Source: ugslmd.exe |
Virustotal: Detection: 18% |
Perma Link |
Source: ugslmd.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\ugslmd.exe |
File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00408064 |
0_2_00408064 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_0040807B |
0_2_0040807B |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00407039 |
0_2_00407039 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00407D5C |
0_2_00407D5C |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00408911 |
0_2_00408911 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00403D15 |
0_2_00403D15 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_0040891E |
0_2_0040891E |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00403D25 |
0_2_00403D25 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_0040652E |
0_2_0040652E |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00406539 |
0_2_00406539 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_004051CC |
0_2_004051CC |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00402D97 |
0_2_00402D97 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00402DAE |
0_2_00402DAE |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_004051B4 |
0_2_004051B4 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00405645 |
0_2_00405645 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00405601 |
0_2_00405601 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00407213 |
0_2_00407213 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_0040721E |
0_2_0040721E |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00404221 |
0_2_00404221 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00404234 |
0_2_00404234 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_004092CB |
0_2_004092CB |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00409AA9 |
0_2_00409AA9 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_004092BC |
0_2_004092BC |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00408F6C |
0_2_00408F6C |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00408F7A |
0_2_00408F7A |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_0040330A |
0_2_0040330A |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00409F0B |
0_2_00409F0B |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00409F1A |
0_2_00409F1A |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_004047B3 |
0_2_004047B3 |
Source: ugslmd.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal48.winEXE@2/1@0/0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6516:120:WilError_03 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: ugslmd.exe |
Virustotal: Detection: 18% |
Source: unknown |
Process created: C:\Users\user\Desktop\ugslmd.exe "C:\Users\user\Desktop\ugslmd.exe" |
Source: C:\Users\user\Desktop\ugslmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ugslmd.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ugslmd.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ugslmd.exe |
Section loaded: icmp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ugslmd.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ugslmd.exe |
File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_0040101A memset,memset,memset,_umask,_getcwd,GetVersion,_chdir,sprintf,_mkdir,LoadLibraryA,GetProcAddress,sprintf,sprintf,_access,sprintf,_chdir,sprintf,_mkdir,_mkdir,sprintf,_mkdir,_chdir,sprintf,_mkdir,sprintf,_mkdir,FreeLibrary,getenv,sprintf,sprintf,_access,sprintf,_chdir,sprintf,_mkdir,_mkdir,_chdir,sprintf,_mkdir,sprintf,_chdir,sprintf,_mkdir,sprintf,_mkdir,_chdir,_umask,strlen,memcpy,strcpy, |
0_2_0040101A |
Source: initial sample |
Static PE information: section where entry point is pointing to: .data11 |
Source: ugslmd.exe |
Static PE information: section name: .textidx |
Source: ugslmd.exe |
Static PE information: section name: CONST |
Source: ugslmd.exe |
Static PE information: section name: .data10 |
Source: ugslmd.exe |
Static PE information: section name: .data11 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00684C76 push 64709177h; mov dword ptr [esp], ebp |
0_2_00683239 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00684C76 pushfd ; mov dword ptr [esp], ebp |
0_2_00683735 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00684C76 pushfd ; mov dword ptr [esp], edi |
0_2_00683739 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00684C76 push dword ptr [esp+48h]; retn 004Ch |
0_2_00685340 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00684041 push dword ptr [esp+38h]; retn 003Ch |
0_2_00684060 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00401C3A push dword ptr [esp+38h]; retn 003Ch |
0_2_00401C59 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_0040283E push dword ptr [esp+14h]; mov dword ptr [esp], 3A50C060h |
0_2_0040284F |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_004018C9 push 27BA4E00h; mov dword ptr [esp], ebx |
0_2_004018DF |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_004018C9 push 27BA4E00h; mov dword ptr [esp], ebx |
0_2_004018DF |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00401CEB push 64709177h; mov dword ptr [esp], ebp |
0_2_00401CF0 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_004018C9 push 27BA4E00h; mov dword ptr [esp], ebx |
0_2_004018DF |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_004028F6 push 3278574Ah; mov dword ptr [esp], ecx |
0_2_004028FB |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00402946 push dword ptr [esp+38h]; retn 003Ch |
0_2_005E08D5 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_005E0156 push dword ptr [esp+08h]; retn 000Ch |
0_2_005E016C |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_005E0563 pushad ; mov dword ptr [esp], 9A1F551Ah |
0_2_005E0585 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_0040190F pushfd ; mov dword ptr [esp], ebx |
0_2_00401917 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_0040190F push ecx; mov dword ptr [esp], ecx |
0_2_0040191B |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00402119 push dword ptr [esp+34h]; retn 0038h |
0_2_00402128 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00402183 push 314BF859h; mov dword ptr [esp], ebx |
0_2_00402196 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00402183 pushfd ; mov dword ptr [esp], ecx |
0_2_0040219A |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_004025A9 push ecx; mov dword ptr [esp], 025AC96Ch |
0_2_004025F3 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00402641 push dword ptr [esp]; mov dword ptr [esp], esi |
0_2_00402659 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00402648 push dword ptr [esp]; mov dword ptr [esp], esi |
0_2_00402659 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00401E31 pushfd ; mov dword ptr [esp], 6E2C6620h |
0_2_005E005D |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_004026FD push dword ptr [esp]; mov dword ptr [esp], esi |
0_2_00402723 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00683ABF push dword ptr [esp+34h]; retn 0038h |
0_2_00683ACE |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00680377 push dword ptr [esp+2Ch]; retn 0038h |
0_2_00680E5B |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00401B2D pushfd ; mov dword ptr [esp], esi |
0_2_00401B46 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00401B2D push 747377BDh; mov dword ptr [esp], ebp |
0_2_00401B4E |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00401EDE push 2B9D4FAFh; mov dword ptr [esp], ebx |
0_2_005E1338 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00401EDE push 6886B23Ah; mov dword ptr [esp], ecx |
0_2_005E1340 |
Source: ugslmd.exe |
Static PE information: section name: .data11 entropy: 7.9892958796289655 |
Source: C:\Users\user\Desktop\ugslmd.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\ugslmd.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: ugslmd.exe, 00000000.00000002.1618992451.000000000088E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_0040101A memset,memset,memset,_umask,_getcwd,GetVersion,_chdir,sprintf,_mkdir,LoadLibraryA,GetProcAddress,sprintf,sprintf,_access,sprintf,_chdir,sprintf,_mkdir,_mkdir,sprintf,_mkdir,_chdir,sprintf,_mkdir,sprintf,_mkdir,FreeLibrary,getenv,sprintf,sprintf,_access,sprintf,_chdir,sprintf,_mkdir,_mkdir,_chdir,sprintf,_mkdir,sprintf,_chdir,sprintf,_mkdir,sprintf,_mkdir,_chdir,_umask,strlen,memcpy,strcpy, |
0_2_0040101A |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\ugslmd.exe |
Code function: 0_2_00401000 GetVersion, |
0_2_00401000 |