Windows Analysis Report
SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe

Overview

General Information

Sample name: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe
Analysis ID: 1438248
MD5: 06feef43e18458e9f1052c6d485bdf57
SHA1: 0b67a57d2bae9757e7caceec8e557884e80ace5d
SHA256: f48f22e583ad5628e34c5e76367deab519d49be78fc6741327bbc9386079538c
Tags: exe

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found potential string decryption / allocating functions
Potential key logger detected (key state polling based)
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe ReversingLabs: Detection: 34%
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Virustotal: Detection: 16% Perma Link
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0040D0E8 FindFirstFileA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,FindNextFileA,FindClose, 0_2_0040D0E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_00405975 GetKeyState,MessageBoxA,GetKeyState,GetKeyState,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose, 0_2_00405975
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe, 00000000.00000002.3240966810.000000000043D000.00000004.00000001.01000000.00000003.sdmp String found in binary or memory: hovory.https://play.google.com/store/apps/details?id=com.kuma.smartnotifyhttp://playlist.yahoo.com/makeplaylist.dll?id=1369080&segment=149773W:http://www.ct24.cz/vysilani/?streamtype=WM2Registrujte si program i equals www.yahoo.com (Yahoo)
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: hovory.https://play.google.com/store/apps/details?id=com.kuma.smartnotifyhttp://playlist.yahoo.com/makeplaylist.dll?id=1369080&segment=149773W:http://www.ct24.cz/vysilani/?streamtype=WM2Registrujte si program iTV a z equals www.yahoo.com (Yahoo)
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://aktual.meteopress.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://aktual.meteopress.cz/http://itv.kuma.czhttp://www.kuma.cz/itv.htmSpust
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://bbcentertainment.com/europe/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://cinema.joj.sk/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://cinema.joj.sk/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=460alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://cinema.nova.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://cz.filmboxextra.pl/filmboxpremium
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://doma.markiza.sk/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://doma.markiza.sk/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=145alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://hororfilm.tv/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://hororfilm.tv/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=333alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://itv.kuma.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://itv.kuma.cz/clanek/ikona
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://itv.kuma.cz/clanek/ikonaOpravdu
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://max.iprima.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://max.iprima.czpersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=474alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://mtv.nova.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://mtv.nova.cz/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=149alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://ocko.tv
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://ocko.tvpersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=99alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://playlist.yahoo.com/makeplaylist.dll?id=1369080&segment=149773
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://plus.joj.sk/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://plus.joj.sk/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=107alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://telka.nova.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://telka.nova.cz/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=559alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://tn.nova.cz/sport/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://tn.nova.cz/sport/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=17alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://tv.eurosport.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://tv.eurosport.cz/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=16alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://tv.nova.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://tv.nova.cz/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=3alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.axn.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.axn.czpersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=9alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.barrandov.tv
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ceskatelevize.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ceskatelevize.cz/#vyber-ct-d
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ceskatelevize.cz/#vyber-ct-dpersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=94alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ceskatelevize.cz/ct1/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ceskatelevize.cz/ct1/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=1alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ceskatelevize.cz/ct2/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ceskatelevize.cz/ct2/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=2alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ceskatelevize.cz/ct24/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ceskatelevize.cz/ct24/programmeBlockChannel24Mark
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ceskatelevize.cz/ct3/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ceskatelevize.cz/ct3/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=804alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ceskatelevize.cz/ct4/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ceskatelevize.cz/ct4/programmeBlockChannel4Nova
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ceskatelevize.czNastavit
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.cinemaxtv.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.cnn.com/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.csfd.cz/hledat/?q=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.csfilm.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.csfilm.cz/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=15alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ct24.cz/vysilani/?streamtype=WM2
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.cz.jimjam.tv/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.disney.cz/DisneyChannel
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.disney.cz/DisneyChannelpersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=31alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.eurosport.com
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.extreme.com/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.extreme.com/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=85alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.filmplus.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.google.cz/#hl=cs&tbm=vid&q=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.google.cz/#hl=cs&tbm=vid&q=Nenalezena
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.hbo.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.hbo.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.hbo.cz/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=5alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.history.com/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.history.com/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=147alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.imdb.com/find?s=tt&q=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.imdb.com/find?s=tt&q=%s
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.iprima.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.iprima.czpersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=4alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.joj.sk/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.kuma.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.kuma.cz/download/iTV.exe
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.kuma.cz/download/iTV.exeStahuje
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.kuma.cz/download/streams.txt
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.kuma.cz/download/version.bin
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.kuma.cz/download/version.binseznam.cz%dNelze
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.kuma.cz/export/itv_%d.ics
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.kuma.cz/export/itv_%d.icsExport
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.kuma.cz/itv.htm
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.kuma.cz/itvreg.php?name=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.kuma.cz/itvreg.php?name=Vypl
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.kuma.cz/phpbb2/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.kuma.cz/phpbb2/Tisk
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.kuma.czP
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.markiza.sk
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.markiza.skpersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=495alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.mnam.tv/cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.mnam.tv/cz/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=423alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.nova.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.nova.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.nova.czpersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=494alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.o2.cz/sport/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.o2.cz/sport/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=530alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ocko.tv/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ocko.tv/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=19alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.prima-cool.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.prima-cool.czpersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=92alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.proglas.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.proglas.czHoror
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.retromusic.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.retromusic.czpersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=101alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.rozhlas.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.rozhlas.cz/jazz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.rozhlas.cz/jazzjazz/brief.jsonD-durd-dur/brief.jsonCS
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.rozhlas.czradiozurnal/brief.json
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.rtvs.sk
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.spektrumtv.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.spektrumtv.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.spektrumtv.cz/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=10alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.sport5.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.sport5.czpersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=91alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.stv.sk/dvojka/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.stv.sk/jednotka/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ta3.com
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ta3.com/live.html
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ta3.com/live.htmlHrajete
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.ta3.compersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=68alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.travelchanneltv.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.tvlux.sk
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.tvlux.skHistory
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.tvnoe.cz
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.tvpohoda.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.tvpohoda.cz/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=334alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.vh1.com
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.vh1.compersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=66alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.viasat.sk/cz/nature/about
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.viasat.sk/cz/nature/aboutpersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=62alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.yourdiscovery.com
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: http://www.yourdiscovery.compersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=12alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://croapi.cz/data/v2/schedule/day/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://krimi.iprima.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://play.google.com/store/apps/details?id=com.kuma.gallerywidget
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://play.google.com/store/apps/details?id=com.kuma.gallerywidgetNajde
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://play.google.com/store/apps/details?id=com.kuma.pullmeapp
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://play.google.com/store/apps/details?id=com.kuma.pullmeappKliknut
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://play.google.com/store/apps/details?id=com.kuma.smartnotify
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://play.google.com/store/apps/details?id=com.kuma.smartnotifyhttp://playlist.yahoo.com/makeplay
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://show.iprima.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://show.iprima.cz/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=923alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://star.iprima.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://tv.a11.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://warner-tv.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://www.barrandov.tv/news.html
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://www.barrandov.tv/news.htmlpersonalizace_tvprogram=tvProgramTyp=column&tvKanaly=468alt=
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://www.paramountnetwork.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://www.televizeseznam.cz/
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe String found in binary or memory: https://www.televizeseznam.cz/personalizace_tvprogram=tvProgramTyp=column&tvKanaly=606alt=
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0040EC3A OpenClipboard,EmptyClipboard,_strlen,GlobalAlloc,GlobalLock,_strlen,_strlen,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_0040EC3A
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0040EC3A OpenClipboard,EmptyClipboard,_strlen,GlobalAlloc,GlobalLock,_strlen,_strlen,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_0040EC3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0040EC3B OpenClipboard,EmptyClipboard,_strlen,GlobalAlloc,GlobalLock,_strlen,_strlen,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_0040EC3B
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042356E DefWindowProcA,_strlen,_strlen,_strlen,_strlen,_strlen,_memset,GetClientRect,SetWindowPos,SetWindowPos,SetWindowPos,PostQuitMessage,SetTimer,TrackMouseEvent,DefWindowProcA,GetWindowPlacement,_memcmp,GetWindowPlacement,_memcmp,ShowWindow,SendMessageA,KillTimer,GetCursorPos,_memset,_strlen,_strlen,_strlen,_malloc,_sprintf,GetClientRect,InvalidateRect,KillTimer,SendMessageA,KillTimer,_sprintf,_sprintf,_sprintf,_sprintf,_strcat,_strcat,PostMessageA,_memset,_strlen,_sprintf,ShowWindow,DefWindowProcA,GetKeyState,_strcat,_strcat,PostMessageA,_strcat,_strcat,_strcat,ShellExecuteA,_malloc,_memset,_malloc,MessageBoxA,PostMessageA,_malloc,_memset,_malloc,DestroyWindow,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,DefWindowProcA,SetForegroundWindow,GetKeyState,GetKeyState,GetKeyState,GetCursorPos,SetTimer,GetKeyState,GetKeyState,GetKeyState,GetKeyState,KillTimer,ShellExecuteA,KillTimer,GetMenuItemID,CheckMenuItem,FindWindowA,IsWindow,InvalidateRect,CheckMenuItem, 0_2_0042356E
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_00439081 0_2_00439081
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042A1B9 0_2_0042A1B9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0041047B 0_2_0041047B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042356E 0_2_0042356E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_004395C3 0_2_004395C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042A58D 0_2_0042A58D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0043B6C1 0_2_0043B6C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_00435714 0_2_00435714
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_00421854 0_2_00421854
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042F971 0_2_0042F971
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042A999 0_2_0042A999
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_00438B3F 0_2_00438B3F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042EC59 0_2_0042EC59
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_00429CE6 0_2_00429CE6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_00439C87 0_2_00439C87
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_00426D30 0_2_00426D30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0040BDE4 0_2_0040BDE4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042ADB9 0_2_0042ADB9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042BEF7 0_2_0042BEF7
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: String function: 00427D4F appears 32 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: String function: 0042772F appears 34 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: String function: 00426CCC appears 47 times
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe, 00000000.00000000.1995531126.00000000005EE000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameitv.exeP vs SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Binary or memory string: OriginalFilenameitv.exeP vs SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: mal48.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_004132EC CoCreateInstance, 0_2_004132EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0040299A FindResourceA,LoadResource,SizeofResource,_malloc,LockResource,FreeResource, 0_2_0040299A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Command line argument: TaskbarCreated 0_2_004255DB
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe ReversingLabs: Detection: 34%
Source: SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Virustotal: Detection: 16%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Section loaded: libeay32.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Section loaded: ssleay32.dll Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042580B IsProcessorFeaturePresent,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,InterlockedCompareExchange,GetProcessHeap,HeapFree, 0_2_0042580B
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_00432B33 push 33000001h; retf 0_2_00432B38
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_00432C35 push ebp; ret 0_2_00432C36
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_00426D11 push ecx; ret 0_2_00426D24
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_00427DEE push ecx; ret 0_2_00427E01
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0040D0E8 FindFirstFileA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,FindNextFileA,FindClose, 0_2_0040D0E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_00405975 GetKeyState,MessageBoxA,GetKeyState,GetKeyState,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose, 0_2_00405975
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_004286A8 VirtualQuery,GetSystemInfo,__invoke_watson,GetModuleHandleA,GetProcAddress,VirtualAlloc,VirtualProtect, 0_2_004286A8
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042D4F4 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_0042D4F4
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042580B IsProcessorFeaturePresent,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,InterlockedCompareExchange,GetProcessHeap,HeapFree, 0_2_0042580B
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042B4F5 GetStartupInfoA,GetProcessHeap,GetProcessHeap,HeapAlloc,_fast_error_exit,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,_fast_error_exit,_fast_error_exit,__RTC_Initialize,__ioinit,__amsg_exit,GetCommandLineA,___crtGetEnvironmentStringsA,__setargv,__amsg_exit,__setenvp,__amsg_exit,__cinit,__amsg_exit,__wincmdln, 0_2_0042B4F5
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_004381C9 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_004381C9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042D4F4 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_0042D4F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042E591 SetUnhandledExceptionFilter,__encode_pointer, 0_2_0042E591
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042E5B3 __decode_pointer,SetUnhandledExceptionFilter, 0_2_0042E5B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_00426F93 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00426F93
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_004356A7 cpuid 0_2_004356A7
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, 0_2_004330E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, 0_2_0043309C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: GetLocaleInfoA, 0_2_00434126
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: _LcidFromHexString,GetLocaleInfoA, 0_2_00434208
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen, 0_2_0043429E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: GetLocaleInfoA, 0_2_004382BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: _LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage, 0_2_00434310
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, 0_2_004344E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, 0_2_0043459F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s, 0_2_00434640
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, 0_2_00434604
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: GetThreadLocale,GetLocaleInfoA,GetACP, 0_2_00425691
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement, 0_2_0043373D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement, 0_2_0043398E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoA, 0_2_00436A5F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: GetLocaleInfoA,_xtoa_s@20, 0_2_00438AB3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,_malloc,GetLocaleInfoA,MultiByteToWideChar,__freea, 0_2_0043AB18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoW_stat, 0_2_0043AC53
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement, 0_2_00433C52
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA, 0_2_0043AC8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, 0_2_0043ADCB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_00435178 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, 0_2_00435178
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0041BBB7 SetDlgItemTextA,GetUserNameA,SetDlgItemTextA,SetDlgItemTextA,SetDlgItemTextA,SetDlgItemTextA,SendDlgItemMessageA,GetDlgItem,EnableWindow, 0_2_0041BBB7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0040187D _memset,GetTimeZoneInformation, 0_2_0040187D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe Code function: 0_2_0042B4F5 GetStartupInfoA,GetProcessHeap,GetProcessHeap,HeapAlloc,_fast_error_exit,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,_fast_error_exit,_fast_error_exit,__RTC_Initialize,__ioinit,__amsg_exit,GetCommandLineA,___crtGetEnvironmentStringsA,__setargv,__amsg_exit,__setenvp,__amsg_exit,__cinit,__amsg_exit,__wincmdln, 0_2_0042B4F5
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1438248 Sample: SecuriteInfo.com.Trojan-Dro... Startdate: 08/05/2024 Architecture: WINDOWS Score: 48 7 Multi AV Scanner detection for submitted file 2->7 5 SecuriteInfo.com.Trojan-Dropper.Agent.26581.21731.exe 2->5         started        process3
No contacted IP infos