Windows Analysis Report
SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe

Overview

General Information

Sample name: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe
Analysis ID: 1431820
MD5: 0d8bedda7d9b963de975685cf2b2a5eb
SHA1: cbbffe900a09e8a3bbb1a1bf16e7aeb8ebde72a1
SHA256: 519f0b16537fa4a2bc228cdfce2b85c12225e2071d7789c8cc9bb8f7b85796ca
Tags: exe
Infos:

Detection

Score: 16
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Signatures

Yara detected BatToExe compiled binary
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
Potential key logger detected (key state polling based)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400A2380 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext, 5_2_00000001400A2380
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014009AF20 exit,GetTempPathW,GetLastError,_malloc_dbg,_errno,GetTempPathW,??3@YAXPEAX@Z,GetFileAttributesW,GetLastError,GetLastError,_errno,GetFileAttributesW,GetLastError,_errno,CryptAcquireContextW,GetLastError,CryptGenRandom,??3@YAXPEAX@Z,CreateFileW,GetLastError,GetLastError,CryptReleaseContext,??3@YAXPEAX@Z,_open_osfhandle,CloseHandle,_errno, 5_2_000000014009AF20
Source: Bat_To_Exe_Converter.exe Binary or memory string: -----BEGIN PUBLIC KEY-----
Uses 32bit PE files
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.License AgreementCopyright (c) 2019 Fatih KodakPermission is hereby granted free of charge to any person obtaining a copyof this software and associated documentation files (the "Software") to dealin the Software without restriction including without limitation the rightsto use copy modify merge publish distribute sublicense and/or sellcopies of the Software and to permit persons to whom the Software isfurnished to do so subject to the following conditions:The above copyright notice and this permission notice shall be included inall copies or substantial portions of the Software.THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND EXPRESS ORIMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITYFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHERLIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROMOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS INTHE SOFTWARE. I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.License AgreementCopyright (c) 2019 Fatih KodakPermission is hereby granted free of charge to any person obtaining a copyof this software and associated documentation files (the "Software") to dealin the Software without restriction including without limitation the rightsto use copy modify merge publish distribute sublicense and/or sellcopies of the Software and to permit persons to whom the Software isfurnished to do so subject to the following conditions:The above copyright notice and this permission notice shall be included inall copies or substantial portions of the Software.THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND EXPRESS ORIMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITYFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHERLIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROMOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS INTHE SOFTWARE. I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Directory created: C:\Program Files\Bat To Exe Converter Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Directory created: C:\Program Files\Bat To Exe Converter\unins000.dat Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Directory created: C:\Program Files\Bat To Exe Converter\is-54DM0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Directory created: C:\Program Files\Bat To Exe Converter\is-48PVO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60C29EC2-33E8-45EE-87E4-31FA3E35C539}_is1 Jump to behavior
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: Z?.PDB source: Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp
Source: Binary string: d:\dev\All\shared\3rd_Party\Scintilla\1.76\bin\SciLexer.pdb source: Bat_To_Exe_Converter.exe, Bat_To_Exe_Converter.exe, 00000005.00000002.2925651851.00007FFDFF239000.00000002.00000001.01000000.00000009.sdmp, Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp, Scilexer.dll.5.dr
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014004BD20 wcslen,wcslen,RtlAllocateHeap,wcscpy,wcscat,wcscat,FindFirstFileW,GetLastError,HeapFree, 5_2_000000014004BD20
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014004C040 wcsncpy,wcslen,wcscat,GetDriveTypeW,FindFirstFileW,FindClose,GetFileAttributesW,GetDriveTypeW, 5_2_000000014004C040
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014004C434 wcsncpy,wcslen,wcsncpy,_snwprintf,FindFirstFileW,_snwprintf,wcscmp,wcscmp,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW, 5_2_000000014004C434
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File opened: C:\Users\user\AppData\Roaming Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File opened: C:\Users\user Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File opened: C:\Users\user\AppData\Roaming\Bat To Exe Converter Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File opened: C:\Users\user\AppData\Roaming\Bat To Exe Converter\GoRC.exe Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File opened: C:\Users\user\AppData\Roaming\Bat To Exe Converter\GoLink.exe Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File opened: C:\Users\user\AppData Jump to behavior
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe, 00000000.00000003.2024179186.00000000021FA000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp, 00000001.00000003.2020443763.000000000235B000.00000004.00001000.00020000.00000000.sdmp, Bat_To_Exe_Converter.exe, Bat_To_Exe_Converter.exe, 00000005.00000002.2924550088.00000000022A9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:43110/17SWVnHoujG92yYGSZvCzPgZEpGVfRF8wi/
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2924789685.0000000002ED6000.00000004.00000020.00020000.00000000.sdmp, Bat_To_Exe_Converter.exe, 00000005.00000002.2924550088.00000000022A9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:43110/17SWVnHoujG92yYGSZvCzPgZEpGVfRF8wi//b2e/downloads/v.zip
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp, 00000001.00000002.2021745061.000000000018E000.00000004.00000010.00020000.00000000.sdmp, Bat_To_Exe_Converter.exe, 00000005.00000002.2925563252.00000001403C7000.00000004.00000001.01000000.00000008.sdmp, Bat_To_Exe_Converter.exe, 00000005.00000000.2018248651.00000001403C7000.00000008.00000001.01000000.00000008.sdmp, is-48PVO.tmp.1.dr String found in binary or memory: http://127.0.0.1:43110/17SWVnHoujG92yYGSZvCzPgZEpGVfRF8wi/D
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp String found in binary or memory: http://127.0.0.1:43110/17SWVnHoujG92yYGSZvCzPgZEpGVfRF8wi/Submit
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp, 00000001.00000003.2020443763.000000000235B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:43110/17SWVnHoujG92yYGSZvCzPgZEpGVfRF8wi/a
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp, 00000001.00000003.2020443763.000000000235B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:43110/17SWVnHoujG92yYGSZvCzPgZEpGVfRF8wi/q
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe, 00000000.00000003.1669725255.00000000023B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp, 00000001.00000003.1672186745.00000000031A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:43110/17SWVnHoujG92yYGSZvCzPgZEpGVfRF8wi/thttp://127.0.0.1:43110/17SWVnHoujG92yYGSZ
Source: Bat_To_Exe_Converter.exe, Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp String found in binary or memory: http://curl.haxx.se/docs/http-cookies.html
Source: Bat_To_Exe_Converter.exe String found in binary or memory: http://curl.haxx.se/docs/http-cookies.html#
Source: Bat_To_Exe_Converter.exe String found in binary or memory: http://www.f2ko.de/de/cmd.php
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp String found in binary or memory: http://www.f2ko.de/de/cmd.phpDatei
Source: Bat_To_Exe_Converter.exe, Bat_To_Exe_Converter.exe, 00000005.00000002.2924550088.00000000022A9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.f2ko.de/en/cmd.php
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp String found in binary or memory: http://www.f2ko.de/en/cmd.phpVideosJapanese
Source: Bat_To_Exe_Converter.exe, Bat_To_Exe_Converter.exe, 00000005.00000002.2924550088.00000000022A9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.godevtool.com
Source: Bat_To_Exe_Converter.exe, Bat_To_Exe_Converter.exe, 00000005.00000002.2924550088.00000000022A9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.godevtool.com/GolinkFrame.htm
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp String found in binary or memory: http://www.godevtool.com/GolinkFrame.htm/display
Source: Bat_To_Exe_Converter.exe, Bat_To_Exe_Converter.exe, 00000005.00000002.2924550088.00000000022A9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.godevtool.com/GorcFrame.htm
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp String found in binary or memory: http://www.godevtool.com/GorcFrame.htmPrivateBuildprivatebuildInterner
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp String found in binary or memory: http://www.godevtool.comProduktversionCMD
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe, 00000000.00000003.1670603131.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe, 00000000.00000003.1670350947.00000000023B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp, 00000001.00000000.1671462023.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp.0.dr, is-54DM0.tmp.1.dr String found in binary or memory: http://www.innosetup.com/
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe, 00000000.00000003.1670603131.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe, 00000000.00000003.1670350947.00000000023B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp, 00000001.00000000.1671462023.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp.0.dr, is-54DM0.tmp.1.dr String found in binary or memory: http://www.remobjects.com/ps
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2924024021.000000000065B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/Vh5j3k
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2924024021.000000000065B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/odirm
Source: Bat_To_Exe_Converter.exe, Bat_To_Exe_Converter.exe, 00000005.00000002.2924550088.00000000022A9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/99fk
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp String found in binary or memory: https://github.com/99fkDokumenteLetzte
Source: Bat_To_Exe_Converter.exe, Bat_To_Exe_Converter.exe, 00000005.00000002.2924550088.00000000022A9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://upx.github.io
Source: Bat_To_Exe_Converter.exe, Bat_To_Exe_Converter.exe, 00000005.00000002.2924550088.00000000022A9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://upx.github.io/upx-license.html
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp String found in binary or memory: https://upx.github.io/upx-license.htmlKonverterAltStyleGPL
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp String found in binary or memory: https://upx.github.ioEine
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp, upx.exe.5.dr String found in binary or memory: https://upx.github.ioT
Source: Bat_To_Exe_Converter.exe, Bat_To_Exe_Converter.exe, 00000005.00000002.2924550088.00000000022A9000.00000004.00000020.00020000.00000000.sdmp, Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.everaldo.com/
Source: Bat_To_Exe_Converter.exe, Bat_To_Exe_Converter.exe, 00000005.00000002.2924550088.00000000022A9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.scintilla.org/
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.scintilla.org/ArchitekturAM/fileversionCouldn
Source: Bat_To_Exe_Converter.exe, Bat_To_Exe_Converter.exe, 00000005.00000002.2924550088.00000000022A9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.scintilla.org/License.txt
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.scintilla.org/License.txtBat
Contains functionality for read data from the clipboard
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140060084 OpenClipboard,GetClipboardData,GlobalLock,wcslen,CloseClipboard,memcpy,GlobalUnWire, 5_2_0000000140060084
Contains functionality to modify clipboard data
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140397EB4 SetClipboardData, 5_2_0000000140397EB4
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014005FFD0 OpenClipboard,wcslen,GlobalAlloc,EmptyClipboard,GlobalLock,memcpy,GlobalUnWire,SetClipboardData,CloseClipboard, 5_2_000000014005FFD0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1E8224 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalAlloc,GlobalLock,WideCharToMultiByte,GlobalUnlock,SetClipboardData,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard, 5_2_00007FFDFF1E8224
Contains functionality to read the clipboard data
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140060084 OpenClipboard,GetClipboardData,GlobalLock,wcslen,CloseClipboard,memcpy,GlobalUnWire, 5_2_0000000140060084
Potential key logger detected (key state polling based)
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014005DC08 GetFocus,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetClassNameW,_wcsncoll,IsDlgButtonChecked,GetKeyState,GetKeyState,GetKeyState,GetPropW,GetPropW,GetWindowThreadProcessId,GetCurrentProcessId, 5_2_000000014005DC08
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1E59F8 IsChild,GetDlgCtrlID,SystemParametersInfoA,RegisterDragDrop,GetCursorPos,ScreenToClient,SystemParametersInfoA,ClientToScreen,IsWindowUnicode,WideCharToMultiByte,GetKeyState,GetKeyState,GetKeyState,SendMessageA,GetMessageTime,ImmGetContext,ImmReleaseContext,GetKeyState,GetMessageTime,DefWindowProcA,MsgWaitForMultipleObjects,GetTickCount,PostMessageA,SetFocus, 5_2_00007FFDFF1E59F8
Contains functionality to call native functions
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014005D068 GetPropW,DefFrameProcW,SetLastError,NtdllDefWindowProc_W, 5_2_000000014005D068
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140059267 GetClassNameW,_wcsicmp,_wcsicmp,_wcsicmp,NtdllDefWindowProc_W,CallWindowProcW,SetBkMode,DeleteObject,GetParent,GetClientRect,GetWindowRect,ScreenToClient,ScreenToClient,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,CreateWindowExW,DestroyWindow,CreateBrushIndirect,DeleteObject,DeleteDC,GetParent,GetUpdateRect,MapWindowPoints,InvalidateRect,GetParent,CallWindowProcW, 5_2_0000000140059267
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014005A27C GetWindowLongPtrW,CallWindowProcW,RemovePropW,RemovePropW,RevokeDragDrop,SetWindowLongPtrW,NtdllDefWindowProc_W, 5_2_000000014005A27C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140057E94 CallWindowProcW,GetWindowLongPtrW,GetClientRect,FillRect,NtdllDefWindowProc_W, 5_2_0000000140057E94
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140054030 NtdllDefWindowProc_W,GetWindowLongPtrW,GetPropW,SetWindowLongPtrW,RemovePropW,GetWindowTextW,GetWindowLongPtrW,SetPropW,SetWindowLongPtrW, 5_2_0000000140054030
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014005E0CC HeapFree,NtdllDefWindowProc_W, 5_2_000000014005E0CC
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140055520 GetWindowLongPtrW,GetClientRect,GetClientRect,GetScrollRange,GetScrollRange,GetScrollPos,GetScrollPos,SetScrollPos,CallWindowProcW,GetWindowLongPtrW,GetClientRect,FillRect,NtdllDefWindowProc_W, 5_2_0000000140055520
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400526C8 GetWindowLongPtrW,SetCursor,BeginPaint,GetParent,IsDlgButtonChecked,FillRect,GetWindowTextW,SelectObject,GetClientRect,CreateRectRgnIndirect,SelectClipRgn,DeleteObject,IsWindowEnabled,SetBkMode,SetTextColor,TextOutW,GetTextExtentPoint32W,CreatePen,SelectObject,MoveToEx,LineTo,SelectObject,DeleteObject,DrawStateW,EndPaint,CallWindowProcW,CallWindowProcW,NtdllDefWindowProc_W,SetTimer,GetMessagePos,GetMessagePos,ScreenToClient,GetClientRect,GetParent,IsWindowEnabled,KillTimer,InvalidateRect, 5_2_00000001400526C8
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140055744 GetParent,GetWindowLongPtrW,GetScrollPos,IsDlgButtonChecked,SetFocus,GetParent,CallWindowProcW,GetParent,GetWindowLongPtrW,GetClientRect,FillRect,NtdllDefWindowProc_W, 5_2_0000000140055744
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140397D84 NtdllDefWindowProc_W, 5_2_0000000140397D84
Detected potential crypto function
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140001000 5_2_0000000140001000
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014005D138 5_2_000000014005D138
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400451E8 5_2_00000001400451E8
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140042388 5_2_0000000140042388
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140084030 5_2_0000000140084030
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400CC040 5_2_00000001400CC040
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140085050 5_2_0000000140085050
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400570C4 5_2_00000001400570C4
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014006012C 5_2_000000014006012C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014008015E 5_2_000000014008015E
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140064258 5_2_0000000140064258
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400CA2F0 5_2_00000001400CA2F0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400803D5 5_2_00000001400803D5
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014005F444 5_2_000000014005F444
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014007D4D0 5_2_000000014007D4D0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400CB5C0 5_2_00000001400CB5C0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400D75F0 5_2_00000001400D75F0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400766A0 5_2_00000001400766A0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400526C8 5_2_00000001400526C8
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014005B6CC 5_2_000000014005B6CC
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400576E8 5_2_00000001400576E8
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400856F0 5_2_00000001400856F0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400447C0 5_2_00000001400447C0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014004788C 5_2_000000014004788C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400F9930 5_2_00000001400F9930
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140079950 5_2_0000000140079950
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140084980 5_2_0000000140084980
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140065A20 5_2_0000000140065A20
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140079A30 5_2_0000000140079A30
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014007FACD 5_2_000000014007FACD
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400FBAF0 5_2_00000001400FBAF0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400D6B50 5_2_00000001400D6B50
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400C9C20 5_2_00000001400C9C20
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014007FC65 5_2_000000014007FC65
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140083CA0 5_2_0000000140083CA0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140083CB0 5_2_0000000140083CB0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014006BCB0 5_2_000000014006BCB0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140075E00 5_2_0000000140075E00
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140073E60 5_2_0000000140073E60
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014009AF20 5_2_000000014009AF20
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014004EF58 5_2_000000014004EF58
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140047FC8 5_2_0000000140047FC8
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014006DFD4 5_2_000000014006DFD4
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1E59F8 5_2_00007FFDFF1E59F8
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1CE214 5_2_00007FFDFF1CE214
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF21FF9C 5_2_00007FFDFF21FF9C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1D3FBC 5_2_00007FFDFF1D3FBC
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF22AFA4 5_2_00007FFDFF22AFA4
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF224020 5_2_00007FFDFF224020
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF20EE70 5_2_00007FFDFF20EE70
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1F9EC0 5_2_00007FFDFF1F9EC0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1DCF48 5_2_00007FFDFF1DCF48
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1EADD4 5_2_00007FFDFF1EADD4
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF22BDE4 5_2_00007FFDFF22BDE4
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1F4E54 5_2_00007FFDFF1F4E54
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF235E38 5_2_00007FFDFF235E38
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF21DC84 5_2_00007FFDFF21DC84
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF21CC88 5_2_00007FFDFF21CC88
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF215B94 5_2_00007FFDFF215B94
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1F1B94 5_2_00007FFDFF1F1B94
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF22EB70 5_2_00007FFDFF22EB70
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1CCB70 5_2_00007FFDFF1CCB70
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1FDBB4 5_2_00007FFDFF1FDBB4
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1DFA80 5_2_00007FFDFF1DFA80
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1EDAA0 5_2_00007FFDFF1EDAA0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF20FAEC 5_2_00007FFDFF20FAEC
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF211B58 5_2_00007FFDFF211B58
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF203B54 5_2_00007FFDFF203B54
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF20CB48 5_2_00007FFDFF20CB48
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1C6B24 5_2_00007FFDFF1C6B24
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1FF9C8 5_2_00007FFDFF1FF9C8
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF20BA2C 5_2_00007FFDFF20BA2C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1FE87C 5_2_00007FFDFF1FE87C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF21B8C0 5_2_00007FFDFF21B8C0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1EE8F0 5_2_00007FFDFF1EE8F0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1DF8F0 5_2_00007FFDFF1DF8F0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1F0920 5_2_00007FFDFF1F0920
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF21993C 5_2_00007FFDFF21993C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF20979C 5_2_00007FFDFF20979C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1F5794 5_2_00007FFDFF1F5794
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF22A768 5_2_00007FFDFF22A768
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF21D7DC 5_2_00007FFDFF21D7DC
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1EB7F8 5_2_00007FFDFF1EB7F8
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF22970C 5_2_00007FFDFF22970C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF2026E0 5_2_00007FFDFF2026E0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF2226E8 5_2_00007FFDFF2226E8
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1F4740 5_2_00007FFDFF1F4740
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1EF720 5_2_00007FFDFF1EF720
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF20D590 5_2_00007FFDFF20D590
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF214598 5_2_00007FFDFF214598
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1F2598 5_2_00007FFDFF1F2598
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1FB64C 5_2_00007FFDFF1FB64C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF21A644 5_2_00007FFDFF21A644
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF22764C 5_2_00007FFDFF22764C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF23163C 5_2_00007FFDFF23163C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1FC49C 5_2_00007FFDFF1FC49C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF210460 5_2_00007FFDFF210460
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1E4504 5_2_00007FFDFF1E4504
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF21E3C0 5_2_00007FFDFF21E3C0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF2323AC 5_2_00007FFDFF2323AC
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF228438 5_2_00007FFDFF228438
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1CB260 5_2_00007FFDFF1CB260
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1FF318 5_2_00007FFDFF1FF318
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF22530C 5_2_00007FFDFF22530C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF2152EC 5_2_00007FFDFF2152EC
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1ED1C8 5_2_00007FFDFF1ED1C8
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1F8200 5_2_00007FFDFF1F8200
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1F71F0 5_2_00007FFDFF1F71F0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF235234 5_2_00007FFDFF235234
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF20A234 5_2_00007FFDFF20A234
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1FD098 5_2_00007FFDFF1FD098
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF1F10D0 5_2_00007FFDFF1F10D0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF23111C 5_2_00007FFDFF23111C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF2010E8 5_2_00007FFDFF2010E8
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF209144 5_2_00007FFDFF209144
Found potential string decryption / allocating functions
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: String function: 00000001400C7720 appears 52 times
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: String function: 0000000140072F30 appears 412 times
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: String function: 00007FFDFF22F1C0 appears 157 times
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: String function: 0000000140073020 appears 65 times
PE file contains executable resources (Code or Archives)
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-54DM0.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-54DM0.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe, 00000000.00000003.1670350947.00000000024C6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe, 00000000.00000003.1670603131.000000007FE32000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe
Uses 32bit PE files
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: is-48PVO.tmp.1.dr Static PE information: Section: UPX1 ZLIB complexity 0.999680434853633
Source: upx.exe.5.dr Static PE information: Section: UPX1 ZLIB complexity 0.9970993193069307
Source: classification engine Classification label: clean16.evad.winEXE@5/33@0/1
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140014D9A BeginUpdateResourceW,SizeofResource,UpdateResourceW,EndUpdateResourceA,FreeLibrary, 5_2_0000000140014D9A
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp File created: C:\Program Files\Bat To Exe Converter Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe File created: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp File read: C:\Program Files\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: Bat_To_Exe_Converter.exe String found in binary or memory: -help
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe String found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe Process created: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp "C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp" /SL5="$20438,4092287,121344,C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe"
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Process created: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe "C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe Process created: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp "C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp" /SL5="$20438,4092287,121344,C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Process created: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe "C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: globinputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: ehstorshell.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: cscui.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: thumbcache.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: Bat To Exe Converter.lnk.1.dr LNK file: ..\..\..\..\..\..\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe
Source: Uninstall Bat To Exe Converter.lnk.1.dr LNK file: ..\..\..\..\..\..\Program Files\Bat To Exe Converter\unins000.exe
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Window found: window name: TSelectLanguageForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.License AgreementCopyright (c) 2019 Fatih KodakPermission is hereby granted free of charge to any person obtaining a copyof this software and associated documentation files (the "Software") to dealin the Software without restriction including without limitation the rightsto use copy modify merge publish distribute sublicense and/or sellcopies of the Software and to permit persons to whom the Software isfurnished to do so subject to the following conditions:The above copyright notice and this permission notice shall be included inall copies or substantial portions of the Software.THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND EXPRESS ORIMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITYFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHERLIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROMOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS INTHE SOFTWARE. I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.License AgreementCopyright (c) 2019 Fatih KodakPermission is hereby granted free of charge to any person obtaining a copyof this software and associated documentation files (the "Software") to dealin the Software without restriction including without limitation the rightsto use copy modify merge publish distribute sublicense and/or sellcopies of the Software and to permit persons to whom the Software isfurnished to do so subject to the following conditions:The above copyright notice and this permission notice shall be included inall copies or substantial portions of the Software.THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND EXPRESS ORIMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITYFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHERLIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROMOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS INTHE SOFTWARE. I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Window detected: Number of UI elements: 34
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Directory created: C:\Program Files\Bat To Exe Converter Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Directory created: C:\Program Files\Bat To Exe Converter\unins000.dat Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Directory created: C:\Program Files\Bat To Exe Converter\is-54DM0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Directory created: C:\Program Files\Bat To Exe Converter\is-48PVO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60C29EC2-33E8-45EE-87E4-31FA3E35C539}_is1 Jump to behavior
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe Static file information: File size 4482593 > 1048576
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: Z?.PDB source: Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp
Source: Binary string: d:\dev\All\shared\3rd_Party\Scintilla\1.76\bin\SciLexer.pdb source: Bat_To_Exe_Converter.exe, Bat_To_Exe_Converter.exe, 00000005.00000002.2925651851.00007FFDFF239000.00000002.00000001.01000000.00000009.sdmp, Bat_To_Exe_Converter.exe, 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp, Scilexer.dll.5.dr

Data Obfuscation
barindex
Yara detected BatToExe compiled binary
Source: Yara match File source: 5.2.Bat_To_Exe_Converter.exe.1402216dd.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.Bat_To_Exe_Converter.exe.1401e0add.2.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.Bat_To_Exe_Converter.exe.140150618.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.Bat_To_Exe_Converter.exe.140000000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000005.00000002.2925263104.0000000140042000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Bat_To_Exe_Converter.exe PID: 6128, type: MEMORYSTR
Contains functionality to dynamically determine API calls
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014004C1BC LoadLibraryW,GetProcAddress,wcscpy,wcscat,wcslen,FreeLibrary,wcscat,wcslen, 5_2_000000014004C1BC
Uses code obfuscation techniques (call, push, ret)
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140075191 push rbp; iretd 5_2_0000000140075192
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014007538F push r13; retf 5_2_0000000140075391
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014007538C push rbp; retf 5_2_000000014007538D
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400746EA pushfq ; retf 5_2_00000001400746EB
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400746F1 pushfq ; retf 5_2_00000001400746F8
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140074EF9 push rbp; retf 5_2_0000000140074F00
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_0000000140074F02 push r13; retf 5_2_0000000140074F04
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Drops PE files
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe File created: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Jump to dropped file
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File created: C:\Users\user\AppData\Roaming\Bat To Exe Converter\upx.exe Jump to dropped file
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File created: C:\Users\user\AppData\Roaming\Bat To Exe Converter\Scilexer.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp File created: C:\Program Files\Bat To Exe Converter\is-54DM0.tmp Jump to dropped file
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File created: C:\Users\user\AppData\Roaming\Bat To Exe Converter\GoRC.exe Jump to dropped file
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File created: C:\Users\user\AppData\Roaming\Bat To Exe Converter\GoLink.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp File created: C:\Program Files\Bat To Exe Converter\is-48PVO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp File created: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp File created: C:\Users\user\AppData\Local\Temp\is-DVABN.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp File created: C:\Program Files\Bat To Exe Converter\unins000.exe (copy) Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bat To Exe Converter Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bat To Exe Converter\Bat To Exe Converter.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bat To Exe Converter\Uninstall Bat To Exe Converter.lnk Jump to behavior
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014005C6A8 GetWindow,SetActiveWindow,GetWindow,IsZoomed,IsIconic,IsIconic,ShowWindow, 5_2_000000014005C6A8
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014005C6A8 GetWindow,SetActiveWindow,GetWindow,IsZoomed,IsIconic,IsIconic,ShowWindow, 5_2_000000014005C6A8
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014005CE70 IsZoomed,IsIconic, 5_2_000000014005CE70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Window / User API: threadDelayed 882 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Bat To Exe Converter\upx.exe Jump to dropped file
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Bat To Exe Converter\Scilexer.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Dropped PE file which has not been started: C:\Program Files\Bat To Exe Converter\is-54DM0.tmp Jump to dropped file
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Bat To Exe Converter\GoRC.exe Jump to dropped file
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Bat To Exe Converter\GoLink.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-DVABN.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Dropped PE file which has not been started: C:\Program Files\Bat To Exe Converter\unins000.exe (copy) Jump to dropped file
Found evasive API chain (date check)
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Evasive API call chain: GetLocalTime,DecisionNodes
Queries keyboard layouts
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014004BD20 wcslen,wcslen,RtlAllocateHeap,wcscpy,wcscat,wcscat,FindFirstFileW,GetLastError,HeapFree, 5_2_000000014004BD20
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014004C040 wcsncpy,wcslen,wcscat,GetDriveTypeW,FindFirstFileW,FindClose,GetFileAttributesW,GetDriveTypeW, 5_2_000000014004C040
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014004C434 wcsncpy,wcslen,wcsncpy,_snwprintf,FindFirstFileW,_snwprintf,wcscmp,wcscmp,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW, 5_2_000000014004C434
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File opened: C:\Users\user\AppData\Roaming Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File opened: C:\Users\user Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File opened: C:\Users\user\AppData\Roaming\Bat To Exe Converter Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File opened: C:\Users\user\AppData\Roaming\Bat To Exe Converter\GoRC.exe Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File opened: C:\Users\user\AppData\Roaming\Bat To Exe Converter\GoLink.exe Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe File opened: C:\Users\user\AppData Jump to behavior
Source: Bat_To_Exe_Converter.exe, 00000005.00000002.2924024021.000000000060A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll7
Source: SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp, 00000001.00000003.2021422458.000000000067C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\3
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF22DB70 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 5_2_00007FFDFF22DB70
Contains functionality to dynamically determine API calls
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014004C1BC LoadLibraryW,GetProcAddress,wcscpy,wcscat,wcslen,FreeLibrary,wcscat,wcslen, 5_2_000000014004C1BC
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400471B0 RtlRemoveVectoredExceptionHandler,RtlAddVectoredExceptionHandler, 5_2_00000001400471B0
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF22DB70 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 5_2_00007FFDFF22DB70
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF22F270 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 5_2_00007FFDFF22F270
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00007FFDFF23212C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 5_2_00007FFDFF23212C
Contains functionality to query locales information (e.g. system language)
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: GetLocaleInfoA, 5_2_00007FFDFF23605C
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: GetKeyboardLayout,GetLocaleInfoA, 5_2_00007FFDFF1E5434
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014005F8E4 GetLocalTime, 5_2_000000014005F8E4
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_00000001400439C8 memset,memset,GetVersionExW,CreateWindowExW,SetWindowLongPtrW,IsDlgButtonChecked, 5_2_00000001400439C8
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe Code function: 5_2_000000014039813C WSACleanup,bind,connect, 5_2_000000014039813C
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1431820 Sample: SecuriteInfo.com.W32.ABRisk... Startdate: 25/04/2024 Architecture: WINDOWS Score: 16 37 Yara detected BatToExe compiled binary 2->37 7 SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe 2 2->7         started        process3 file4 17 SecuriteInfo.com.W...2550.30267.8823.tmp, PE32 7->17 dropped 10 SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp 29 18 7->10         started        process5 file6 19 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 10->19 dropped 21 C:\Program Files\...\unins000.exe (copy), PE32 10->21 dropped 23 C:\Program Files\...\is-54DM0.tmp, PE32 10->23 dropped 25 2 other files (none is malicious) 10->25 dropped 13 Bat_To_Exe_Converter.exe 35 10->13         started        process7 dnsIp8 35 127.0.0.1 unknown unknown 13->35 27 C:\Users\user\AppData\Roaming\...\upx.exe, PE32 13->27 dropped 29 C:\Users\user\AppData\...\Scilexer.dll, PE32+ 13->29 dropped 31 C:\Users\user\AppData\Roaming\...behaviorgraphoRC.exe, PE32 13->31 dropped 33 C:\Users\user\AppData\Roaming\...behaviorgraphoLink.exe, PE32 13->33 dropped file9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious

Private

IP
127.0.0.1