Source: init_DB.exe |
ReversingLabs: Detection: 50% |
Source: init_DB.exe |
Virustotal: Detection: 39% |
Perma Link |
Source: init_DB.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\init_DB.exe |
File opened: C:\Users\user\AppData\ |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
File opened: C:\Users\user\AppData\Local\Temp\1413.tmp\1414.tmp |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
File opened: C:\Users\user\ |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
File opened: C:\Users\user\AppData\Local\ |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
File opened: C:\Users\user\AppData\Local\Temp\1413.tmp |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
File opened: C:\Users\user\AppData\Local\Temp\1413.tmp\1414.tmp\1415.tmp |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_00411079 |
0_2_00411079 |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_00411C20 |
0_2_00411C20 |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_00411033 |
0_2_00411033 |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_00410C80 |
0_2_00410C80 |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_00410CA0 |
0_2_00410CA0 |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_0040B9C7 |
0_2_0040B9C7 |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_0040FA68 |
0_2_0040FA68 |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_0040CF18 |
0_2_0040CF18 |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_0040EFF0 |
0_2_0040EFF0 |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_00410FB0 |
0_2_00410FB0 |
Source: init_DB.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal60.troj.winEXE@4/1@0/0 |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_00402664 LoadResource,SizeofResource,FreeResource, |
0_2_00402664 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4564:120:WilError_03 |
Source: C:\Users\user\Desktop\init_DB.exe |
File created: C:\Users\user\AppData\Local\Temp\1413.tmp |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\1413.tmp\1414.tmp\1415.bat C:\Users\user\Desktop\init_DB.exe" |
Source: C:\Users\user\Desktop\init_DB.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: init_DB.exe |
ReversingLabs: Detection: 50% |
Source: init_DB.exe |
Virustotal: Detection: 39% |
Source: unknown |
Process created: C:\Users\user\Desktop\init_DB.exe "C:\Users\user\Desktop\init_DB.exe" |
|
Source: C:\Users\user\Desktop\init_DB.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\init_DB.exe |
Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\1413.tmp\1414.tmp\1415.bat C:\Users\user\Desktop\init_DB.exe" |
|
Source: C:\Users\user\Desktop\init_DB.exe |
Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd" /c "C:\Users\user\AppData\Local\Temp\1413.tmp\1414.tmp\1415.bat C:\Users\user\Desktop\init_DB.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Section loaded: cmdext.dll |
Jump to behavior |
Source: Yara match |
File source: init_DB.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.init_DB.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.init_DB.exe.400000.0.unpack, type: UNPACKEDPE |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_0040ADD6 GetTempPathW,LoadLibraryW,GetProcAddress,GetLongPathNameW,FreeLibrary, |
0_2_0040ADD6 |
Source: init_DB.exe |
Static PE information: section name: .code |
Source: C:\Users\user\Desktop\init_DB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\init_DB.exe |
File opened: C:\Users\user\AppData\ |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
File opened: C:\Users\user\AppData\Local\Temp\1413.tmp\1414.tmp |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
File opened: C:\Users\user\ |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
File opened: C:\Users\user\AppData\Local\ |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
File opened: C:\Users\user\AppData\Local\Temp\1413.tmp |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
File opened: C:\Users\user\AppData\Local\Temp\1413.tmp\1414.tmp\1415.tmp |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_0040ADD6 GetTempPathW,LoadLibraryW,GetProcAddress,GetLongPathNameW,FreeLibrary, |
0_2_0040ADD6 |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_00409FD0 SetUnhandledExceptionFilter, |
0_2_00409FD0 |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_00409FB0 SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter, |
0_2_00409FB0 |
Source: C:\Windows\System32\cmd.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\init_DB.exe |
Code function: 0_2_00405573 GetVersionExW,GetVersionExW, |
0_2_00405573 |