Memory allocated: 2007D6F0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Memory allocated: 2007F190000 memory reserve | memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\Desktop\GateUtilityHelper.exe TID: 7012	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe TID: 6300	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Anti Debugging

Source: C:\Users\user\Desktop\GateUtilityHelper.exe

Memory allocated: page read and write | page guard

Jump to behavior

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Queries volume information: C:\Users\user\Desktop\GateUtilityHelper.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\GateUtilityHelper.exe	Queries volume information: C:\Users\user\Desktop\GateUtilityHelper.exe VolumeInformation			Jump to behavior