Source: hv7H7u7IvS.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD6842C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF66DD6842C |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD58AF0 FindFirstFileExW,FindClose, |
0_2_00007FF66DD58AF0 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD724C4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_00007FF66DD724C4 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD6842C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF66DD6842C |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD7789C |
0_2_00007FF66DD7789C |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD62680 |
0_2_00007FF66DD62680 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD61E60 |
0_2_00007FF66DD61E60 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD6E5FC |
0_2_00007FF66DD6E5FC |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD7A5D8 |
0_2_00007FF66DD7A5D8 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD5A55D |
0_2_00007FF66DD5A55D |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD6842C |
0_2_00007FF66DD6842C |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD6F110 |
0_2_00007FF66DD6F110 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD640C4 |
0_2_00007FF66DD640C4 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD590C0 |
0_2_00007FF66DD590C0 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD62884 |
0_2_00007FF66DD62884 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD62064 |
0_2_00007FF66DD62064 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD74860 |
0_2_00007FF66DD74860 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD71518 |
0_2_00007FF66DD71518 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD63330 |
0_2_00007FF66DD63330 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD68278 |
0_2_00007FF66DD68278 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD6EA90 |
0_2_00007FF66DD6EA90 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD62270 |
0_2_00007FF66DD62270 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD6AA10 |
0_2_00007FF66DD6AA10 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD76950 |
0_2_00007FF66DD76950 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD57950 |
0_2_00007FF66DD57950 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD71518 |
0_2_00007FF66DD71518 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD59D2B |
0_2_00007FF66DD59D2B |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD74CFC |
0_2_00007FF66DD74CFC |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD66510 |
0_2_00007FF66DD66510 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD724C4 |
0_2_00007FF66DD724C4 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD63CC0 |
0_2_00007FF66DD63CC0 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD68CB0 |
0_2_00007FF66DD68CB0 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD62474 |
0_2_00007FF66DD62474 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD6842C |
0_2_00007FF66DD6842C |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD76BCC |
0_2_00007FF66DD76BCC |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD59B8B |
0_2_00007FF66DD59B8B |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD77350 |
0_2_00007FF66DD77350 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: String function: 00007FF66DD52B10 appears 47 times |
|
Source: classification engine |
Classification label: clean5.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD58560 GetLastError,FormatMessageW,WideCharToMultiByte, |
0_2_00007FF66DD58560 |
Source: hv7H7u7IvS.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
File read: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: hv7H7u7IvS.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: hv7H7u7IvS.exe |
Static file information: File size 30408704 > 1048576 |
Source: hv7H7u7IvS.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: hv7H7u7IvS.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: hv7H7u7IvS.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: hv7H7u7IvS.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: hv7H7u7IvS.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: hv7H7u7IvS.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: hv7H7u7IvS.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: hv7H7u7IvS.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: hv7H7u7IvS.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: hv7H7u7IvS.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: hv7H7u7IvS.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: hv7H7u7IvS.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: hv7H7u7IvS.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: hv7H7u7IvS.exe |
Static PE information: section name: _RDATA |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD56EF0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
0_2_00007FF66DD56EF0 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Check user administrative privileges: GetTokenInformation,DecisionNodes |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
API coverage: 6.1 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD6842C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF66DD6842C |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD58AF0 FindFirstFileExW,FindClose, |
0_2_00007FF66DD58AF0 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD724C4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_00007FF66DD724C4 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD6842C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, |
0_2_00007FF66DD6842C |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD5C6AC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF66DD5C6AC |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD740D0 GetProcessHeap, |
0_2_00007FF66DD740D0 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD5C6AC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF66DD5C6AC |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD5BE20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF66DD5BE20 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD5C88C SetUnhandledExceptionFilter, |
0_2_00007FF66DD5C88C |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD6B1B8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF66DD6B1B8 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD7A420 cpuid |
0_2_00007FF66DD7A420 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD5C590 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00007FF66DD5C590 |
Source: C:\Users\user\Desktop\hv7H7u7IvS.exe |
Code function: 0_2_00007FF66DD76950 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation, |
0_2_00007FF66DD76950 |