Source: 7zG.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_008F8A94 FindFirstFileW,FindFirstFileW,free, |
0_2_008F8A94 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_008F9B98 free,free,GetLogicalDriveStringsW,GetLogicalDriveStringsW,free,free,free, |
0_2_008F9B98 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_008F6FEC OpenClipboard,EmptyClipboard,GlobalLock,memmove,GlobalUnlock,SetClipboardData, |
0_2_008F6FEC |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_008F6FEC OpenClipboard,EmptyClipboard,GlobalLock,memmove,GlobalUnlock,SetClipboardData, |
0_2_008F6FEC |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_008FA454: DeviceIoControl,DeviceIoControl,DeviceIoControl,DeviceIoControl, |
0_2_008FA454 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_00913098 |
0_2_00913098 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_0092719C |
0_2_0092719C |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_008F8108 |
0_2_008F8108 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_00916450 |
0_2_00916450 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_00960460 |
0_2_00960460 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_008F8564 |
0_2_008F8564 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_009106DC |
0_2_009106DC |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_00923704 |
0_2_00923704 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_0091C8B0 |
0_2_0091C8B0 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_0092593C |
0_2_0092593C |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_008FC974 |
0_2_008FC974 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_0090FA80 |
0_2_0090FA80 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_0091FB10 |
0_2_0091FB10 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_00914D10 |
0_2_00914D10 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_0090FD4C |
0_2_0090FD4C |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_0091EE24 |
0_2_0091EE24 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_00904FDC |
0_2_00904FDC |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_00906F48 |
0_2_00906F48 |
Source: 7zG.exe |
Binary or memory string: OriginalFilename vs 7zG.exe |
Source: classification engine |
Classification label: clean5.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_008FC47C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle, |
0_2_008FC47C |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_00908650 GetCurrentProcess,CloseHandle,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,CloseHandle, |
0_2_00908650 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_008FC360 GetModuleHandleW,GetProcAddress,GetDiskFreeSpaceW, |
0_2_008FC360 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_00949968 _CxxThrowException,_CxxThrowException,CoCreateInstance, |
0_2_00949968 |
Source: 7zG.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\7zG.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: 7zG.exe |
String found in binary or memory: -help |
Source: 7zG.exe |
String found in binary or memory: Check charset encoding and -scs switch.bsobbbtbdba-helph?asut012sea0-SeLockMemoryPrivilegeSeCreateSymbolicLinkPrivilegeSeRestorePrivilege |
Source: 7zG.exe |
String found in binary or memory: fm/plugins/7-zip/add.htm |
Source: 7zG.exe |
String found in binary or memory: a : 7-Zip limit : RAMThe operation can require big amount of RAM (memory):The operation was blocked by 7-Zipfm/plugins/7-zip/add.htm |
Source: 7zG.exe |
String found in binary or memory: fm/plugins/7-zip/add.htm#options |
Source: 7zG.exe |
String found in binary or memory: c LinuxDOSUnixfm/plugins/7-zip/add.htm#options |
Source: C:\Users\user\Desktop\7zG.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7zG.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7zG.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7zG.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7zG.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7zG.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7zG.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7zG.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7zG.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\7zG.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: 7zG.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_0095D44C #17,LoadLibraryW,GetProcAddress,memset,FreeLibrary,OleInitializeWOW, |
0_2_0095D44C |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_00921242 push rcx; ret |
0_2_00921243 |
Source: C:\Users\user\Desktop\7zG.exe |
API coverage: 1.0 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_008F8A94 FindFirstFileW,FindFirstFileW,free, |
0_2_008F8A94 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_008F9B98 free,free,GetLogicalDriveStringsW,GetLogicalDriveStringsW,free,free,free, |
0_2_008F9B98 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_008FDA4C GetSystemInfo, |
0_2_008FDA4C |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_0095D44C #17,LoadLibraryW,GetProcAddress,memset,FreeLibrary,OleInitializeWOW, |
0_2_0095D44C |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_00962810 cpuid |
0_2_00962810 |
Source: C:\Users\user\Desktop\7zG.exe |
Code function: 0_2_009619C0 GetVersion,GetModuleHandleW,GetProcAddress, |
0_2_009619C0 |