Source: BDFirm180.exe |
Virustotal: Detection: 16% |
Perma Link |
Source: BDFirm180.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: BDFirm180.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: BDFirm180.exe |
Static PE information: Resource name: DLL type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
Source: BDFirm180.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal48.winEXE@1/1@0/0 |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Roland Firmware Installer |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Global\RemoteController ROBI |
Source: C:\Users\user\Desktop\BDFirm180.exe |
File created: C:\Users\user\AppData\Local\Temp\RemoteCTR.DLL |
Source: BDFirm180.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: BDFirm180.exe |
Virustotal: Detection: 16% |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: apphelp.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: iphlpapi.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: msimg32.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: uxtheme.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: dwmapi.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: wsock32.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: snmpapi.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: mgmtapi.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: oleacc.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: winmm.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: wsnmp32.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: windows.storage.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: wldp.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: profapi.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: dhcpcsvc6.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: dhcpcsvc.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: dnsapi.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: mswsock.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: kernel.appcore.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: textinputframework.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: coreuicomponents.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: coremessaging.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: ntmarta.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: wintypes.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: wintypes.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: wintypes.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: textshaping.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: napinsp.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: pnrpnsp.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: wshbth.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: nlaapi.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: winrnr.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: fwpuclnt.dll |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Section loaded: rasadhlp.dll |
Source: BDFirm180.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: BDFirm180.exe |
Static file information: File size 6023168 > 1048576 |
Source: BDFirm180.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x14e000 |
Source: BDFirm180.exe |
Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x3b9600 |
Source: BDFirm180.exe |
Static PE information: More than 200 imports for USER32.dll |
Source: BDFirm180.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: BDFirm180.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: BDFirm180.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: BDFirm180.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: BDFirm180.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: BDFirm180.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\BDFirm180.exe |
File created: C:\Users\user\AppData\Local\Temp\RemoteCTR.DLL |
Jump to dropped file |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\BDFirm180.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RemoteCTR.DLL |
Jump to dropped file |