Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Avira: detected |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Virustotal: Detection: 12% |
Perma Link |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Joe Sandbox ML: detected |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: |
Binary string: empty.pdb| source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Source: |
Binary string: empty.pdb source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
String found in binary or memory: http://img1.tbcdn.cn/tfscom/T1ouC2FdpbXXXtxVjX.swf |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
String found in binary or memory: http://jd.sscltan.com/jd/sscjh.txt |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
String found in binary or memory: http://jd.sscltan.com/jd/tp1.txt |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
String found in binary or memory: http://jd.sscltan.com/jd/tp1.txthttp://jd.sscltan.com/jd/tp2.txt |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
String found in binary or memory: http://jd.sscltan.com/jd/tp2.txt |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
String found in binary or memory: http://jd.sscltan.com/jd/zgg.txt |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
String found in binary or memory: http://s104.cnzz.com/stat.php?id=1935778&web_id=1935778 |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
String found in binary or memory: http://www.sscltan.com |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
String found in binary or memory: http://www.sscltan.comhttp://jd.sscltan.com/jd/zgg.txt |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
String found in binary or memory: https://http://=deletedUTF-8GBKAdodb.StreamTypeWritePositionCharsetReadTextCloseWriteTextRead |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Code function: 0_2_01001A88 VirtualAlloc,NtQuerySystemInformation,VirtualFree,RtlUnicodeStringToAnsiString,strrchr,strncpy,malloc,strncpy,strncat,strncat, |
0_2_01001A88 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Code function: 0_2_01001F7D NtSetSystemInformation, |
0_2_01001F7D |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe, 00000000.00000002.1224089803.00000000012D4000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameempty.exej% vs SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Binary or memory string: OriginalFilenameempty.exej% vs SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal60.winEXE@2/1@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Code function: 0_2_01001D1B GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueA,GetLastError,AdjustTokenPrivileges,GetLastError,printf, |
0_2_01001D1B |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5280:120:WilError_03 |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Virustotal: Detection: 12% |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe" |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Static file information: File size 6005077 > 1048576 |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: empty.pdb| source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Source: |
Binary string: empty.pdb source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Source: SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Static PE information: real checksum: 0x3e9f should be: 0x5c5790 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Code function: 0_2_01001A6B push ecx; ret |
0_2_01001A7B |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Krypt.14164.25813.exe |
Code function: 0_2_01001765 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,GetModuleHandleA,GetProcAddress, |
0_2_01001765 |