Source: blockbeerman.fun |
Avira URL Cloud: Label: malware |
Source: Uqt8tDIQYk.exe |
Malware Configuration Extractor: LummaC {"C2 url": ["blockbeerman.fun"], "Build Id": "GRAKRA--SHELL"} |
Source: Uqt8tDIQYk.exe |
ReversingLabs: Detection: 84% |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00439948 _strlen,CryptStringToBinaryA,CryptStringToBinaryA, |
0_2_00439948 |
Source: Uqt8tDIQYk.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: |
Binary string: storagewmi_passthru.pdbGCTL source: Uqt8tDIQYk.exe |
Source: |
Binary string: storagewmi_passthru.pdb source: Uqt8tDIQYk.exe |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00457BCC FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_00457BCC |
Source: Malware configuration extractor |
URLs: blockbeerman.fun |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0043A3A3 GetProcAddress,InternetQueryDataAvailable,GetProcAddress,GetProcAddress,InternetReadFile,GetModuleHandleW,GetProcAddress,GetProcAddress,_strlen,InternetQueryDataAvailable,GetProcAddress,GetProcAddress, |
0_2_0043A3A3 |
Source: Uqt8tDIQYk.exe |
Static PE information: section name: .'w( |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0040B3D2 LoadLibraryA,GetProcAddress,NtRaiseHardError,ExitProcess, |
0_2_0040B3D2 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_004258A1 |
0_2_004258A1 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0040AAA8 |
0_2_0040AAA8 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0040B3D2 |
0_2_0040B3D2 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00417059 |
0_2_00417059 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0045E000 |
0_2_0045E000 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0041980D |
0_2_0041980D |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00411828 |
0_2_00411828 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0041B0E3 |
0_2_0041B0E3 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0041494F |
0_2_0041494F |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0044E960 |
0_2_0044E960 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00414918 |
0_2_00414918 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0042313B |
0_2_0042313B |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_004351E0 |
0_2_004351E0 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_004309FA |
0_2_004309FA |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0043D195 |
0_2_0043D195 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00440A50 |
0_2_00440A50 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00431A18 |
0_2_00431A18 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_004242CB |
0_2_004242CB |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00421AEE |
0_2_00421AEE |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_004632E8 |
0_2_004632E8 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00403AEF |
0_2_00403AEF |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00447293 |
0_2_00447293 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0044F2BB |
0_2_0044F2BB |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0043EB69 |
0_2_0043EB69 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0040C332 |
0_2_0040C332 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_004063F8 |
0_2_004063F8 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00425383 |
0_2_00425383 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0043A3A3 |
0_2_0043A3A3 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0040E3BC |
0_2_0040E3BC |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00420C54 |
0_2_00420C54 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00444C74 |
0_2_00444C74 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00426C70 |
0_2_00426C70 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_004284D0 |
0_2_004284D0 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00439CD6 |
0_2_00439CD6 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_004044DC |
0_2_004044DC |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00433C90 |
0_2_00433C90 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00418D43 |
0_2_00418D43 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0040EDD3 |
0_2_0040EDD3 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_004165A5 |
0_2_004165A5 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00454E54 |
0_2_00454E54 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0043DE6F |
0_2_0043DE6F |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_004466CF |
0_2_004466CF |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_004186EB |
0_2_004186EB |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_004226F8 |
0_2_004226F8 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00411E8E |
0_2_00411E8E |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0045BF5E |
0_2_0045BF5E |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00413F74 |
0_2_00413F74 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00415F39 |
0_2_00415F39 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00419FE1 |
0_2_00419FE1 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0040D78C |
0_2_0040D78C |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00443FB4 |
0_2_00443FB4 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: String function: 00440310 appears 50 times |
|
Source: Uqt8tDIQYk.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal96.troj.evad.winEXE@1/0@0/0 |
Source: Uqt8tDIQYk.exe |
ReversingLabs: Detection: 84% |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: |
Binary string: storagewmi_passthru.pdbGCTL source: Uqt8tDIQYk.exe |
Source: |
Binary string: storagewmi_passthru.pdb source: Uqt8tDIQYk.exe |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0040B3D2 LoadLibraryA,GetProcAddress,NtRaiseHardError,ExitProcess, |
0_2_0040B3D2 |
Source: Uqt8tDIQYk.exe |
Static PE information: section name: .'w( |
Source: Uqt8tDIQYk.exe |
Static PE information: section name: ucnttp |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0040192C push eax; mov dword ptr [esp], 00000000h |
0_2_00401931 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00458378 push ecx; ret |
0_2_0045838B |
Source: Uqt8tDIQYk.exe |
Static PE information: section name: .text entropy: 6.8318134628828755 |
Source: Uqt8tDIQYk.exe |
Static PE information: section name: .'w( entropy: 7.197097448912549 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Sandbox detection routine: GetCursorPos, DecisionNode, Sleep |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: Sleep,Sleep,GetCursorPos,Sleep,GetCursorPos,GetCursorPos,GetCursorPos, |
0_2_004258A1 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: GetAdaptersInfo,GetAdaptersInfo, |
0_2_004226F8 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
API coverage: 2.7 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00457BCC FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_00457BCC |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00440135 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00440135 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0040B3D2 LoadLibraryA,GetProcAddress,NtRaiseHardError,ExitProcess, |
0_2_0040B3D2 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0043EB69 mov eax, dword ptr fs:[00000030h] |
0_2_0043EB69 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00449B9A mov ecx, dword ptr fs:[00000030h] |
0_2_00449B9A |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00455725 mov eax, dword ptr fs:[00000030h] |
0_2_00455725 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00431A18 GetProcessHeap,GetDIBits,ReleaseDC,GetProcessHeap,GetObjectW,GetProcessHeap,HeapAlloc,GetDC,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,HeapFree,HeapFree,GetProcessHeap,HeapFree, |
0_2_00431A18 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00440129 SetUnhandledExceptionFilter, |
0_2_00440129 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00440135 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00440135 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00440640 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00440640 |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_00453F4B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00453F4B |
Source: C:\Users\user\Desktop\Uqt8tDIQYk.exe |
Code function: 0_2_0044C351 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z, |
0_2_0044C351 |
Source: Yara match |
File source: Uqt8tDIQYk.exe, type: SAMPLE |
Source: Yara match |
File source: 0.2.Uqt8tDIQYk.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.0.Uqt8tDIQYk.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.2877797183.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Uqt8tDIQYk.exe, type: SAMPLE |
Source: Yara match |
File source: 0.2.Uqt8tDIQYk.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.0.Uqt8tDIQYk.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.2877797183.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |