| Source: cr0wdik.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
| Source: cr0wdik.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Source: |
Binary string: C:\vmagent_new\bin\joblist\621001\out\Release\360boxmain.pdb source: cr0wdik.exe |
| Source: cr0wdik.exe |
String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q |
| Source: cr0wdik.exe |
String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t |
| Source: cr0wdik.exe |
String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t |
| Source: cr0wdik.exe |
String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# |
| Source: cr0wdik.exe |
String found in binary or memory: http://ocsp.comodoca.com0 |
| Source: cr0wdik.exe |
String found in binary or memory: http://ocsp.comodoca.com0& |
| Source: cr0wdik.exe |
String found in binary or memory: http://ocsp.sectigo.com0 |
| Source: cr0wdik.exe |
String found in binary or memory: http://s.360safe.com/safei18n/ |
| Source: cr0wdik.exe |
String found in binary or memory: http://www.360totalsecurity.com/d/ts/%s/%s/channelOpen |
| Source: cr0wdik.exe |
String found in binary or memory: https://sectigo.com/CPS0D |
| Source: cr0wdik.exe |
Binary or memory string: OriginalFilenameSandboxMain.exe8 vs cr0wdik.exe |
| Source: cr0wdik.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
| Source: cr0wdik.exe |
Binary string: K`XD%machinename%%UserProfile%*\Documents and Settings\*\Local Settings\Temp\**\Documents and Settings\*\Local Settings\Temporary Internet Files\**\Documents and Settings\*\Cookies\**\AppData\Local\Temp\**\AppData\Roaming\Microsoft\Windows\Cookies\*.wmv.rmvb.rm.mpg.mp4.mov.mkv.flv.avi.3gp.wma.ra.mp3.ogg.mka.m4a.ac3.aac.xlsx.xls.pptx.ppt.txt.pdf.docx.doc..CacheSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders360SANDBOX\SHADOW360sandbox\filelist_page.xml::{26EE0668-A00A-44D7-9371-BEB064C98683}IDS_MEDIA_LIST_DESCIDS_DOCUMENT_LIST_DESCIDS_DELETE_PROMPT_MSGPreferred DropEffectIDS_COPY_PRMPT360SandBox\Shadow360SANDBOX\SHADOW\IDS_UPPER_FOLDERIDS_DATE_TIME_FMT%Y-%m-%d %H:%MC:\sxin.dllsxin64.dllSxWrapper.dllWINDOWS\SXIn.dllIDS_CRITICAL_FILE_PROMPT_MSG\Device\FloppyX |
| Source: classification engine |
Classification label: mal48.winEXE@0/0@0/0 |
| Source: cr0wdik.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| Source: cr0wdik.exe |
String found in binary or memory: 3http://crl.usertrust.com/AddTrustExternalCARoot.crl05 |
| Source: cr0wdik.exe |
Static file information: File size 800000000 > 1048576 |
| Source: cr0wdik.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
| Source: cr0wdik.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
| Source: cr0wdik.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
| Source: cr0wdik.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
| Source: cr0wdik.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
| Source: cr0wdik.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
| Source: cr0wdik.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Source: cr0wdik.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
| Source: |
Binary string: C:\vmagent_new\bin\joblist\621001\out\Release\360boxmain.pdb source: cr0wdik.exe |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet