Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://dhld.dyndns.org/libgen/forum |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/ |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/Converter.exe |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/Function.dat |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/Index.mht |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/LibGen.exe |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/Readme.txt |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/BEAM.DAT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/COLOUR.DAT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/EFFECTS.DAT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/GROUP.DAT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/LIBRARY/FUNCTION.TXT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/LIBRARY/_lib.lib |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/LIBRARY/_userlib.dat |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/LIBRARY/oldFunc.res |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/LIBRARY/tokens.res |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/LIBRARY/tokens.res$TemplateShow |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/PAGE.DAT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/POSITION.DAT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/RTTABLE.DAT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/RTTABLE.DAT(TemplateShow |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/DESKTOP.DAT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/FIXTURE.DAT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/INPUT.DAT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/INPUT.DATTitlebody |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/MIDIMAP.TXT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/MOREOPTS.TXT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/OPTIONS.DAT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/PATCH.DAT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/SETUP/REPORTS.DAT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/TemplateShow/_ZCAT.DAT |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/config.ini |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/fixtures.dat |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
String found in binary or memory: http://www.lightkid.de/updater/vbzip11.dll |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe, 00000000.00000000.1520017120.0000000000414000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameupdate.exe vs SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Binary or memory string: OriginalFilenameupdate.exe vs SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Binary or memory string: @ A*\AC:\Dokumente und Einstellungen\denis\Desktop\developing\ver 0.6.8\updater\Project1.vbp |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe, 00000000.00000002.1563935125.0000000000412000.00000004.00000001.01000000.00000003.sdmp |
Binary or memory string: 2@*\AC:\Dokumente und Einstellungen\denis\Desktop\developing\ver 0.6.8\updater\Project1.vbp |
Source: classification engine |
Classification label: clean2.winEXE@1/1@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Mutant created: NULL |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: acgenral.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: msacm32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: winmmbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: winmmbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: msvbvm60.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: vb6zz.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: ieframe.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: dataexchange.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: dcomp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.17837.23667.exe |
API coverage: 0.6 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: SecuriteInfo.com.Trojan-Dropper.17837.23667.exe, 00000000.00000003.1563694466.00000000005ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-Dropper.17837.23667.exe, 00000000.00000002.1564062291.00000000005ED000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll# |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |