| Source: 2Dhg4Ngjrv.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FAE50A0 SafeRWList,Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::WorkQueue::IsStructuredEmpty,FindNextFileW,FindClose,SafeRWList, |
0_2_00007FF61FAE50A0 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB5BC18 Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::PushStructured,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::PushStructured,task,Concurrency::details::WorkQueue::IsStructuredEmpty,task,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,FindNextFileW,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,FindClose,shared_ptr,Concurrency::details::WorkQueue::IsStructuredEmpty, |
0_2_00007FF61FB5BC18 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FAD5E74 WSARecv,WSAGetLastError, |
0_2_00007FF61FAD5E74 |
| Source: 2Dhg4Ngjrv.exe |
String found in binary or memory: https://neutralino.js.org |
| Source: 2Dhg4Ngjrv.exe |
String found in binary or memory: https://neutralino.js.orgbad |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB582A8 OpenClipboard,Sleep, |
0_2_00007FF61FB582A8 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB58BA0 RegisterClipboardFormatA,Concurrency::details::_Scheduler::_Scheduler,SetClipboardData,Concurrency::details::UMSFreeVirtualProcessorRoot::InitialThreadParam::~InitialThreadParam,GlobalAlloc,Concurrency::details::_Scheduler::_Scheduler,Concurrency::details::UMSFreeVirtualProcessorRoot::InitialThreadParam::~InitialThreadParam,GlobalLock,Concurrency::details::UMSFreeVirtualProcessorRoot::InitialThreadParam::~InitialThreadParam,GlobalUnlock,SetClipboardData,Concurrency::details::UMSFreeVirtualProcessorRoot::InitialThreadParam::~InitialThreadParam, |
0_2_00007FF61FB58BA0 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB5844C MultiByteToWideChar,GlobalLock,MultiByteToWideChar,GlobalUnlock,SetClipboardData,Concurrency::details::UMSFreeVirtualProcessorRoot::InitialThreadParam::~InitialThreadParam,GlobalLock,GlobalUnlock,SetClipboardData,Concurrency::details::UMSFreeVirtualProcessorRoot::InitialThreadParam::~InitialThreadParam, |
0_2_00007FF61FB5844C |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB596E4 RegisterClipboardFormatA,IsClipboardFormatAvailable,GetClipboardData,GlobalSize,GlobalLock,GlobalUnlock, |
0_2_00007FF61FB596E4 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FBA8F40 |
0_2_00007FF61FBA8F40 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FBB3634 |
0_2_00007FF61FBB3634 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB3E0A4 |
0_2_00007FF61FB3E0A4 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB7E0A0 |
0_2_00007FF61FB7E0A0 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB8DF24 |
0_2_00007FF61FB8DF24 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB9DBF4 |
0_2_00007FF61FB9DBF4 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB8DBA0 |
0_2_00007FF61FB8DBA0 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB99A88 |
0_2_00007FF61FB99A88 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB61A38 |
0_2_00007FF61FB61A38 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB3DA30 |
0_2_00007FF61FB3DA30 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB71594 |
0_2_00007FF61FB71594 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB614D0 |
0_2_00007FF61FB614D0 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB9D3B8 |
0_2_00007FF61FB9D3B8 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FBA91BC |
0_2_00007FF61FBA91BC |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB650C8 |
0_2_00007FF61FB650C8 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB8CFD8 |
0_2_00007FF61FB8CFD8 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB8CDD4 |
0_2_00007FF61FB8CDD4 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB8CBC8 |
0_2_00007FF61FB8CBC8 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB8C9C4 |
0_2_00007FF61FB8C9C4 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB708EC |
0_2_00007FF61FB708EC |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB8C7B8 |
0_2_00007FF61FB8C7B8 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB8C5B4 |
0_2_00007FF61FB8C5B4 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB9C37C |
0_2_00007FF61FB9C37C |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB9FEF0 |
0_2_00007FF61FB9FEF0 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB9B5B8 |
0_2_00007FF61FB9B5B8 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB7B2A8 |
0_2_00007FF61FB7B2A8 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB8F138 |
0_2_00007FF61FB8F138 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB9F03C |
0_2_00007FF61FB9F03C |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FBB2F98 |
0_2_00007FF61FBB2F98 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB8ED34 |
0_2_00007FF61FB8ED34 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: String function: 00007FF61FADC4F0 appears 44 times |
|
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: String function: 00007FF61FA081F4 appears 35 times |
|
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: String function: 00007FF61FA2A208 appears 139 times |
|
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: String function: 00007FF61FA072F4 appears 35 times |
|
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: String function: 00007FF61FA6F328 appears 82 times |
|
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: String function: 00007FF61FA1FD8C appears 79 times |
|
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: String function: 00007FF61FAD9210 appears 74 times |
|
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: String function: 00007FF61FA075A0 appears 32 times |
|
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: String function: 00007FF61FADC558 appears 75 times |
|
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: String function: 00007FF61FA12F1C appears 474 times |
|
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: String function: 00007FF61FB89030 appears 181 times |
|
| Source: classification engine |
Classification label: clean8.winEXE@1/1@0/0 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB5A068 SHCreateMemStream,Concurrency::details::_Scheduler::_Scheduler,CoCreateInstance,CoCreateInstance, |
0_2_00007FF61FB5A068 |
| Source: 2Dhg4Ngjrv.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
| Source: 2Dhg4Ngjrv.exe |
String found in binary or memory: 0123456789abcdefABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/loadedconnectedreturnValue |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Section loaded: mswsock.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Section loaded: textshaping.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: 2Dhg4Ngjrv.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
| Source: 2Dhg4Ngjrv.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
| Source: 2Dhg4Ngjrv.exe |
Static file information: File size 2481152 > 1048576 |
| Source: 2Dhg4Ngjrv.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1cf400 |
| Source: 2Dhg4Ngjrv.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Source: 2Dhg4Ngjrv.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB14F78 LoadLibraryA,GetProcAddress, |
0_2_00007FF61FB14F78 |
| Source: 2Dhg4Ngjrv.exe |
Static PE information: section name: _RDATA |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB66FCA push rbp; iretd |
0_2_00007FF61FB66FCB |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
API coverage: 4.2 % |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
System information queried: CurrentTimeZoneInformation |
Jump to behavior |
| Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FAE50A0 SafeRWList,Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::WorkQueue::IsStructuredEmpty,FindNextFileW,FindClose,SafeRWList, |
0_2_00007FF61FAE50A0 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB5BC18 Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::PushStructured,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::PushStructured,task,Concurrency::details::WorkQueue::IsStructuredEmpty,task,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,FindNextFileW,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,FindClose,shared_ptr,Concurrency::details::WorkQueue::IsStructuredEmpty, |
0_2_00007FF61FB5BC18 |
| Source: 2Dhg4Ngjrv.exe, 00000000.00000003.2164433771.0000024BC76C7000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZZ |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB880D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF61FB880D4 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FA02D63 LoadLibraryW,GetProcAddress,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,GetProcAddress,FreeLibrary, |
0_2_00007FF61FA02D63 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB14F78 LoadLibraryA,GetProcAddress, |
0_2_00007FF61FB14F78 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB55BF4 GetProcessHeap,HeapAlloc,CreateFileW,CreateIoCompletionPort,CloseHandle,GetProcessHeap,HeapFree, |
0_2_00007FF61FB55BF4 |
| Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB81B18 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF61FB81B18 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB880D4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF61FB880D4 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: EnumSystemLocalesW, |
0_2_00007FF61FBA2058 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: GetLocaleInfoEx, |
0_2_00007FF61FB80FCC |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00007FF61FBB07A0 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_00007FF61FBB05BC |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: EnumSystemLocalesW, |
0_2_00007FF61FBB0184 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: EnumSystemLocalesW, |
0_2_00007FF61FBB00B4 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, |
0_2_00007FF61FBAFD58 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: GetLocaleInfoEx,FormatMessageA, |
0_2_00007FF61FB5F584 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB899FC GetSystemTimeAsFileTime, |
0_2_00007FF61FB899FC |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FBA8F40 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation, |
0_2_00007FF61FBA8F40 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FB3D940 RtlGetVersion, |
0_2_00007FF61FB3D940 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FAC3EC4 listen, |
0_2_00007FF61FAC3EC4 |
| Source: C:\Users\user\Desktop\2Dhg4Ngjrv.exe |
Code function: 0_2_00007FF61FA7FAB0 bind, |
0_2_00007FF61FA7FAB0 |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet