Source: openurl.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: openurl.exe |
Static PE information: certificate valid |
Source: openurl.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: openurl.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: openurl.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: openurl.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: openurl.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: openurl.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: openurl.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: openurl.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: openurl.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: openurl.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: openurl.exe |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: openurl.exe |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: openurl.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: openurl.exe |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: openurl.exe |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: openurl.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean2.winEXE@1/0@0/0 |
Source: openurl.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\openurl.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\openurl.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\openurl.exe |
Section loaded: qt5widgets.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\openurl.exe |
Section loaded: qt5gui.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\openurl.exe |
Section loaded: qt5core.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\openurl.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: openurl.exe |
Static PE information: certificate valid |
Source: openurl.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: openurl.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: openurl.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: openurl.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: openurl.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: openurl.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: openurl.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: openurl.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: openurl.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: openurl.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: openurl.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: openurl.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: openurl.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\openurl.exe |
Code function: 0_2_00771EC6 push ecx; ret |
0_2_00771ED9 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\openurl.exe |
Code function: 0_2_00771C37 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00771C37 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\openurl.exe |
Code function: 0_2_0077177E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_0077177E |
Source: C:\Users\user\Desktop\openurl.exe |
Code function: 0_2_00771C37 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00771C37 |
Source: C:\Users\user\Desktop\openurl.exe |
Code function: 0_2_00771DCA SetUnhandledExceptionFilter, |
0_2_00771DCA |
Source: C:\Users\user\Desktop\openurl.exe |
Code function: 0_2_00771EFE cpuid |
0_2_00771EFE |
Source: C:\Users\user\Desktop\openurl.exe |
Code function: 0_2_00771B21 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00771B21 |