Source: 4NsDuAp8TA.exe |
Virustotal: Detection: 38% |
Perma Link |
Source: 4NsDuAp8TA.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Code function: 0_2_0040264F FindFirstFileA, |
0_2_0040264F |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Code function: 0_2_00405454 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, |
0_2_00405454 |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Code function: 0_2_00405E7B FindFirstFileA,FindClose, |
0_2_00405E7B |
Source: 4NsDuAp8TA.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_Error |
Source: 4NsDuAp8TA.exe, 00000000.00000002.2045049060.0000000000ADE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://nsis.sf.net/NSIS_Error( |
Source: 4NsDuAp8TA.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Code function: 0_2_00404FC2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_00404FC2 |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Code function: 0_2_004030EF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess, |
0_2_004030EF |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Code function: 0_2_00404801 |
0_2_00404801 |
Source: 4NsDuAp8TA.exe |
Static PE information: Resource name: RT_VERSION type: x86 executable not stripped |
Source: 4NsDuAp8TA.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal48.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Code function: 0_2_004042C5 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, |
0_2_004042C5 |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Code function: 0_2_00402036 CoCreateInstance,MultiByteToWideChar, |
0_2_00402036 |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
File created: C:\Users\user\AppData\Local\Temp\nsi56C.tmp |
Jump to behavior |
Source: 4NsDuAp8TA.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: 4NsDuAp8TA.exe |
Virustotal: Detection: 38% |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
File read: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Code function: 0_2_00405EA2 GetModuleHandleA,LoadLibraryA,GetProcAddress, |
0_2_00405EA2 |
Source: 4NsDuAp8TA.exe |
Static PE information: real checksum: 0x70616 should be: 0x310b9 |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
API coverage: 8.3 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Code function: 0_2_0040264F FindFirstFileA, |
0_2_0040264F |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Code function: 0_2_00405454 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, |
0_2_00405454 |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Code function: 0_2_00405E7B FindFirstFileA,FindClose, |
0_2_00405E7B |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Code function: 0_2_00405EA2 GetModuleHandleA,LoadLibraryA,GetProcAddress, |
0_2_00405EA2 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\4NsDuAp8TA.exe |
Code function: 0_2_00405B99 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA, |
0_2_00405B99 |