Source: XMLFIDOI.EXE |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED |
Source: XMLFIDOI.EXE |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED |
Source: XMLFIDOI.EXE |
Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Source: XMLFIDOI.EXE |
Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Source: classification engine |
Classification label: clean1.winEXE@2/0@0/0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7100:120:WilError_03 |
Source: C:\Users\user\Desktop\XMLFIDOI.EXE |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: unknown |
Process created: C:\Users\user\Desktop\XMLFIDOI.EXE "C:\Users\user\Desktop\XMLFIDOI.EXE" |
Source: C:\Users\user\Desktop\XMLFIDOI.EXE |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\XMLFIDOI.EXE |
Section loaded: apphelp.dll |
Source: C:\Users\user\Desktop\XMLFIDOI.EXE |
Section loaded: oradbi.dll |
Source: C:\Users\user\Desktop\XMLFIDOI.EXE |
Section loaded: ace32.dll |
Source: C:\Users\user\Desktop\XMLFIDOI.EXE |
Section loaded: winui.dll |
Source: C:\Users\user\Desktop\XMLFIDOI.EXE |
Section loaded: statuscr.dll |
Source: C:\Users\user\Desktop\XMLFIDOI.EXE |
Section loaded: cvwseted.dll |
Source: XMLFIDOI.EXE |
Static file information: File size 1519616 > 1048576 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |