Source: rsatcustominstaller.exe |
Static PE information: certificate valid |
Source: rsatcustominstaller.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: |
Binary string: rsatcustominstaller.pdbGCTL source: rsatcustominstaller.exe |
Source: |
Binary string: rsatcustominstaller.pdb source: rsatcustominstaller.exe |
Source: classification engine |
Classification label: sus20.evad.winEXE@1/0@0/0 |
Source: rsatcustominstaller.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\rsatcustominstaller.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: rsatcustominstaller.exe |
Static PE information: certificate valid |
Source: initial sample |
Static PE information: Valid certificate with Microsoft Issuer |
Source: rsatcustominstaller.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: rsatcustominstaller.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: rsatcustominstaller.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: rsatcustominstaller.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: rsatcustominstaller.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: rsatcustominstaller.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: rsatcustominstaller.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: rsatcustominstaller.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: rsatcustominstaller.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: rsatcustominstaller.pdbGCTL source: rsatcustominstaller.exe |
Source: |
Binary string: rsatcustominstaller.pdb source: rsatcustominstaller.exe |
Source: rsatcustominstaller.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: rsatcustominstaller.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: rsatcustominstaller.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: rsatcustominstaller.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: rsatcustominstaller.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\rsatcustominstaller.exe |
Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Start_AdminToolsRoot |
Jump to behavior |