Source: grade.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6841040D4 FindFirstFileExW, |
0_2_00007FF6841040D4 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF68410DD48 |
0_2_00007FF68410DD48 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840F8588 |
0_2_00007FF6840F8588 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6841021BC |
0_2_00007FF6841021BC |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840F69F0 |
0_2_00007FF6840F69F0 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840FAA04 |
0_2_00007FF6840FAA04 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF68410266C |
0_2_00007FF68410266C |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840F96A4 |
0_2_00007FF6840F96A4 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840FCF10 |
0_2_00007FF6840FCF10 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF684108B64 |
0_2_00007FF684108B64 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840F733C |
0_2_00007FF6840F733C |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF684107F58 |
0_2_00007FF684107F58 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840F6BD8 |
0_2_00007FF6840F6BD8 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840F6808 |
0_2_00007FF6840F6808 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840F784C |
0_2_00007FF6840F784C |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF68410C08C |
0_2_00007FF68410C08C |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6841040D4 |
0_2_00007FF6841040D4 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF684102CEC |
0_2_00007FF684102CEC |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840FA50C |
0_2_00007FF6840FA50C |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840FF4FC |
0_2_00007FF6840FF4FC |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840FC920 |
0_2_00007FF6840FC920 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: String function: 00007FF6840F1D30 appears 36 times |
|
Source: classification engine |
Classification label: clean4.winEXE@2/1@0/0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3004:120:WilError_03 |
Source: grade.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\grade.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\grade.exe "C:\Users\user\Desktop\grade.exe" |
Source: C:\Users\user\Desktop\grade.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\grade.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\grade.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: grade.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: grade.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: grade.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: grade.exe |
Static PE information: section name: _RDATA |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6841040D4 FindFirstFileExW, |
0_2_00007FF6841040D4 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840FFD94 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF6840FFD94 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF684106848 GetProcessHeap, |
0_2_00007FF684106848 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840FFD94 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF6840FFD94 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840F2708 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF6840F2708 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840F28B0 SetUnhandledExceptionFilter, |
0_2_00007FF6840F28B0 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840F2104 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF6840F2104 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF68410DB90 cpuid |
0_2_00007FF68410DB90 |
Source: C:\Users\user\Desktop\grade.exe |
Code function: 0_2_00007FF6840F25F0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00007FF6840F25F0 |