| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, BYTES_REVERSED_LO, 32BIT_MACHINE, DEBUG_STRIPPED, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP, BYTES_REVERSED_HI |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://bbs.zouboke.cn/NCVIP/SCVersion.html |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://farm.qzone.qq.com/cgi-bin/cgi_farm_buyseed?mod=repertory&act=buySeed |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://farm.qzone.qq.com/cgi-bin/cgi_farm_buyseed?mod=repertory&act=buySeednumcName |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://farm.qzone.qq.com/cgi-bin/cgi_farm_getuserseed?mod=repertory&act=getUserSeed |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://farm.qzone.qq.com/cgi-bin/cgi_farm_getuserseed?mod=repertory&act=getUserSeedcIdD |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_index?mod=user&act=run |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_index?mod=user&act=run&flag=1 |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_index?mod=user&act=run&uinY=&uIdx=http://nc.qzone.qq.com/cgi |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_plant?mod=farmlandstatus&act=planting |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_plant?mod=farmlandstatus&act=scarify |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_plant?mod=farmlandstatus&act=scarifycodedirection |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://ptlogin2.qq.com/check?appid=353&uin= |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://ptlogin2.qq.com/getimage |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://ptlogin2.qq.com/login |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://show.qq.com/cgi-bin/qqshow_user_info |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://show.qq.com/cgi-bin/qqshow_user_infoname=uin= |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://ui.ptlogin2.qq.com/cgi-bin/login?link_target=blank&appid=15000101&hide_title_bar=1&no_verifyi |
| Source: Amcache.hve.4.dr |
String found in binary or memory: http://upx.sf.net |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://user.qzone.qq.com/ |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://www.59tou.com |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://www.59tou.com?scV4.1.0.0 |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://www.59tou.com?scV4.1.0.0http://user.qzone.qq.com/ |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
String found in binary or memory: http://www.clamav.net |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_00464130 |
0_2_00464130 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_004644A0 |
0_2_004644A0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_0048C674 |
0_2_0048C674 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_004488A0 |
0_2_004488A0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_00424B50 |
0_2_00424B50 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_00468BA0 |
0_2_00468BA0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_0042CF40 |
0_2_0042CF40 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_00469040 |
0_2_00469040 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_004351E0 |
0_2_004351E0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_00469470 |
0_2_00469470 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_00485C6F |
0_2_00485C6F |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_00481F86 |
0_2_00481F86 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_00426020 |
0_2_00426020 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_0046A240 |
0_2_0046A240 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_0046A7C0 |
0_2_0046A7C0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_004229A0 |
0_2_004229A0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_0042EB30 |
0_2_0042EB30 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_0043AC90 |
0_2_0043AC90 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_00456DF0 |
0_2_00456DF0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_0047AF40 |
0_2_0047AF40 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_00457890 |
0_2_00457890 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_00463DA0 |
0_2_00463DA0 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: String function: 0047C2E8 appears 170 times |
|
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: String function: 0048B735 appears 62 times |
|
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: String function: 0047AA7F appears 46 times |
|
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 232 |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Static PE information: No import functions for PE file found |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, BYTES_REVERSED_LO, 32BIT_MACHINE, DEBUG_STRIPPED, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP, BYTES_REVERSED_HI |
| Source: classification engine |
Classification label: mal60.winEXE@2/5@0/0 |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6808 |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Virustotal: Detection: 40% |
| Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe" |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 232 |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Static file information: File size 1479680 > 1048576 |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Static PE information: section name: .clam01 |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Static PE information: section name: .clam02 |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Static PE information: section name: .clam03 |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Static PE information: section name: .clam04 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_0047C2E8 push eax; ret |
0_2_0047C306 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_0047A460 push eax; ret |
0_2_0047A48E |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_0049F208 push esp; retf 000Fh |
0_2_0049F209 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_0049F20C push 76000FCAh; retf 000Fh |
0_2_0049F211 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_0049F6E0 push es; ret |
0_2_0049F6E1 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_0049F708 push esp; retn 000Fh |
0_2_0049F709 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_0049F70C push 7A000FC2h; retn 000Fh |
0_2_0049F711 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Code function: 0_2_0049FE47 push eax; retf |
0_2_0049FE75 |
| Source: SecuriteInfo.com.Win32.Trojan.PSE.11SCEUB.10699.12087.exe |
Static PE information: section name: .clam02 entropy: 7.077204265573221 |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: Amcache.hve.4.dr |
Binary or memory string: VMware |
| Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual USB Mouse |
| Source: Amcache.hve.4.dr |
Binary or memory string: vmci.syshbin |
| Source: Amcache.hve.4.dr |
Binary or memory string: VMware-42 27 c5 9a 47 85 d6 84-53 49 ec ec 87 a6 6d 67 |
| Source: Amcache.hve.4.dr |
Binary or memory string: VMware, Inc. |
| Source: Amcache.hve.4.dr |
Binary or memory string: VMware20,1hbin@ |
| Source: Amcache.hve.4.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
| Source: Amcache.hve.4.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
| Source: Amcache.hve.4.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
| Source: Amcache.hve.4.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
| Source: Amcache.hve.4.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
| Source: Amcache.hve.4.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
| Source: Amcache.hve.4.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
| Source: Amcache.hve.4.dr |
Binary or memory string: vmci.sys |
| Source: Amcache.hve.4.dr |
Binary or memory string: vmci.syshbin` |
| Source: Amcache.hve.4.dr |
Binary or memory string: \driver\vmci,\driver\pci |
| Source: Amcache.hve.4.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
| Source: Amcache.hve.4.dr |
Binary or memory string: VMware20,1 |
| Source: Amcache.hve.4.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
| Source: Amcache.hve.4.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
| Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
| Source: Amcache.hve.4.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
| Source: Amcache.hve.4.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
| Source: Amcache.hve.4.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
| Source: Amcache.hve.4.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
| Source: Amcache.hve.4.dr |
Binary or memory string: VMware VMCI Bus Device |
| Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual RAM |
| Source: Amcache.hve.4.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
| Source: Amcache.hve.4.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
| Source: Amcache.hve.4.dr |
Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe |
| Source: Amcache.hve.4.dr |
Binary or memory string: msmpeng.exe |
| Source: Amcache.hve.4.dr |
Binary or memory string: c:\program files\windows defender\msmpeng.exe |
| Source: Amcache.hve.4.dr |
Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe |
| Source: Amcache.hve.4.dr |
Binary or memory string: MsMpEng.exe |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet