Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Avira: detected |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
ReversingLabs: Detection: 31% |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe, 00000000.00000002.2483491466.00007FF6851C0000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: -----BEGIN PUBLIC KEY----- |
memstr_40d50803-a |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\Users\Fortn\Desktop\v4\remade\build\husXveru.pdb source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: http://scripts.sil.org/OFL |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: http://scripts.sil.org/OFLCopyright |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: http://scripts.sil.org/OFLProza |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: http://www.houseindustries.com/license |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: http://www.houseindustries.com/licenseBurbank |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: http://www.houseindustries.com/licenseCopyright |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: http://www.houseindustries.comhttp://www.talleming.comHouse |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: https://github.com/ThomasJockin/lexend)Lexend |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: https://github.com/cadsondemak/kanit) |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: https://github.com/itfoundry/Poppins)&&&&o |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: https://scripts.sil.org/OFLThis |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: https://scripts.sil.org/OFLhttps://indiantypefoundry.comNinad |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: https://scripts.sil.org/OFLhttps://www.katatrad.comhttps://cadsondemak.comKatatrad |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF68513CBB0 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard, |
0_2_00007FF68513CBB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF68513CBB0 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard, |
0_2_00007FF68513CBB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF685147260 |
0_2_00007FF685147260 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF685168E70 |
0_2_00007FF685168E70 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF6851406D4 |
0_2_00007FF6851406D4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF685153170 |
0_2_00007FF685153170 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF68516A9C0 |
0_2_00007FF68516A9C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF68513CE20 |
0_2_00007FF68513CE20 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF685141E00 |
0_2_00007FF685141E00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF685141200 |
0_2_00007FF685141200 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF6851508A0 |
0_2_00007FF6851508A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF6851310F0 |
0_2_00007FF6851310F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF6851464F0 |
0_2_00007FF6851464F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF68514B530 |
0_2_00007FF68514B530 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF68513CF40 |
0_2_00007FF68513CF40 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF6851343F0 |
0_2_00007FF6851343F0 |
Source: classification engine |
Classification label: mal56.winEXE@2/0@0/0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1340:120:WilError_03 |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
ReversingLabs: Detection: 31% |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
String found in binary or memory: kernel32LoadLibraryExA\/AddDllDirectory |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe" |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Section loaded: d3dx11_43.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Section loaded: d3dcompiler_43.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static file information: File size 3709440 > 1048576 |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: Raw size of .data is bigger than: 0x100000 < 0x2d4c00 |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: C:\Users\Fortn\Desktop\v4\remade\build\husXveru.pdb source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Static PE information: section name: _RDATA |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF6851BD354 memset,GetLastError,IsDebuggerPresent,OutputDebugStringW, |
0_2_00007FF6851BD354 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF6851BD354 memset,GetLastError,IsDebuggerPresent,OutputDebugStringW, |
0_2_00007FF6851BD354 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF6851BC154 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF6851BC154 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.28415.5583.exe |
Code function: 0_2_00007FF6851BD1B0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00007FF6851BD1B0 |