Source: SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A1034 WSAStartup,WSACleanup,socket,WSACleanup,gethostbyname,WSACleanup,shutdown,closesocket,htons,connect,lstrlenA,send,recv,StrStrA,StrStrA,StrStrA,shutdown,closesocket,WSACleanup, |
0_2_009A1034 |
Source: SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
String found in binary or memory: http://www.e-sushi.net/minibin/ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A16DC |
0_2_009A16DC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A8ADC |
0_2_009A8ADC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A902D |
0_2_009A902D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009AB060 |
0_2_009AB060 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A5132 |
0_2_009A5132 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A9D5D |
0_2_009A9D5D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A957E |
0_2_009A957E |
Source: SecuriteInfo.com.Trojan.Crypt.14125.25529.exe, 00000000.00000002.2594542975.00000000009B9000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameminibin.exep( vs SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Source: SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Binary or memory string: OriginalFilenameminibin.exep( vs SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Source: SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean4.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Mutant created: \Sessions\1\BaseNamedObjects\MiniBin |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Command line argument: MiniBin |
0_2_009A2502 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Command line argument: minibin.ini |
0_2_009A2502 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Command line argument: \empty.ico |
0_2_009A2502 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Command line argument: \25.ico |
0_2_009A2502 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Command line argument: \50.ico |
0_2_009A2502 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Command line argument: \75.ico |
0_2_009A2502 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Command line argument: \full.ico |
0_2_009A2502 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Command line argument: MiniBin |
0_2_009A2502 |
Source: SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
File read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4a04656d-52aa-49de-8a09-cb178760e748}\InProcServer32 |
Jump to behavior |
Source: SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A784C LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, |
0_2_009A784C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A4E95 push ecx; ret |
0_2_009A4EA8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A11A5 lstrcatW,GetPrivateProfileStringW,lstrcpyW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW, |
0_2_009A11A5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A1602 __aulldiv,__floor_pentium4,GetPrivateProfileIntW,SHEmptyRecycleBinW, |
0_2_009A1602 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A64F9 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_009A64F9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A784C LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, |
0_2_009A784C |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A64F9 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_009A64F9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A6FEE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_009A6FEE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A3D5A SetUnhandledExceptionFilter, |
0_2_009A3D5A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.14125.25529.exe |
Code function: 0_2_009A503F GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, |
0_2_009A503F |