Source: Clangen.exe |
Virustotal: Detection: 11% |
Perma Link |
Source: Clangen.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F396714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF67F396714 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F387820 FindFirstFileExW,FindClose, |
0_2_00007FF67F387820 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F396714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF67F396714 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3A09B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_00007FF67F3A09B4 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3A5D6C |
0_2_00007FF67F3A5D6C |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F39D098 |
0_2_00007FF67F39D098 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3880A0 |
0_2_00007FF67F3880A0 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3A509C |
0_2_00007FF67F3A509C |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F396714 |
0_2_00007FF67F396714 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F386780 |
0_2_00007FF67F386780 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F396F98 |
0_2_00007FF67F396F98 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F390FB4 |
0_2_00007FF67F390FB4 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F394F50 |
0_2_00007FF67F394F50 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F392800 |
0_2_00007FF67F392800 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3A5820 |
0_2_00007FF67F3A5820 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F391E70 |
0_2_00007FF67F391E70 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F396714 |
0_2_00007FF67F396714 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F39D718 |
0_2_00007FF67F39D718 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F390DB0 |
0_2_00007FF67F390DB0 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F396560 |
0_2_00007FF67F396560 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F39FA08 |
0_2_00007FF67F39FA08 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3A4E20 |
0_2_00007FF67F3A4E20 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3A2D30 |
0_2_00007FF67F3A2D30 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F381B90 |
0_2_00007FF67F381B90 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F398BA0 |
0_2_00007FF67F398BA0 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F390BA4 |
0_2_00007FF67F390BA4 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3A8B68 |
0_2_00007FF67F3A8B68 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F392C04 |
0_2_00007FF67F392C04 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F39CC04 |
0_2_00007FF67F39CC04 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3913C4 |
0_2_00007FF67F3913C4 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3909A0 |
0_2_00007FF67F3909A0 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3A09B4 |
0_2_00007FF67F3A09B4 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F39FA08 |
0_2_00007FF67F39FA08 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3911C0 |
0_2_00007FF67F3911C0 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3A31CC |
0_2_00007FF67F3A31CC |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: String function: 00007FF67F382770 appears 41 times |
|
Source: classification engine |
Classification label: mal48.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3874B0 GetLastError,FormatMessageW,WideCharToMultiByte, |
0_2_00007FF67F3874B0 |
Source: Clangen.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\Clangen.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: Clangen.exe |
Virustotal: Detection: 11% |
Source: C:\Users\user\Desktop\Clangen.exe |
File read: C:\Users\user\Desktop\Clangen.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Clangen.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Clangen.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Clangen.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Clangen.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Clangen.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Clangen.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Clangen.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Clangen.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Clangen.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Clangen.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: Clangen.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: Clangen.exe |
Static file information: File size 5303823 > 1048576 |
Source: Clangen.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: Clangen.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: Clangen.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: Clangen.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: Clangen.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: Clangen.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: Clangen.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: Clangen.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: Clangen.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: Clangen.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: Clangen.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: Clangen.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: Clangen.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: Clangen.exe |
Static PE information: section name: _RDATA |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3D10CC push rbp; retn 0000h |
0_2_00007FF67F3D10CD |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3D10E4 push rcx; retn 0000h |
0_2_00007FF67F3D10ED |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3855D0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
0_2_00007FF67F3855D0 |
Source: C:\Users\user\Desktop\Clangen.exe |
Check user administrative privileges: GetTokenInformation,DecisionNodes |
Source: C:\Users\user\Desktop\Clangen.exe |
API coverage: 7.1 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F396714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF67F396714 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F387820 FindFirstFileExW,FindClose, |
0_2_00007FF67F387820 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F396714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF67F396714 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3A09B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_00007FF67F3A09B4 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F38B69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF67F38B69C |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3A25A0 GetProcessHeap, |
0_2_00007FF67F3A25A0 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F38B880 SetUnhandledExceptionFilter, |
0_2_00007FF67F38B880 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F38B69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF67F38B69C |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F38AE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF67F38AE00 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F399AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF67F399AE4 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3A89B0 cpuid |
0_2_00007FF67F3A89B0 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F38B580 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00007FF67F38B580 |
Source: C:\Users\user\Desktop\Clangen.exe |
Code function: 0_2_00007FF67F3A509C _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation, |
0_2_00007FF67F3A509C |