Source: MSIAB95.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: MSIAB95.exe, 00000000.00000002.1623451368.00000000004AD000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameFMPro_PreInstall_BU.exe vs MSIAB95.exe |
Source: MSIAB95.exe |
Binary or memory string: OriginalFilenameFMPro_PreInstall_BU.exe vs MSIAB95.exe |
Source: MSIAB95.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: MSIAB95.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: classification engine |
Classification label: clean1.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Mutant created: NULL |
Source: MSIAB95.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: MSIAB95.exe |
String found in binary or memory: CommentsPre-Install Backup Utility0 |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: acgenral.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: msacm32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: winmmbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: winmmbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: msvbvm60.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: vb6zz.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Section loaded: asycfilt.dll |
Jump to behavior |
Source: MSIAB95.exe |
Static PE information: section name: .text entropy: 7.960976119041043 |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\MSIAB95.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |