Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe
Analysis ID: 1430479
MD5: 9fe9321d88dfb4ed2906150e6cdad85f
SHA1: 4a98a9cbaf3ba53bfdbff33f93269ad78be3d737
SHA256: 955f2a6426664a728fde4871d6309cf821c17187b4671e3917d83dc968d36e96
Tags: exe
Infos:

Detection

FormBook
Score: 96
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Injects a PE file into a foreign processes
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe ReversingLabs: Detection: 34%
Yara detected FormBook
Source: Yara match File source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.2547155613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe, 00000003.00000002.2547654530.00000000010D0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe, SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe, 00000003.00000002.2547654530.00000000010D0000.00000040.00001000.00020000.00000000.sdmp
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe String found in binary or memory: http://ocsp.comodoca.com0
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe String found in binary or memory: http://tempuri.org/DataSet1.xsd
Source: Amcache.hve.10.dr String found in binary or memory: http://upx.sf.net
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe String found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.2547155613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.2547155613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
.NET source code contains very large array initializations
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe, Resources.cs Large array initialization: : array initializer size 654959
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.29184e8.3.raw.unpack, HomeView.cs Large array initialization: : array initializer size 33604
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.7220000.12.raw.unpack, HomeView.cs Large array initialization: : array initializer size 33604
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0042B263 NtClose, 3_2_0042B263
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142DF0 NtQuerySystemInformation,LdrInitializeThunk, 3_2_01142DF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01143010 NtOpenDirectoryObject, 3_2_01143010
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01143090 NtSetValueKey, 3_2_01143090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01144340 NtSetContextThread, 3_2_01144340
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011435C0 NtCreateMutant, 3_2_011435C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01144650 NtSuspendThread, 3_2_01144650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011439B0 NtGetContextThread, 3_2_011439B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142B60 NtClose, 3_2_01142B60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142B80 NtQueryInformationFile, 3_2_01142B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142BA0 NtEnumerateValueKey, 3_2_01142BA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142BF0 NtAllocateVirtualMemory, 3_2_01142BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142BE0 NtQueryValueKey, 3_2_01142BE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142AB0 NtWaitForSingleObject, 3_2_01142AB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142AD0 NtReadFile, 3_2_01142AD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142AF0 NtWriteFile, 3_2_01142AF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142D10 NtMapViewOfSection, 3_2_01142D10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01143D10 NtOpenProcessToken, 3_2_01143D10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142D00 NtSetInformationFile, 3_2_01142D00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142D30 NtUnmapViewOfSection, 3_2_01142D30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01143D70 NtOpenThread, 3_2_01143D70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142DB0 NtEnumerateKey, 3_2_01142DB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142DD0 NtDelayExecution, 3_2_01142DD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142C00 NtQueryInformationProcess, 3_2_01142C00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142C70 NtFreeVirtualMemory, 3_2_01142C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142C60 NtCreateKey, 3_2_01142C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142CA0 NtQueryInformationToken, 3_2_01142CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142CC0 NtQueryVirtualMemory, 3_2_01142CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142CF0 NtOpenProcess, 3_2_01142CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142F30 NtCreateSection, 3_2_01142F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142F60 NtCreateProcessEx, 3_2_01142F60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142F90 NtProtectVirtualMemory, 3_2_01142F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142FB0 NtResumeThread, 3_2_01142FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142FA0 NtQuerySection, 3_2_01142FA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142FE0 NtCreateFile, 3_2_01142FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142E30 NtWriteVirtualMemory, 3_2_01142E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142E80 NtReadVirtualMemory, 3_2_01142E80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142EA0 NtAdjustPrivilegesToken, 3_2_01142EA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142EE0 NtQueueApcThread, 3_2_01142EE0
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 0_2_00CFD8BC 0_2_00CFD8BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 0_2_04E002A0 0_2_04E002A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 0_2_04E00290 0_2_04E00290
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 0_2_07481F10 0_2_07481F10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 0_2_0748AEB8 0_2_0748AEB8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 0_2_07484F48 0_2_07484F48
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 0_2_07484F58 0_2_07484F58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 0_2_07481F00 0_2_07481F00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 0_2_07484B00 0_2_07484B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 0_2_07487300 0_2_07487300
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 0_2_07487310 0_2_07487310
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 0_2_07484B20 0_2_07484B20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 0_2_07485390 0_2_07485390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 0_2_07486A28 0_2_07486A28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 0_2_07486A38 0_2_07486A38
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0040E04A 3_2_0040E04A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0040E053 3_2_0040E053
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_00401114 3_2_00401114
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_00402920 3_2_00402920
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_00401120 3_2_00401120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_00401280 3_2_00401280
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_00403388 3_2_00403388
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_00403390 3_2_00403390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_00401570 3_2_00401570
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0040FDAA 3_2_0040FDAA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0040FDB3 3_2_0040FDB3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_00402640 3_2_00402640
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0042D653 3_2_0042D653
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_00416703 3_2_00416703
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0040FFD3 3_2_0040FFD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011AA118 3_2_011AA118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01100100 3_2_01100100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01198158 3_2_01198158
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011DB16B 3_2_011DB16B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0114516C 3_2_0114516C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0111B1B0 3_2_0111B1B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D01AA 3_2_011D01AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C81CC 3_2_011C81CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011BF0CC 3_2_011BF0CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C70E9 3_2_011C70E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CF0E0 3_2_011CF0E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C132D 3_2_011C132D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FD34C 3_2_010FD34C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CA352 3_2_011CA352
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0115739A 3_2_0115739A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0111E3F0 3_2_0111E3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D03E6 3_2_011D03E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B0274 3_2_011B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011152A0 3_2_011152A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112B2C0 3_2_0112B2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B12ED 3_2_011B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01110535 3_2_01110535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C7571 3_2_011C7571
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D0591 3_2_011D0591
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011AD5B0 3_2_011AD5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CF43F 3_2_011CF43F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C2446 3_2_011C2446
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01101460 3_2_01101460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011BE4F6 3_2_011BE4F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01134750 3_2_01134750
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01110770 3_2_01110770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CF7B0 3_2_011CF7B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110C7C0 3_2_0110C7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C16CC 3_2_011C16CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112C6E0 3_2_0112C6E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01119950 3_2_01119950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112B950 3_2_0112B950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01126962 3_2_01126962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011129A0 3_2_011129A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011DA9A6 3_2_011DA9A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0117D800 3_2_0117D800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01112840 3_2_01112840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0111A840 3_2_0111A840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F68B8 3_2_010F68B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113E8F0 3_2_0113E8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011138E0 3_2_011138E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CAB40 3_2_011CAB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CFB76 3_2_011CFB76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112FB80 3_2_0112FB80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C6BD7 3_2_011C6BD7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01185BF0 3_2_01185BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0114DBF9 3_2_0114DBF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CFA49 3_2_011CFA49
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C7A46 3_2_011C7A46
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01183A6C 3_2_01183A6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110EA80 3_2_0110EA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01155AA0 3_2_01155AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011ADAAC 3_2_011ADAAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011BDAC6 3_2_011BDAC6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0111AD00 3_2_0111AD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C1D5A 3_2_011C1D5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01113D40 3_2_01113D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C7D73 3_2_011C7D73
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01128DBF 3_2_01128DBF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112FDC0 3_2_0112FDC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110ADE0 3_2_0110ADE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01110C00 3_2_01110C00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01189C32 3_2_01189C32
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B0CB5 3_2_011B0CB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01100CF2 3_2_01100CF2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CFCF2 3_2_011CFCF2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CFF09 3_2_011CFF09
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01130F30 3_2_01130F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01152F28 3_2_01152F28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01184F40 3_2_01184F40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01111F92 3_2_01111F92
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CFFB1 3_2_011CFFB1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01102FC8 3_2_01102FC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0111CFE0 3_2_0111CFE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CEE26 3_2_011CEE26
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01110E59 3_2_01110E59
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01122E90 3_2_01122E90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CCE93 3_2_011CCE93
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01119EB0 3_2_01119EB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CEEDB 3_2_011CEEDB
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: String function: 01145130 appears 36 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: String function: 0117EA12 appears 86 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: String function: 010FB970 appears 268 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: String function: 01157E54 appears 96 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: String function: 0118F290 appears 105 times
One or more processes crash
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 416 -s 196
PE / OLE file has an invalid certificate
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Static PE information: invalid certificate
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe, 00000000.00000002.2163640226.00000000028F1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSimpleLogin.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe, 00000000.00000002.2162422063.0000000000B7E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe, 00000000.00000002.2174160307.0000000007220000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameSimpleLogin.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe, 00000000.00000002.2169015346.00000000048F0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe, 00000003.00000002.2547654530.00000000011FD000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Binary or memory string: OriginalFilenameUgIk.exeX vs SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.2547155613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, LXraXr3H1g7PBXMTcQ.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, LXraXr3H1g7PBXMTcQ.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, Rlif0hNS6I8j7ZvkcQ.cs Security API names: _0020.SetAccessControl
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, Rlif0hNS6I8j7ZvkcQ.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, Rlif0hNS6I8j7ZvkcQ.cs Security API names: _0020.AddAccessRule
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, Rlif0hNS6I8j7ZvkcQ.cs Security API names: _0020.SetAccessControl
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, Rlif0hNS6I8j7ZvkcQ.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, Rlif0hNS6I8j7ZvkcQ.cs Security API names: _0020.AddAccessRule
Source: classification engine Classification label: mal96.troj.evad.winEXE@4/6@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.log Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess416
Source: C:\Windows\SysWOW64\WerFault.exe File created: C:\ProgramData\Microsoft\Windows\WER\Temp\9945b4a0-9c7e-473d-9403-5dd432e38790 Jump to behavior
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe ReversingLabs: Detection: 34%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe:Zone.Identifier Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 416 -s 196
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe, 00000003.00000002.2547654530.00000000010D0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe, SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe, 00000003.00000002.2547654530.00000000010D0000.00000040.00001000.00020000.00000000.sdmp

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe, Form1.cs .Net Code: InitializeComponent
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, Rlif0hNS6I8j7ZvkcQ.cs .Net Code: mL5ectLC8o System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.29184e8.3.raw.unpack, HomeView.cs .Net Code: System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, Rlif0hNS6I8j7ZvkcQ.cs .Net Code: mL5ectLC8o System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.7220000.12.raw.unpack, HomeView.cs .Net Code: System.Reflection.Assembly.Load(byte[])
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_00405053 push ebx; retf 3_2_00405057
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_004120FD push ebx; retf 3_2_004121FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0041188E push EFD03D13h; retf 3_2_00411893
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0040E197 push ecx; retf 3_2_0040E19A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0041A996 push ss; iretd 3_2_0041A997
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_004121B7 push ebx; retf 3_2_004121FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_00401A08 push B865D3CCh; retf 3_2_00401A07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_004082D1 push eax; retf 3_2_004082DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_004183E7 push ecx; retf 3_2_004183E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0040A468 push ebp; iretd 3_2_0040A477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0040A4D5 push eax; ret 3_2_0040A4D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_00401570 push 3D820602h; retn 74BEh 3_2_004016E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0040A534 push FFFFFFDDh; ret 3_2_0040A562
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_004115A3 pushad ; retf 3_2_004115E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0040CE60 push ebx; ret 3_2_0040CE61
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_00403610 push eax; ret 3_2_00403612
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_004186FC push ss; ret 3_2_00418707
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_004077C6 pushfd ; ret 3_2_004077C9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011009AD push ecx; mov dword ptr [esp], ecx 3_2_011009B6
Source: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Static PE information: section name: .text entropy: 7.949024460213507
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, x1UsmcLO4MxpygCxhS.cs High entropy of concatenated method names: 'TPWEkpjAQN', 'mxVE8AALcs', 'RWwELww4vf', 'APcEWEk8Ng', 'j5YEPq8uKl', 'go0EwBbuuy', 'tWgEBc32i8', 'mKxEiFcXP5', 'W1sEn32TnJ', 'MXbERJsmlI'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, GlgodURO62atd6o43h.cs High entropy of concatenated method names: 'g8pJIhNH31', 'qyQJtQa3q3', 'UdyJM9JcU4', 'FtAMDPCQOu', 'FTuMzq1vKE', 'DA6JrbpLK4', 'A8BJjkaJ3R', 'WG4J7b6c9c', 'qtEJG5mH7c', 'Cv4Je63TOV'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, gZD9sIzWDyLdE2lutV.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'rxQUAubFLl', 'cWXUEwTS1o', 'qRFU4WYqwp', 'A0TUlyZcpq', 'x8iUx1U3cT', 'UhYUUbcZHs', 'xASUsm0t0F'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, Rlif0hNS6I8j7ZvkcQ.cs High entropy of concatenated method names: 'pSDG1D8jwe', 'qkOGIem9fh', 'eKmGqGuD02', 'RS8GtwZX58', 'dDmGm46yRg', 'DRtGMkYYUR', 'lT4GJ1BS9B', 'RXpGNkuhEG', 'POpG2imlYj', 'BSZGKa8TRP'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, F2gjvrvjEQ41eByUpJ.cs High entropy of concatenated method names: 'ijnxpWHFaG', 'vMVxPEPaef', 'WYKxwohcsj', 'LumxBNSxH8', 'KcoxLCntOr', 'jKwxil6xZG', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, X5GsZCC52XKaE2gSZH.cs High entropy of concatenated method names: 'IdZl9tPBtK', 'FDblD20n02', 'W5lxrWtuSX', 'NCLxjORlR7', 'xtSlTkZOAC', 'ounl8Sr6Wa', 'jsFluQeytH', 'yFHlLOrIO1', 'qxtlWMxwlK', 'KuFloe4m1C'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, LXraXr3H1g7PBXMTcQ.cs High entropy of concatenated method names: 'sIcqLDqvkm', 'yFCqWWc1IW', 'DVcqouFUG1', 'QDEqyYdtTE', 'a6rqQw8OkH', 'yQ3qCd03S8', 'Cy8qFOtfjq', 'iWmq9grbIe', 'N9tqv9H7rv', 'DCaqDIxjTc'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, jMMMe7pasYLbExSF2a.cs High entropy of concatenated method names: 'q4hM1PlJAF', 'eOnMq6YBdR', 'mYHMmG6b9f', 'xUfMJrKO7d', 'dZGMNxJcYh', 'tUhmQbWv16', 'bdvmCZcJfa', 'uOomFViSMe', 'FINm98UMOu', 'GddmvqeZPH'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, O5kJDOSIL0tjkOUCZi.cs High entropy of concatenated method names: 'Ah6m6YuSTW', 'SlLm0C3SBm', 'TXFtwaY6BF', 'QbwtBlmCt6', 'XYxtiXp0jH', 'YgStnWBpxW', 'goTtRDfDck', 'Y2ltbnILxy', 'jjXtYD1UOC', 'ysmtknoH3w'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, YrytaFjGrowN7XHciK6.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Gy7sLcfPtS', 'F9vsWTwKrI', 'hUQso2hnO8', 'cVosyWbB6o', 'XicsQApjSf', 'X6asCTZwUS', 'BDesFZUUQD'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, U3OM8pujoaJu3jLFj9.cs High entropy of concatenated method names: 'gFgA3qyoHq', 'zUgAfvsdL8', 'lceApHLKmj', 'O1XAPH4MOq', 'sr4ABbXstI', 'VGcAi1Wyoy', 'mOBARlFNGT', 'QggAbdiSTU', 'P0tAkNtY4M', 'EnjATlou7G'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, RDgI5iYErMSr3xAuux.cs High entropy of concatenated method names: 'EXEJdy4LkK', 'UUYJORms7M', 'HdHJclnm33', 'goOJg058HN', 'tSBJ6sx9qQ', 'N09JVO6Vlv', 'VdFJ0nyBf1', 'Y2OJ3DSDeB', 'AgLJfFtQhc', 'g9wJS3NJ8s'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, HpEIvGqZRnE11wmT5N.cs High entropy of concatenated method names: 'Dispose', 'sYajveo3Ds', 'RmH7PojTOa', 'aMFddo8Ghn', 'GqGjDYDEKO', 'j0qjzCNhO8', 'ProcessDialogKey', 'BNp7r2gjvr', 'bEQ7j41eBy', 'spJ77cePcF'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, qsKJRbfNP5AYII3K9s.cs High entropy of concatenated method names: 'A77tg36r7W', 'gpdtVE2sAE', 'V0st3hXkAs', 'x46tfTBp3w', 'Gw7tEfW4jN', 'y26t40ysc7', 'ETftlwU4kf', 'VE8txelhOl', 'vj6tUgwBfR', 'Uuvts4BLwY'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, ICOl37jrMbyvnQ2O4mf.cs High entropy of concatenated method names: 'bQwUde3Ol8', 'AfKUODIoFC', 'IIsUcBHO8u', 'VM8UgNJFwr', 'DndU65lj3Y', 'GSuUVDvPXC', 'M6FU09mXp3', 'icmU3QLvAu', 'ggWUfHdCmR', 'WNmUSwFxXr'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, zePcFFDZB9E7DJDF0F.cs High entropy of concatenated method names: 'M8pUja3xf5', 'mNHUGk0T9H', 'k2YUeKq7wF', 'lAWUIfQCAo', 'cR0UqLwGYx', 'pZUUm68S8i', 'nRoUMRWyaZ', 'Y6VxFiKTyq', 'Yp6x9iU8d7', 'iK0xvrjA62'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, gGYDEK9OJ0qCNhO86N.cs High entropy of concatenated method names: 'mMkxINP0yS', 'boCxqLoFGd', 'ntixt3aGFR', 'qAhxmsBUss', 'vf7xMsblRk', 'QXpxJdR93M', 'QUCxNg6V7t', 'cWHx21mJHD', 'xY4xKJgbGZ', 'NQSxHbfQMZ'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, sboPoge5Gp2OWtqFED.cs High entropy of concatenated method names: 'kLRjJXraXr', 'n1gjN7PBXM', 'MNPjK5AYII', 'DK9jHsT5kJ', 'yUCjEZiJMM', 'ie7j4asYLb', 'lQDBcESpZXrIAZUpY4', 'kJSPQfA285STckHVBE', 'dwtjjFe64v', 'kCSjGXUKRD'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, bmWfvK7JF24O6h80ap.cs High entropy of concatenated method names: 'E3ZcSqVus', 'B35g9dN25', 'ksxVum6pR', 'RI20lIqyv', 'xrGfnM72U', 'o28SSWskB', 'ytUNDOfeMyhORbWuov', 'hKZ6DKeT56tRYTLRIE', 'uNqgbUb61Ll5oDJZea', 'RELxr5vme'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.4577110.9.raw.unpack, vGKPjroYlSjsEGZTUO.cs High entropy of concatenated method names: 'ToString', 'QI14TEf8pH', 'WZW4PikSMU', 'tsu4we1VbX', 'Txa4BLorN7', 'olT4ivskOZ', 'vak4nF8UxV', 'zC14RXR2I9', 'yFB4bFNBSX', 'L9X4YEeN6m'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, x1UsmcLO4MxpygCxhS.cs High entropy of concatenated method names: 'TPWEkpjAQN', 'mxVE8AALcs', 'RWwELww4vf', 'APcEWEk8Ng', 'j5YEPq8uKl', 'go0EwBbuuy', 'tWgEBc32i8', 'mKxEiFcXP5', 'W1sEn32TnJ', 'MXbERJsmlI'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, GlgodURO62atd6o43h.cs High entropy of concatenated method names: 'g8pJIhNH31', 'qyQJtQa3q3', 'UdyJM9JcU4', 'FtAMDPCQOu', 'FTuMzq1vKE', 'DA6JrbpLK4', 'A8BJjkaJ3R', 'WG4J7b6c9c', 'qtEJG5mH7c', 'Cv4Je63TOV'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, gZD9sIzWDyLdE2lutV.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'rxQUAubFLl', 'cWXUEwTS1o', 'qRFU4WYqwp', 'A0TUlyZcpq', 'x8iUx1U3cT', 'UhYUUbcZHs', 'xASUsm0t0F'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, Rlif0hNS6I8j7ZvkcQ.cs High entropy of concatenated method names: 'pSDG1D8jwe', 'qkOGIem9fh', 'eKmGqGuD02', 'RS8GtwZX58', 'dDmGm46yRg', 'DRtGMkYYUR', 'lT4GJ1BS9B', 'RXpGNkuhEG', 'POpG2imlYj', 'BSZGKa8TRP'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, F2gjvrvjEQ41eByUpJ.cs High entropy of concatenated method names: 'ijnxpWHFaG', 'vMVxPEPaef', 'WYKxwohcsj', 'LumxBNSxH8', 'KcoxLCntOr', 'jKwxil6xZG', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, X5GsZCC52XKaE2gSZH.cs High entropy of concatenated method names: 'IdZl9tPBtK', 'FDblD20n02', 'W5lxrWtuSX', 'NCLxjORlR7', 'xtSlTkZOAC', 'ounl8Sr6Wa', 'jsFluQeytH', 'yFHlLOrIO1', 'qxtlWMxwlK', 'KuFloe4m1C'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, LXraXr3H1g7PBXMTcQ.cs High entropy of concatenated method names: 'sIcqLDqvkm', 'yFCqWWc1IW', 'DVcqouFUG1', 'QDEqyYdtTE', 'a6rqQw8OkH', 'yQ3qCd03S8', 'Cy8qFOtfjq', 'iWmq9grbIe', 'N9tqv9H7rv', 'DCaqDIxjTc'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, jMMMe7pasYLbExSF2a.cs High entropy of concatenated method names: 'q4hM1PlJAF', 'eOnMq6YBdR', 'mYHMmG6b9f', 'xUfMJrKO7d', 'dZGMNxJcYh', 'tUhmQbWv16', 'bdvmCZcJfa', 'uOomFViSMe', 'FINm98UMOu', 'GddmvqeZPH'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, O5kJDOSIL0tjkOUCZi.cs High entropy of concatenated method names: 'Ah6m6YuSTW', 'SlLm0C3SBm', 'TXFtwaY6BF', 'QbwtBlmCt6', 'XYxtiXp0jH', 'YgStnWBpxW', 'goTtRDfDck', 'Y2ltbnILxy', 'jjXtYD1UOC', 'ysmtknoH3w'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, YrytaFjGrowN7XHciK6.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Gy7sLcfPtS', 'F9vsWTwKrI', 'hUQso2hnO8', 'cVosyWbB6o', 'XicsQApjSf', 'X6asCTZwUS', 'BDesFZUUQD'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, U3OM8pujoaJu3jLFj9.cs High entropy of concatenated method names: 'gFgA3qyoHq', 'zUgAfvsdL8', 'lceApHLKmj', 'O1XAPH4MOq', 'sr4ABbXstI', 'VGcAi1Wyoy', 'mOBARlFNGT', 'QggAbdiSTU', 'P0tAkNtY4M', 'EnjATlou7G'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, RDgI5iYErMSr3xAuux.cs High entropy of concatenated method names: 'EXEJdy4LkK', 'UUYJORms7M', 'HdHJclnm33', 'goOJg058HN', 'tSBJ6sx9qQ', 'N09JVO6Vlv', 'VdFJ0nyBf1', 'Y2OJ3DSDeB', 'AgLJfFtQhc', 'g9wJS3NJ8s'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, HpEIvGqZRnE11wmT5N.cs High entropy of concatenated method names: 'Dispose', 'sYajveo3Ds', 'RmH7PojTOa', 'aMFddo8Ghn', 'GqGjDYDEKO', 'j0qjzCNhO8', 'ProcessDialogKey', 'BNp7r2gjvr', 'bEQ7j41eBy', 'spJ77cePcF'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, qsKJRbfNP5AYII3K9s.cs High entropy of concatenated method names: 'A77tg36r7W', 'gpdtVE2sAE', 'V0st3hXkAs', 'x46tfTBp3w', 'Gw7tEfW4jN', 'y26t40ysc7', 'ETftlwU4kf', 'VE8txelhOl', 'vj6tUgwBfR', 'Uuvts4BLwY'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, ICOl37jrMbyvnQ2O4mf.cs High entropy of concatenated method names: 'bQwUde3Ol8', 'AfKUODIoFC', 'IIsUcBHO8u', 'VM8UgNJFwr', 'DndU65lj3Y', 'GSuUVDvPXC', 'M6FU09mXp3', 'icmU3QLvAu', 'ggWUfHdCmR', 'WNmUSwFxXr'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, zePcFFDZB9E7DJDF0F.cs High entropy of concatenated method names: 'M8pUja3xf5', 'mNHUGk0T9H', 'k2YUeKq7wF', 'lAWUIfQCAo', 'cR0UqLwGYx', 'pZUUm68S8i', 'nRoUMRWyaZ', 'Y6VxFiKTyq', 'Yp6x9iU8d7', 'iK0xvrjA62'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, gGYDEK9OJ0qCNhO86N.cs High entropy of concatenated method names: 'mMkxINP0yS', 'boCxqLoFGd', 'ntixt3aGFR', 'qAhxmsBUss', 'vf7xMsblRk', 'QXpxJdR93M', 'QUCxNg6V7t', 'cWHx21mJHD', 'xY4xKJgbGZ', 'NQSxHbfQMZ'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, sboPoge5Gp2OWtqFED.cs High entropy of concatenated method names: 'kLRjJXraXr', 'n1gjN7PBXM', 'MNPjK5AYII', 'DK9jHsT5kJ', 'yUCjEZiJMM', 'ie7j4asYLb', 'lQDBcESpZXrIAZUpY4', 'kJSPQfA285STckHVBE', 'dwtjjFe64v', 'kCSjGXUKRD'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, bmWfvK7JF24O6h80ap.cs High entropy of concatenated method names: 'E3ZcSqVus', 'B35g9dN25', 'ksxVum6pR', 'RI20lIqyv', 'xrGfnM72U', 'o28SSWskB', 'ytUNDOfeMyhORbWuov', 'hKZ6DKeT56tRYTLRIE', 'uNqgbUb61Ll5oDJZea', 'RELxr5vme'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.44f36f0.8.raw.unpack, vGKPjroYlSjsEGZTUO.cs High entropy of concatenated method names: 'ToString', 'QI14TEf8pH', 'WZW4PikSMU', 'tsu4we1VbX', 'Txa4BLorN7', 'olT4ivskOZ', 'vak4nF8UxV', 'zC14RXR2I9', 'yFB4bFNBSX', 'L9X4YEeN6m'
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe PID: 4188, type: MEMORYSTR
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Memory allocated: CF0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Memory allocated: 28F0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Memory allocated: 48F0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Memory allocated: 8800000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Memory allocated: 9800000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Memory allocated: 9A00000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Memory allocated: AA00000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Memory allocated: ADF0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Memory allocated: BDF0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Memory allocated: CDF0000 memory reserve | memory write watch Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0117D1C0 rdtsc 3_2_0117D1C0
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe API coverage: 0.4 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe TID: 2332 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: Amcache.hve.10.dr Binary or memory string: VMware
Source: Amcache.hve.10.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.10.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.10.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.10.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.10.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.10.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.10.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.10.dr Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: Amcache.hve.10.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.10.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.10.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.10.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.10.dr Binary or memory string: vmci.sys
Source: Amcache.hve.10.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.10.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.10.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.10.dr Binary or memory string: VMware20,1
Source: Amcache.hve.10.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.10.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.10.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.10.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.10.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.10.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.10.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.10.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.10.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.10.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.10.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0117D1C0 rdtsc 3_2_0117D1C0
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01142DF0 NtQuerySystemInformation,LdrInitializeThunk, 3_2_01142DF0
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011AA118 mov ecx, dword ptr fs:[00000030h] 3_2_011AA118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011AA118 mov eax, dword ptr fs:[00000030h] 3_2_011AA118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011AA118 mov eax, dword ptr fs:[00000030h] 3_2_011AA118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011AA118 mov eax, dword ptr fs:[00000030h] 3_2_011AA118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C0115 mov eax, dword ptr fs:[00000030h] 3_2_011C0115
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01101131 mov eax, dword ptr fs:[00000030h] 3_2_01101131
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01101131 mov eax, dword ptr fs:[00000030h] 3_2_01101131
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01130124 mov eax, dword ptr fs:[00000030h] 3_2_01130124
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FB136 mov eax, dword ptr fs:[00000030h] 3_2_010FB136
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FB136 mov eax, dword ptr fs:[00000030h] 3_2_010FB136
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FB136 mov eax, dword ptr fs:[00000030h] 3_2_010FB136
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FB136 mov eax, dword ptr fs:[00000030h] 3_2_010FB136
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01198158 mov eax, dword ptr fs:[00000030h] 3_2_01198158
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01107152 mov eax, dword ptr fs:[00000030h] 3_2_01107152
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01106154 mov eax, dword ptr fs:[00000030h] 3_2_01106154
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01106154 mov eax, dword ptr fs:[00000030h] 3_2_01106154
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F9148 mov eax, dword ptr fs:[00000030h] 3_2_010F9148
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F9148 mov eax, dword ptr fs:[00000030h] 3_2_010F9148
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F9148 mov eax, dword ptr fs:[00000030h] 3_2_010F9148
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F9148 mov eax, dword ptr fs:[00000030h] 3_2_010F9148
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D5152 mov eax, dword ptr fs:[00000030h] 3_2_011D5152
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FC156 mov eax, dword ptr fs:[00000030h] 3_2_010FC156
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01194144 mov eax, dword ptr fs:[00000030h] 3_2_01194144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01194144 mov eax, dword ptr fs:[00000030h] 3_2_01194144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01194144 mov ecx, dword ptr fs:[00000030h] 3_2_01194144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01194144 mov eax, dword ptr fs:[00000030h] 3_2_01194144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01194144 mov eax, dword ptr fs:[00000030h] 3_2_01194144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01199179 mov eax, dword ptr fs:[00000030h] 3_2_01199179
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FF172 mov eax, dword ptr fs:[00000030h] 3_2_010FF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01157190 mov eax, dword ptr fs:[00000030h] 3_2_01157190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118019F mov eax, dword ptr fs:[00000030h] 3_2_0118019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118019F mov eax, dword ptr fs:[00000030h] 3_2_0118019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118019F mov eax, dword ptr fs:[00000030h] 3_2_0118019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118019F mov eax, dword ptr fs:[00000030h] 3_2_0118019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01140185 mov eax, dword ptr fs:[00000030h] 3_2_01140185
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011BC188 mov eax, dword ptr fs:[00000030h] 3_2_011BC188
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011BC188 mov eax, dword ptr fs:[00000030h] 3_2_011BC188
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FA197 mov eax, dword ptr fs:[00000030h] 3_2_010FA197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FA197 mov eax, dword ptr fs:[00000030h] 3_2_010FA197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FA197 mov eax, dword ptr fs:[00000030h] 3_2_010FA197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0111B1B0 mov eax, dword ptr fs:[00000030h] 3_2_0111B1B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B11A4 mov eax, dword ptr fs:[00000030h] 3_2_011B11A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B11A4 mov eax, dword ptr fs:[00000030h] 3_2_011B11A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B11A4 mov eax, dword ptr fs:[00000030h] 3_2_011B11A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B11A4 mov eax, dword ptr fs:[00000030h] 3_2_011B11A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113D1D0 mov eax, dword ptr fs:[00000030h] 3_2_0113D1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113D1D0 mov ecx, dword ptr fs:[00000030h] 3_2_0113D1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0117E1D0 mov eax, dword ptr fs:[00000030h] 3_2_0117E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0117E1D0 mov eax, dword ptr fs:[00000030h] 3_2_0117E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0117E1D0 mov ecx, dword ptr fs:[00000030h] 3_2_0117E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0117E1D0 mov eax, dword ptr fs:[00000030h] 3_2_0117E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0117E1D0 mov eax, dword ptr fs:[00000030h] 3_2_0117E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D51CB mov eax, dword ptr fs:[00000030h] 3_2_011D51CB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C61C3 mov eax, dword ptr fs:[00000030h] 3_2_011C61C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C61C3 mov eax, dword ptr fs:[00000030h] 3_2_011C61C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011A71F9 mov esi, dword ptr fs:[00000030h] 3_2_011A71F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011301F8 mov eax, dword ptr fs:[00000030h] 3_2_011301F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D61E5 mov eax, dword ptr fs:[00000030h] 3_2_011D61E5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011251EF mov eax, dword ptr fs:[00000030h] 3_2_011251EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011251EF mov eax, dword ptr fs:[00000030h] 3_2_011251EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011251EF mov eax, dword ptr fs:[00000030h] 3_2_011251EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011251EF mov eax, dword ptr fs:[00000030h] 3_2_011251EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011251EF mov eax, dword ptr fs:[00000030h] 3_2_011251EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011251EF mov eax, dword ptr fs:[00000030h] 3_2_011251EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011251EF mov eax, dword ptr fs:[00000030h] 3_2_011251EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011251EF mov eax, dword ptr fs:[00000030h] 3_2_011251EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011251EF mov eax, dword ptr fs:[00000030h] 3_2_011251EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011251EF mov eax, dword ptr fs:[00000030h] 3_2_011251EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011251EF mov eax, dword ptr fs:[00000030h] 3_2_011251EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011251EF mov eax, dword ptr fs:[00000030h] 3_2_011251EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011251EF mov eax, dword ptr fs:[00000030h] 3_2_011251EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011051ED mov eax, dword ptr fs:[00000030h] 3_2_011051ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0111E016 mov eax, dword ptr fs:[00000030h] 3_2_0111E016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0111E016 mov eax, dword ptr fs:[00000030h] 3_2_0111E016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0111E016 mov eax, dword ptr fs:[00000030h] 3_2_0111E016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0111E016 mov eax, dword ptr fs:[00000030h] 3_2_0111E016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01184000 mov ecx, dword ptr fs:[00000030h] 3_2_01184000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C903E mov eax, dword ptr fs:[00000030h] 3_2_011C903E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C903E mov eax, dword ptr fs:[00000030h] 3_2_011C903E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C903E mov eax, dword ptr fs:[00000030h] 3_2_011C903E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C903E mov eax, dword ptr fs:[00000030h] 3_2_011C903E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FA020 mov eax, dword ptr fs:[00000030h] 3_2_010FA020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FC020 mov eax, dword ptr fs:[00000030h] 3_2_010FC020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01102050 mov eax, dword ptr fs:[00000030h] 3_2_01102050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112B052 mov eax, dword ptr fs:[00000030h] 3_2_0112B052
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011A705E mov ebx, dword ptr fs:[00000030h] 3_2_011A705E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011A705E mov eax, dword ptr fs:[00000030h] 3_2_011A705E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01186050 mov eax, dword ptr fs:[00000030h] 3_2_01186050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01111070 mov eax, dword ptr fs:[00000030h] 3_2_01111070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01111070 mov ecx, dword ptr fs:[00000030h] 3_2_01111070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01111070 mov eax, dword ptr fs:[00000030h] 3_2_01111070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01111070 mov eax, dword ptr fs:[00000030h] 3_2_01111070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01111070 mov eax, dword ptr fs:[00000030h] 3_2_01111070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01111070 mov eax, dword ptr fs:[00000030h] 3_2_01111070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01111070 mov eax, dword ptr fs:[00000030h] 3_2_01111070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01111070 mov eax, dword ptr fs:[00000030h] 3_2_01111070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01111070 mov eax, dword ptr fs:[00000030h] 3_2_01111070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01111070 mov eax, dword ptr fs:[00000030h] 3_2_01111070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01111070 mov eax, dword ptr fs:[00000030h] 3_2_01111070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01111070 mov eax, dword ptr fs:[00000030h] 3_2_01111070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01111070 mov eax, dword ptr fs:[00000030h] 3_2_01111070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112C073 mov eax, dword ptr fs:[00000030h] 3_2_0112C073
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0117D070 mov ecx, dword ptr fs:[00000030h] 3_2_0117D070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118106E mov eax, dword ptr fs:[00000030h] 3_2_0118106E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D5060 mov eax, dword ptr fs:[00000030h] 3_2_011D5060
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FD08D mov eax, dword ptr fs:[00000030h] 3_2_010FD08D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112D090 mov eax, dword ptr fs:[00000030h] 3_2_0112D090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112D090 mov eax, dword ptr fs:[00000030h] 3_2_0112D090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01105096 mov eax, dword ptr fs:[00000030h] 3_2_01105096
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113909C mov eax, dword ptr fs:[00000030h] 3_2_0113909C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110208A mov eax, dword ptr fs:[00000030h] 3_2_0110208A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C60B8 mov eax, dword ptr fs:[00000030h] 3_2_011C60B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C60B8 mov ecx, dword ptr fs:[00000030h] 3_2_011C60B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011980A8 mov eax, dword ptr fs:[00000030h] 3_2_011980A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D50D9 mov eax, dword ptr fs:[00000030h] 3_2_011D50D9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011820DE mov eax, dword ptr fs:[00000030h] 3_2_011820DE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011290DB mov eax, dword ptr fs:[00000030h] 3_2_011290DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov eax, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov ecx, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov ecx, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov eax, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov ecx, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov ecx, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov eax, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov eax, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov eax, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov eax, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov eax, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov eax, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov eax, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov eax, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov eax, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov eax, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov eax, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011170C0 mov eax, dword ptr fs:[00000030h] 3_2_011170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0117D0C0 mov eax, dword ptr fs:[00000030h] 3_2_0117D0C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0117D0C0 mov eax, dword ptr fs:[00000030h] 3_2_0117D0C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011420F0 mov ecx, dword ptr fs:[00000030h] 3_2_011420F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FA0E3 mov ecx, dword ptr fs:[00000030h] 3_2_010FA0E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011250E4 mov eax, dword ptr fs:[00000030h] 3_2_011250E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011250E4 mov ecx, dword ptr fs:[00000030h] 3_2_011250E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011860E0 mov eax, dword ptr fs:[00000030h] 3_2_011860E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011080E9 mov eax, dword ptr fs:[00000030h] 3_2_011080E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FC0F0 mov eax, dword ptr fs:[00000030h] 3_2_010FC0F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01120310 mov ecx, dword ptr fs:[00000030h] 3_2_01120310
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118930B mov eax, dword ptr fs:[00000030h] 3_2_0118930B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118930B mov eax, dword ptr fs:[00000030h] 3_2_0118930B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118930B mov eax, dword ptr fs:[00000030h] 3_2_0118930B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113A30B mov eax, dword ptr fs:[00000030h] 3_2_0113A30B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113A30B mov eax, dword ptr fs:[00000030h] 3_2_0113A30B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113A30B mov eax, dword ptr fs:[00000030h] 3_2_0113A30B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FC310 mov ecx, dword ptr fs:[00000030h] 3_2_010FC310
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C132D mov eax, dword ptr fs:[00000030h] 3_2_011C132D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C132D mov eax, dword ptr fs:[00000030h] 3_2_011C132D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112F32A mov eax, dword ptr fs:[00000030h] 3_2_0112F32A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F7330 mov eax, dword ptr fs:[00000030h] 3_2_010F7330
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FD34C mov eax, dword ptr fs:[00000030h] 3_2_010FD34C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FD34C mov eax, dword ptr fs:[00000030h] 3_2_010FD34C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118035C mov eax, dword ptr fs:[00000030h] 3_2_0118035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118035C mov eax, dword ptr fs:[00000030h] 3_2_0118035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118035C mov eax, dword ptr fs:[00000030h] 3_2_0118035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118035C mov ecx, dword ptr fs:[00000030h] 3_2_0118035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118035C mov eax, dword ptr fs:[00000030h] 3_2_0118035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118035C mov eax, dword ptr fs:[00000030h] 3_2_0118035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CA352 mov eax, dword ptr fs:[00000030h] 3_2_011CA352
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01182349 mov eax, dword ptr fs:[00000030h] 3_2_01182349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01182349 mov eax, dword ptr fs:[00000030h] 3_2_01182349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01182349 mov eax, dword ptr fs:[00000030h] 3_2_01182349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01182349 mov eax, dword ptr fs:[00000030h] 3_2_01182349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01182349 mov eax, dword ptr fs:[00000030h] 3_2_01182349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01182349 mov eax, dword ptr fs:[00000030h] 3_2_01182349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01182349 mov eax, dword ptr fs:[00000030h] 3_2_01182349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01182349 mov eax, dword ptr fs:[00000030h] 3_2_01182349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01182349 mov eax, dword ptr fs:[00000030h] 3_2_01182349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01182349 mov eax, dword ptr fs:[00000030h] 3_2_01182349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01182349 mov eax, dword ptr fs:[00000030h] 3_2_01182349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01182349 mov eax, dword ptr fs:[00000030h] 3_2_01182349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01182349 mov eax, dword ptr fs:[00000030h] 3_2_01182349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01182349 mov eax, dword ptr fs:[00000030h] 3_2_01182349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01182349 mov eax, dword ptr fs:[00000030h] 3_2_01182349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D5341 mov eax, dword ptr fs:[00000030h] 3_2_011D5341
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F9353 mov eax, dword ptr fs:[00000030h] 3_2_010F9353
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F9353 mov eax, dword ptr fs:[00000030h] 3_2_010F9353
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01107370 mov eax, dword ptr fs:[00000030h] 3_2_01107370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01107370 mov eax, dword ptr fs:[00000030h] 3_2_01107370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01107370 mov eax, dword ptr fs:[00000030h] 3_2_01107370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011A437C mov eax, dword ptr fs:[00000030h] 3_2_011A437C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011BF367 mov eax, dword ptr fs:[00000030h] 3_2_011BF367
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D539D mov eax, dword ptr fs:[00000030h] 3_2_011D539D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FE388 mov eax, dword ptr fs:[00000030h] 3_2_010FE388
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FE388 mov eax, dword ptr fs:[00000030h] 3_2_010FE388
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FE388 mov eax, dword ptr fs:[00000030h] 3_2_010FE388
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0115739A mov eax, dword ptr fs:[00000030h] 3_2_0115739A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0115739A mov eax, dword ptr fs:[00000030h] 3_2_0115739A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F8397 mov eax, dword ptr fs:[00000030h] 3_2_010F8397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F8397 mov eax, dword ptr fs:[00000030h] 3_2_010F8397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F8397 mov eax, dword ptr fs:[00000030h] 3_2_010F8397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112438F mov eax, dword ptr fs:[00000030h] 3_2_0112438F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112438F mov eax, dword ptr fs:[00000030h] 3_2_0112438F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011333A0 mov eax, dword ptr fs:[00000030h] 3_2_011333A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011333A0 mov eax, dword ptr fs:[00000030h] 3_2_011333A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011233A5 mov eax, dword ptr fs:[00000030h] 3_2_011233A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011BB3D0 mov ecx, dword ptr fs:[00000030h] 3_2_011BB3D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 3_2_0110A3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 3_2_0110A3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 3_2_0110A3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 3_2_0110A3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 3_2_0110A3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 3_2_0110A3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011083C0 mov eax, dword ptr fs:[00000030h] 3_2_011083C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011083C0 mov eax, dword ptr fs:[00000030h] 3_2_011083C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011083C0 mov eax, dword ptr fs:[00000030h] 3_2_011083C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011083C0 mov eax, dword ptr fs:[00000030h] 3_2_011083C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011BC3CD mov eax, dword ptr fs:[00000030h] 3_2_011BC3CD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011863C0 mov eax, dword ptr fs:[00000030h] 3_2_011863C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D53FC mov eax, dword ptr fs:[00000030h] 3_2_011D53FC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0111E3F0 mov eax, dword ptr fs:[00000030h] 3_2_0111E3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0111E3F0 mov eax, dword ptr fs:[00000030h] 3_2_0111E3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0111E3F0 mov eax, dword ptr fs:[00000030h] 3_2_0111E3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011363FF mov eax, dword ptr fs:[00000030h] 3_2_011363FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h] 3_2_011103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h] 3_2_011103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h] 3_2_011103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h] 3_2_011103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h] 3_2_011103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h] 3_2_011103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h] 3_2_011103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h] 3_2_011103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011BF3E6 mov eax, dword ptr fs:[00000030h] 3_2_011BF3E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01137208 mov eax, dword ptr fs:[00000030h] 3_2_01137208
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01137208 mov eax, dword ptr fs:[00000030h] 3_2_01137208
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F823B mov eax, dword ptr fs:[00000030h] 3_2_010F823B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D5227 mov eax, dword ptr fs:[00000030h] 3_2_011D5227
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01106259 mov eax, dword ptr fs:[00000030h] 3_2_01106259
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011BB256 mov eax, dword ptr fs:[00000030h] 3_2_011BB256
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011BB256 mov eax, dword ptr fs:[00000030h] 3_2_011BB256
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F9240 mov eax, dword ptr fs:[00000030h] 3_2_010F9240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F9240 mov eax, dword ptr fs:[00000030h] 3_2_010F9240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113724D mov eax, dword ptr fs:[00000030h] 3_2_0113724D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FA250 mov eax, dword ptr fs:[00000030h] 3_2_010FA250
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F826B mov eax, dword ptr fs:[00000030h] 3_2_010F826B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01141270 mov eax, dword ptr fs:[00000030h] 3_2_01141270
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01141270 mov eax, dword ptr fs:[00000030h] 3_2_01141270
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01129274 mov eax, dword ptr fs:[00000030h] 3_2_01129274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h] 3_2_011B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h] 3_2_011B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h] 3_2_011B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h] 3_2_011B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h] 3_2_011B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h] 3_2_011B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h] 3_2_011B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h] 3_2_011B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h] 3_2_011B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h] 3_2_011B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h] 3_2_011B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h] 3_2_011B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01104260 mov eax, dword ptr fs:[00000030h] 3_2_01104260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01104260 mov eax, dword ptr fs:[00000030h] 3_2_01104260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01104260 mov eax, dword ptr fs:[00000030h] 3_2_01104260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CD26B mov eax, dword ptr fs:[00000030h] 3_2_011CD26B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011CD26B mov eax, dword ptr fs:[00000030h] 3_2_011CD26B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113329E mov eax, dword ptr fs:[00000030h] 3_2_0113329E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113329E mov eax, dword ptr fs:[00000030h] 3_2_0113329E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113E284 mov eax, dword ptr fs:[00000030h] 3_2_0113E284
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113E284 mov eax, dword ptr fs:[00000030h] 3_2_0113E284
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01180283 mov eax, dword ptr fs:[00000030h] 3_2_01180283
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01180283 mov eax, dword ptr fs:[00000030h] 3_2_01180283
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01180283 mov eax, dword ptr fs:[00000030h] 3_2_01180283
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D5283 mov eax, dword ptr fs:[00000030h] 3_2_011D5283
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011892BC mov eax, dword ptr fs:[00000030h] 3_2_011892BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011892BC mov eax, dword ptr fs:[00000030h] 3_2_011892BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011892BC mov ecx, dword ptr fs:[00000030h] 3_2_011892BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011892BC mov ecx, dword ptr fs:[00000030h] 3_2_011892BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011102A0 mov eax, dword ptr fs:[00000030h] 3_2_011102A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011102A0 mov eax, dword ptr fs:[00000030h] 3_2_011102A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011152A0 mov eax, dword ptr fs:[00000030h] 3_2_011152A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011152A0 mov eax, dword ptr fs:[00000030h] 3_2_011152A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011152A0 mov eax, dword ptr fs:[00000030h] 3_2_011152A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011152A0 mov eax, dword ptr fs:[00000030h] 3_2_011152A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011972A0 mov eax, dword ptr fs:[00000030h] 3_2_011972A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011972A0 mov eax, dword ptr fs:[00000030h] 3_2_011972A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011962A0 mov eax, dword ptr fs:[00000030h] 3_2_011962A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011962A0 mov ecx, dword ptr fs:[00000030h] 3_2_011962A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011962A0 mov eax, dword ptr fs:[00000030h] 3_2_011962A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011962A0 mov eax, dword ptr fs:[00000030h] 3_2_011962A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011962A0 mov eax, dword ptr fs:[00000030h] 3_2_011962A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011962A0 mov eax, dword ptr fs:[00000030h] 3_2_011962A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C92A6 mov eax, dword ptr fs:[00000030h] 3_2_011C92A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C92A6 mov eax, dword ptr fs:[00000030h] 3_2_011C92A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C92A6 mov eax, dword ptr fs:[00000030h] 3_2_011C92A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011C92A6 mov eax, dword ptr fs:[00000030h] 3_2_011C92A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112F2D0 mov eax, dword ptr fs:[00000030h] 3_2_0112F2D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112F2D0 mov eax, dword ptr fs:[00000030h] 3_2_0112F2D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112B2C0 mov eax, dword ptr fs:[00000030h] 3_2_0112B2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112B2C0 mov eax, dword ptr fs:[00000030h] 3_2_0112B2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112B2C0 mov eax, dword ptr fs:[00000030h] 3_2_0112B2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112B2C0 mov eax, dword ptr fs:[00000030h] 3_2_0112B2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112B2C0 mov eax, dword ptr fs:[00000030h] 3_2_0112B2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112B2C0 mov eax, dword ptr fs:[00000030h] 3_2_0112B2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112B2C0 mov eax, dword ptr fs:[00000030h] 3_2_0112B2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110A2C3 mov eax, dword ptr fs:[00000030h] 3_2_0110A2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110A2C3 mov eax, dword ptr fs:[00000030h] 3_2_0110A2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110A2C3 mov eax, dword ptr fs:[00000030h] 3_2_0110A2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110A2C3 mov eax, dword ptr fs:[00000030h] 3_2_0110A2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110A2C3 mov eax, dword ptr fs:[00000030h] 3_2_0110A2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011092C5 mov eax, dword ptr fs:[00000030h] 3_2_011092C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011092C5 mov eax, dword ptr fs:[00000030h] 3_2_011092C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FB2D3 mov eax, dword ptr fs:[00000030h] 3_2_010FB2D3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FB2D3 mov eax, dword ptr fs:[00000030h] 3_2_010FB2D3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FB2D3 mov eax, dword ptr fs:[00000030h] 3_2_010FB2D3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011BF2F8 mov eax, dword ptr fs:[00000030h] 3_2_011BF2F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011102E1 mov eax, dword ptr fs:[00000030h] 3_2_011102E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011102E1 mov eax, dword ptr fs:[00000030h] 3_2_011102E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011102E1 mov eax, dword ptr fs:[00000030h] 3_2_011102E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F92FF mov eax, dword ptr fs:[00000030h] 3_2_010F92FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B12ED mov eax, dword ptr fs:[00000030h] 3_2_011B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B12ED mov eax, dword ptr fs:[00000030h] 3_2_011B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B12ED mov eax, dword ptr fs:[00000030h] 3_2_011B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B12ED mov eax, dword ptr fs:[00000030h] 3_2_011B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B12ED mov eax, dword ptr fs:[00000030h] 3_2_011B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B12ED mov eax, dword ptr fs:[00000030h] 3_2_011B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B12ED mov eax, dword ptr fs:[00000030h] 3_2_011B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B12ED mov eax, dword ptr fs:[00000030h] 3_2_011B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B12ED mov eax, dword ptr fs:[00000030h] 3_2_011B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B12ED mov eax, dword ptr fs:[00000030h] 3_2_011B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B12ED mov eax, dword ptr fs:[00000030h] 3_2_011B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B12ED mov eax, dword ptr fs:[00000030h] 3_2_011B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B12ED mov eax, dword ptr fs:[00000030h] 3_2_011B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011B12ED mov eax, dword ptr fs:[00000030h] 3_2_011B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D52E2 mov eax, dword ptr fs:[00000030h] 3_2_011D52E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01137505 mov eax, dword ptr fs:[00000030h] 3_2_01137505
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01137505 mov ecx, dword ptr fs:[00000030h] 3_2_01137505
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D4500 mov eax, dword ptr fs:[00000030h] 3_2_011D4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D4500 mov eax, dword ptr fs:[00000030h] 3_2_011D4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D4500 mov eax, dword ptr fs:[00000030h] 3_2_011D4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D4500 mov eax, dword ptr fs:[00000030h] 3_2_011D4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D4500 mov eax, dword ptr fs:[00000030h] 3_2_011D4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D4500 mov eax, dword ptr fs:[00000030h] 3_2_011D4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D4500 mov eax, dword ptr fs:[00000030h] 3_2_011D4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113D530 mov eax, dword ptr fs:[00000030h] 3_2_0113D530
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113D530 mov eax, dword ptr fs:[00000030h] 3_2_0113D530
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01110535 mov eax, dword ptr fs:[00000030h] 3_2_01110535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01110535 mov eax, dword ptr fs:[00000030h] 3_2_01110535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01110535 mov eax, dword ptr fs:[00000030h] 3_2_01110535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01110535 mov eax, dword ptr fs:[00000030h] 3_2_01110535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01110535 mov eax, dword ptr fs:[00000030h] 3_2_01110535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01110535 mov eax, dword ptr fs:[00000030h] 3_2_01110535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110D534 mov eax, dword ptr fs:[00000030h] 3_2_0110D534
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110D534 mov eax, dword ptr fs:[00000030h] 3_2_0110D534
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110D534 mov eax, dword ptr fs:[00000030h] 3_2_0110D534
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110D534 mov eax, dword ptr fs:[00000030h] 3_2_0110D534
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110D534 mov eax, dword ptr fs:[00000030h] 3_2_0110D534
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110D534 mov eax, dword ptr fs:[00000030h] 3_2_0110D534
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D5537 mov eax, dword ptr fs:[00000030h] 3_2_011D5537
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112E53E mov eax, dword ptr fs:[00000030h] 3_2_0112E53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112E53E mov eax, dword ptr fs:[00000030h] 3_2_0112E53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112E53E mov eax, dword ptr fs:[00000030h] 3_2_0112E53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112E53E mov eax, dword ptr fs:[00000030h] 3_2_0112E53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112E53E mov eax, dword ptr fs:[00000030h] 3_2_0112E53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011BB52F mov eax, dword ptr fs:[00000030h] 3_2_011BB52F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011AF525 mov eax, dword ptr fs:[00000030h] 3_2_011AF525
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011AF525 mov eax, dword ptr fs:[00000030h] 3_2_011AF525
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011AF525 mov eax, dword ptr fs:[00000030h] 3_2_011AF525
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011AF525 mov eax, dword ptr fs:[00000030h] 3_2_011AF525
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011AF525 mov eax, dword ptr fs:[00000030h] 3_2_011AF525
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011AF525 mov eax, dword ptr fs:[00000030h] 3_2_011AF525
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011AF525 mov eax, dword ptr fs:[00000030h] 3_2_011AF525
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01108550 mov eax, dword ptr fs:[00000030h] 3_2_01108550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01108550 mov eax, dword ptr fs:[00000030h] 3_2_01108550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113B570 mov eax, dword ptr fs:[00000030h] 3_2_0113B570
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113B570 mov eax, dword ptr fs:[00000030h] 3_2_0113B570
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FB562 mov eax, dword ptr fs:[00000030h] 3_2_010FB562
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113656A mov eax, dword ptr fs:[00000030h] 3_2_0113656A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113656A mov eax, dword ptr fs:[00000030h] 3_2_0113656A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113656A mov eax, dword ptr fs:[00000030h] 3_2_0113656A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F758F mov eax, dword ptr fs:[00000030h] 3_2_010F758F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F758F mov eax, dword ptr fs:[00000030h] 3_2_010F758F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F758F mov eax, dword ptr fs:[00000030h] 3_2_010F758F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118B594 mov eax, dword ptr fs:[00000030h] 3_2_0118B594
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0118B594 mov eax, dword ptr fs:[00000030h] 3_2_0118B594
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113E59C mov eax, dword ptr fs:[00000030h] 3_2_0113E59C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01102582 mov eax, dword ptr fs:[00000030h] 3_2_01102582
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01102582 mov ecx, dword ptr fs:[00000030h] 3_2_01102582
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01134588 mov eax, dword ptr fs:[00000030h] 3_2_01134588
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112F5B0 mov eax, dword ptr fs:[00000030h] 3_2_0112F5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112F5B0 mov eax, dword ptr fs:[00000030h] 3_2_0112F5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112F5B0 mov eax, dword ptr fs:[00000030h] 3_2_0112F5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112F5B0 mov eax, dword ptr fs:[00000030h] 3_2_0112F5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112F5B0 mov eax, dword ptr fs:[00000030h] 3_2_0112F5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112F5B0 mov eax, dword ptr fs:[00000030h] 3_2_0112F5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112F5B0 mov eax, dword ptr fs:[00000030h] 3_2_0112F5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112F5B0 mov eax, dword ptr fs:[00000030h] 3_2_0112F5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112F5B0 mov eax, dword ptr fs:[00000030h] 3_2_0112F5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011245B1 mov eax, dword ptr fs:[00000030h] 3_2_011245B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011245B1 mov eax, dword ptr fs:[00000030h] 3_2_011245B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011935BA mov eax, dword ptr fs:[00000030h] 3_2_011935BA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011935BA mov eax, dword ptr fs:[00000030h] 3_2_011935BA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011935BA mov eax, dword ptr fs:[00000030h] 3_2_011935BA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011935BA mov eax, dword ptr fs:[00000030h] 3_2_011935BA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011BF5BE mov eax, dword ptr fs:[00000030h] 3_2_011BF5BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011215A9 mov eax, dword ptr fs:[00000030h] 3_2_011215A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011215A9 mov eax, dword ptr fs:[00000030h] 3_2_011215A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011215A9 mov eax, dword ptr fs:[00000030h] 3_2_011215A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011215A9 mov eax, dword ptr fs:[00000030h] 3_2_011215A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011215A9 mov eax, dword ptr fs:[00000030h] 3_2_011215A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011805A7 mov eax, dword ptr fs:[00000030h] 3_2_011805A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011805A7 mov eax, dword ptr fs:[00000030h] 3_2_011805A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011805A7 mov eax, dword ptr fs:[00000030h] 3_2_011805A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011065D0 mov eax, dword ptr fs:[00000030h] 3_2_011065D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113A5D0 mov eax, dword ptr fs:[00000030h] 3_2_0113A5D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113A5D0 mov eax, dword ptr fs:[00000030h] 3_2_0113A5D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0117D5D0 mov eax, dword ptr fs:[00000030h] 3_2_0117D5D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0117D5D0 mov ecx, dword ptr fs:[00000030h] 3_2_0117D5D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011295DA mov eax, dword ptr fs:[00000030h] 3_2_011295DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D35D7 mov eax, dword ptr fs:[00000030h] 3_2_011D35D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D35D7 mov eax, dword ptr fs:[00000030h] 3_2_011D35D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D35D7 mov eax, dword ptr fs:[00000030h] 3_2_011D35D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011355C0 mov eax, dword ptr fs:[00000030h] 3_2_011355C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D55C9 mov eax, dword ptr fs:[00000030h] 3_2_011D55C9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113E5CF mov eax, dword ptr fs:[00000030h] 3_2_0113E5CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113E5CF mov eax, dword ptr fs:[00000030h] 3_2_0113E5CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011215F4 mov eax, dword ptr fs:[00000030h] 3_2_011215F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011215F4 mov eax, dword ptr fs:[00000030h] 3_2_011215F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011215F4 mov eax, dword ptr fs:[00000030h] 3_2_011215F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011215F4 mov eax, dword ptr fs:[00000030h] 3_2_011215F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011215F4 mov eax, dword ptr fs:[00000030h] 3_2_011215F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011215F4 mov eax, dword ptr fs:[00000030h] 3_2_011215F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011025E0 mov eax, dword ptr fs:[00000030h] 3_2_011025E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0112E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0112E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0112E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0112E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0112E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0112E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0112E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 3_2_0112E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113C5ED mov eax, dword ptr fs:[00000030h] 3_2_0113C5ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113C5ED mov eax, dword ptr fs:[00000030h] 3_2_0113C5ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01187410 mov eax, dword ptr fs:[00000030h] 3_2_01187410
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01138402 mov eax, dword ptr fs:[00000030h] 3_2_01138402
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01138402 mov eax, dword ptr fs:[00000030h] 3_2_01138402
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01138402 mov eax, dword ptr fs:[00000030h] 3_2_01138402
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112340D mov eax, dword ptr fs:[00000030h] 3_2_0112340D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113A430 mov eax, dword ptr fs:[00000030h] 3_2_0113A430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FC427 mov eax, dword ptr fs:[00000030h] 3_2_010FC427
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FE420 mov eax, dword ptr fs:[00000030h] 3_2_010FE420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FE420 mov eax, dword ptr fs:[00000030h] 3_2_010FE420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010FE420 mov eax, dword ptr fs:[00000030h] 3_2_010FE420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01186420 mov eax, dword ptr fs:[00000030h] 3_2_01186420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01186420 mov eax, dword ptr fs:[00000030h] 3_2_01186420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01186420 mov eax, dword ptr fs:[00000030h] 3_2_01186420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01186420 mov eax, dword ptr fs:[00000030h] 3_2_01186420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01186420 mov eax, dword ptr fs:[00000030h] 3_2_01186420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01186420 mov eax, dword ptr fs:[00000030h] 3_2_01186420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01186420 mov eax, dword ptr fs:[00000030h] 3_2_01186420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011BF453 mov eax, dword ptr fs:[00000030h] 3_2_011BF453
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112245A mov eax, dword ptr fs:[00000030h] 3_2_0112245A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110B440 mov eax, dword ptr fs:[00000030h] 3_2_0110B440
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110B440 mov eax, dword ptr fs:[00000030h] 3_2_0110B440
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110B440 mov eax, dword ptr fs:[00000030h] 3_2_0110B440
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110B440 mov eax, dword ptr fs:[00000030h] 3_2_0110B440
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110B440 mov eax, dword ptr fs:[00000030h] 3_2_0110B440
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0110B440 mov eax, dword ptr fs:[00000030h] 3_2_0110B440
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h] 3_2_0113E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h] 3_2_0113E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h] 3_2_0113E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h] 3_2_0113E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h] 3_2_0113E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h] 3_2_0113E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h] 3_2_0113E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h] 3_2_0113E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_010F645D mov eax, dword ptr fs:[00000030h] 3_2_010F645D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112A470 mov eax, dword ptr fs:[00000030h] 3_2_0112A470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112A470 mov eax, dword ptr fs:[00000030h] 3_2_0112A470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_0112A470 mov eax, dword ptr fs:[00000030h] 3_2_0112A470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_011D547F mov eax, dword ptr fs:[00000030h] 3_2_011D547F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01101460 mov eax, dword ptr fs:[00000030h] 3_2_01101460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01101460 mov eax, dword ptr fs:[00000030h] 3_2_01101460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01101460 mov eax, dword ptr fs:[00000030h] 3_2_01101460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Code function: 3_2_01101460 mov eax, dword ptr fs:[00000030h] 3_2_01101460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Memory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe base: 400000 value starts with: 4D5A Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe" Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.10.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.10.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.10.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.10.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.10.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.2547155613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.2547155613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1430479 Sample: SecuriteInfo.com.Win32.PWSX... Startdate: 23/04/2024 Architecture: WINDOWS Score: 96 14 Malicious sample detected (through community Yara rule) 2->14 16 Antivirus / Scanner detection for submitted sample 2->16 18 Multi AV Scanner detection for submitted file 2->18 20 5 other signatures 2->20 7 SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe 3 2->7         started        process3 signatures4 22 Injects a PE file into a foreign processes 7->22 10 SecuriteInfo.com.Win32.PWSX-gen.177.26778.exe 7->10         started        process5 process6 12 WerFault.exe 22 16 10->12         started       
No contacted IP infos