Windows Analysis Report
MTInstaller.exe

Overview

General Information

Sample name: MTInstaller.exe
Analysis ID: 1431575
MD5: 3a38166fc254e5630a73e765a5880fbd
SHA1: fde054010b649c93ee8599f61fb734ca2b2e2ad5
SHA256: 0a340e8b88720ee6a908dc768de6210dced54bde6d491e91d6fbc9f66e905c44
Infos:

Detection

Score: 23
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Uses Windows timers to delay execution
Allocates memory with a write watch (potentially for evading sandboxes)
Potential time zone aware malware
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: MTInstaller.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: MTInstaller.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: MTInstaller.exe
Source: Binary string: E:\TeamCity-BuildAgent1\work\7ee93833781f805a\MT4\MT4Bootstrapper\obj\x86\Release\MTInstaller.pdb source: MTInstaller.exe
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: MTInstaller.exe
Source: Binary string: E:\TeamCity-BuildAgent1\work\7ee93833781f805a\MT4\MT4Bootstrapper\obj\x86\Release\MTInstaller.pdbP source: MTInstaller.exe
Source: MTInstaller.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: MTInstaller.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: MTInstaller.exe String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: MTInstaller.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: MTInstaller.exe String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: MTInstaller.exe String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: MTInstaller.exe String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: MTInstaller.exe String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: MTInstaller.exe String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: MTInstaller.exe String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: MTInstaller.exe, 00000000.00000002.3381107185.0000000004661000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/MainWindow.xamld
Source: MTInstaller.exe, 00000000.00000002.3381107185.0000000004661000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/MainWindow.xaml
Source: MTInstaller.exe, 00000000.00000002.3381107185.0000000004661000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/mainwindow.baml
Source: MTInstaller.exe, 00000000.00000002.3381107185.0000000004661000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/mainwindow.bamld
Source: MTInstaller.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: MTInstaller.exe String found in binary or memory: http://ocsp.digicert.com0K
Source: MTInstaller.exe String found in binary or memory: http://ocsp.digicert.com0N
Source: MTInstaller.exe String found in binary or memory: http://ocsp.digicert.com0O
Source: MTInstaller.exe String found in binary or memory: http://schemas.micr
Source: MTInstaller.exe String found in binary or memory: http://wixtoolset.org
Source: MTInstaller.exe String found in binary or memory: https://www.digicert.com/CPS0
Sample file is different than original file name gathered from version info
Source: MTInstaller.exe, 00000000.00000002.3378721998.000000000272E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs MTInstaller.exe
Source: MTInstaller.exe, 00000000.00000000.2129581296.00000000020EC000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamewixca.dll\ vs MTInstaller.exe
Source: MTInstaller.exe, 00000000.00000000.2129581296.00000000020EC000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameuica.dll\ vs MTInstaller.exe
Source: MTInstaller.exe Binary or memory string: OriginalFilenamewixca.dll\ vs MTInstaller.exe
Source: MTInstaller.exe Binary or memory string: OriginalFilenameuica.dll\ vs MTInstaller.exe
Uses 32bit PE files
Source: MTInstaller.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: sus23.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\MTInstaller.exe Mutant created: NULL
Source: MTInstaller.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: MTInstaller.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.91%
Source: C:\Users\user\Desktop\MTInstaller.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: MTInstaller.exe String found in binary or memory: ckFinish&Fertig stellenTopBannerUserExitDie [ProductName]-Installation wurde unterbrochen. Das System wurde nicht ver
Source: MTInstaller.exe String found in binary or memory: Das .NET-Installationsprogramm finden Sie an folgendem Speicherort:
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: msvcp140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: msctfui.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Section loaded: d3dcompiler_47.dll Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\MTInstaller.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: MTInstaller.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: MTInstaller.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: MTInstaller.exe Static file information: File size 24748032 > 1048576
Source: MTInstaller.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1797c00
Source: MTInstaller.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: MTInstaller.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: MTInstaller.exe
Source: Binary string: E:\TeamCity-BuildAgent1\work\7ee93833781f805a\MT4\MT4Bootstrapper\obj\x86\Release\MTInstaller.pdb source: MTInstaller.exe
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: MTInstaller.exe
Source: Binary string: E:\TeamCity-BuildAgent1\work\7ee93833781f805a\MT4\MT4Bootstrapper\obj\x86\Release\MTInstaller.pdbP source: MTInstaller.exe
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\MTInstaller.exe Code function: 0_2_02CA4290 push es; ret 0_2_02CA42A0
Source: C:\Users\user\Desktop\MTInstaller.exe Code function: 0_2_02CA51B0 push es; ret 0_2_02CA51C0
Source: C:\Users\user\Desktop\MTInstaller.exe Code function: 0_2_02CA0E35 pushfd ; iretd 0_2_02CA0E39
Source: C:\Users\user\Desktop\MTInstaller.exe Code function: 0_2_02CA2782 pushad ; iretd 0_2_02CA2791
Source: C:\Users\user\Desktop\MTInstaller.exe Code function: 0_2_02CA2792 pushfd ; iretd 0_2_02CA27C1
Source: C:\Users\user\Desktop\MTInstaller.exe Code function: 0_2_02CA7CF0 push eax; ret 0_2_02CA7CF1
Source: C:\Users\user\Desktop\MTInstaller.exe Code function: 0_2_02CA2C4A push esp; retf 0_2_02CA2C59
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Uses Windows timers to delay execution
Source: C:\Users\user\Desktop\MTInstaller.exe User Timer Set: Timeout: 1ms Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe User Timer Set: Timeout: 1ms Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe User Timer Set: Timeout: 1ms Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\MTInstaller.exe Memory allocated: 2CA0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Memory allocated: 4660000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Memory allocated: 4560000 memory reserve | memory write watch Jump to behavior
Potential time zone aware malware
Source: C:\Users\user\Desktop\MTInstaller.exe System information queried: CurrentTimeZoneInformation Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\MTInstaller.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\MTInstaller.exe Queries volume information: C:\Users\user\Desktop\MTInstaller.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\MTInstaller.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1431575 Sample: MTInstaller.exe Startdate: 25/04/2024 Architecture: WINDOWS Score: 23 4 MTInstaller.exe 2 2->4         started        signatures3 7 Uses Windows timers to delay execution 4->7
No contacted IP infos