Windows Analysis Report
avx_Cracked.exe

Overview

General Information

Sample name: avx_Cracked.exe
Analysis ID: 1442325
MD5: 604f557a561320764432a9a0feab44c0
SHA1: 66f3d11b2a7e5f08152db3090068ea1a5bfa7d65
SHA256: b33810de1ba7b0383c7d35006a1691a6c27480516d30bf2ec4cdd173171071a3
Tags: BlankGrabberexeThemida
Infos:

Detection

Mofksys
Score: 96
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Mofksys
Found potential dummy code loops (likely to delay analysis)
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to detect virtual machines (SGDT)
Detected potential crypto function
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection

barindex
Source: avx_Cracked.exe Avira: detected
Source: avx_Cracked.exe ReversingLabs: Detection: 57%
Source: avx_Cracked.exe Joe Sandbox ML: detected
Source: avx_Cracked.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Spreading

barindex
Source: Yara match File source: 0.2.avx_Cracked.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000003.2044535691.0000000004100000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.3234822215.0000000000401000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: avx_Cracked.exe PID: 7152, type: MEMORYSTR

System Summary

barindex
Source: avx_Cracked.exe Static PE information: section name:
Source: avx_Cracked.exe Static PE information: section name:
Source: avx_Cracked.exe Static PE information: section name:
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042805B 0_2_0042805B
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042606B 0_2_0042606B
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B 0_2_0063E05B
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00422000 0_2_00422000
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00426007 0_2_00426007
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042200A 0_2_0042200A
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00634028 0_2_00634028
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042200F 0_2_0042200F
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00422014 0_2_00422014
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00426019 0_2_00426019
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00422023 0_2_00422023
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00638009 0_2_00638009
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00642015 0_2_00642015
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00616015 0_2_00616015
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0064601C 0_2_0064601C
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00427171 0_2_00427171
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042B246 0_2_0042B246
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00422269 0_2_00422269
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042527B 0_2_0042527B
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042221E 0_2_0042221E
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042F226 0_2_0042F226
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00422225 0_2_00422225
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004252C7 0_2_004252C7
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004252CC 0_2_004252CC
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004252D1 0_2_004252D1
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063A2CA 0_2_0063A2CA
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042E2F7 0_2_0042E2F7
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00422284 0_2_00422284
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00426288 0_2_00426288
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00422289 0_2_00422289
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042234C 0_2_0042234C
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00422351 0_2_00422351
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00424359 0_2_00424359
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042337B 0_2_0042337B
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004223C4 0_2_004223C4
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004223CE 0_2_004223CE
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004223D3 0_2_004223D3
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004293D3 0_2_004293D3
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004253F8 0_2_004253F8
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425443 0_2_00425443
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425448 0_2_00425448
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425452 0_2_00425452
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00428452 0_2_00428452
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425457 0_2_00425457
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042545C 0_2_0042545C
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425461 0_2_00425461
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00426422 0_2_00426422
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00426427 0_2_00426427
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00426431 0_2_00426431
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00428435 0_2_00428435
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004254EA 0_2_004254EA
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042457F 0_2_0042457F
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042A502 0_2_0042A502
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042951C 0_2_0042951C
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00429531 0_2_00429531
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00424589 0_2_00424589
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430643 0_2_00430643
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430655 0_2_00430655
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0043065A 0_2_0043065A
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0043065F 0_2_0043065F
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430664 0_2_00430664
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430669 0_2_00430669
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0043066E 0_2_0043066E
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430673 0_2_00430673
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004296CB 0_2_004296CB
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004306CD 0_2_004306CD
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004296D0 0_2_004296D0
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004286E6 0_2_004286E6
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004246BA 0_2_004246BA
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004246BF 0_2_004246BF
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004306BE 0_2_004306BE
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430740 0_2_00430740
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042475F 0_2_0042475F
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0043075E 0_2_0043075E
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430763 0_2_00430763
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00424769 0_2_00424769
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430768 0_2_00430768
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042476E 0_2_0042476E
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0043076D 0_2_0043076D
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430772 0_2_00430772
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00424778 0_2_00424778
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042477D 0_2_0042477D
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042B7CF 0_2_0042B7CF
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0043078B 0_2_0043078B
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430790 0_2_00430790
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042A7AB 0_2_0042A7AB
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042A7BA 0_2_0042A7BA
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00422854 0_2_00422854
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430876 0_2_00430876
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00422875 0_2_00422875
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0043087B 0_2_0043087B
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042F830 0_2_0042F830
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004278C9 0_2_004278C9
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004308F8 0_2_004308F8
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430880 0_2_00430880
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430885 0_2_00430885
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0043088A 0_2_0043088A
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0043088F 0_2_0043088F
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430899 0_2_00430899
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0043089E 0_2_0043089E
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004308A3 0_2_004308A3
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004268A0 0_2_004268A0
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004228AC 0_2_004228AC
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004238B3 0_2_004238B3
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004308BC 0_2_004308BC
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00424952 0_2_00424952
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430902 0_2_00430902
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0043092F 0_2_0043092F
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_004259F9 0_2_004259F9
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430984 0_2_00430984
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430989 0_2_00430989
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A44 0_2_00425A44
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A4E 0_2_00425A4E
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430A6F 0_2_00430A6F
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430A74 0_2_00430A74
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430A79 0_2_00430A79
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430A7E 0_2_00430A7E
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A0D 0_2_00425A0D
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A12 0_2_00425A12
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A17 0_2_00425A17
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A21 0_2_00425A21
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A26 0_2_00425A26
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A2B 0_2_00425A2B
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A30 0_2_00425A30
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A35 0_2_00425A35
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A3A 0_2_00425A3A
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425AC1 0_2_00425AC1
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00611AEB 0_2_00611AEB
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0060BACB 0_2_0060BACB
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430A83 0_2_00430A83
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A85 0_2_00425A85
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A8F 0_2_00425A8F
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430A8D 0_2_00430A8D
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0060DAAF 0_2_0060DAAF
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00428A8D 0_2_00428A8D
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430A92 0_2_00430A92
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430A97 0_2_00430A97
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A94 0_2_00425A94
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A99 0_2_00425A99
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425A9E 0_2_00425A9E
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430A9C 0_2_00430A9C
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425AA3 0_2_00425AA3
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430AA1 0_2_00430AA1
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430AA6 0_2_00430AA6
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425AAD 0_2_00425AAD
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425AB2 0_2_00425AB2
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430AB0 0_2_00430AB0
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430AB5 0_2_00430AB5
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425ABC 0_2_00425ABC
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042DB7A 0_2_0042DB7A
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430B0A 0_2_00430B0A
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00429B32 0_2_00429B32
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425B87 0_2_00425B87
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00605BA7 0_2_00605BA7
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042DB85 0_2_0042DB85
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_005EDB86 0_2_005EDB86
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425B98 0_2_00425B98
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042FBBE 0_2_0042FBBE
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00609C67 0_2_00609C67
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00412C10 0_2_00412C10
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042CCC2 0_2_0042CCC2
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00426CC0 0_2_00426CC0
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00424CC7 0_2_00424CC7
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425CC4 0_2_00425CC4
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425CC9 0_2_00425CC9
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00426CC9 0_2_00426CC9
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425CCE 0_2_00425CCE
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00426CCE 0_2_00426CCE
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00424CD2 0_2_00424CD2
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425CE3 0_2_00425CE3
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00422CF7 0_2_00422CF7
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00427CF8 0_2_00427CF8
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00422CFC 0_2_00422CFC
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430C95 0_2_00430C95
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425CBF 0_2_00425CBF
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425D46 0_2_00425D46
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425D4B 0_2_00425D4B
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00422D01 0_2_00422D01
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00422D0B 0_2_00422D0B
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423DC3 0_2_00423DC3
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423DC8 0_2_00423DC8
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423DCD 0_2_00423DCD
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423DD7 0_2_00423DD7
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423DDC 0_2_00423DDC
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423D9F 0_2_00423D9F
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423DBE 0_2_00423DBE
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425DBC 0_2_00425DBC
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_005E3E44 0_2_005E3E44
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423E5E 0_2_00423E5E
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423E63 0_2_00423E63
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423E6D 0_2_00423E6D
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423E72 0_2_00423E72
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00430E0A 0_2_00430E0A
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425E0E 0_2_00425E0E
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423E18 0_2_00423E18
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042EE27 0_2_0042EE27
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00435EC9 0_2_00435EC9
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423EEB 0_2_00423EEB
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042DEEE 0_2_0042DEEE
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423E86 0_2_00423E86
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00429E8E 0_2_00429E8E
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423E90 0_2_00423E90
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423E95 0_2_00423E95
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00429EBC 0_2_00429EBC
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00431F7D 0_2_00431F7D
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0042AF08 0_2_0042AF08
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00422F3B 0_2_00422F3B
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423FC1 0_2_00423FC1
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423FC6 0_2_00423FC6
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423FCB 0_2_00423FCB
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00621FF0 0_2_00621FF0
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00617FF3 0_2_00617FF3
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063BFD0 0_2_0063BFD0
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0062DFD6 0_2_0062DFD6
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425F8B 0_2_00425F8B
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423F94 0_2_00423F94
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00425F9D 0_2_00425F9D
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423FA6 0_2_00423FA6
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423FAD 0_2_00423FAD
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00423FB7 0_2_00423FB7
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00625F98 0_2_00625F98
Source: avx_Cracked.exe Binary or memory string: OriginalFilename vs avx_Cracked.exe
Source: avx_Cracked.exe, 00000000.00000003.2044556388.0000000003130000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameTJprojMain.exe<?xml version="1.0" encoding="UTF-8" standalone="yes"?> vs avx_Cracked.exe
Source: avx_Cracked.exe, 00000000.00000000.1972179599.0000000000420000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameTJprojMain.exe vs avx_Cracked.exe
Source: avx_Cracked.exe Binary or memory string: OriginalFilenameTJprojMain.exe vs avx_Cracked.exe
Source: avx_Cracked.exe Binary or memory string: OriginalFilenamedjoin.exej% vs avx_Cracked.exe
Source: avx_Cracked.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: avx_Cracked.exe, avx_Cracked.exe, 00000000.00000003.2044535691.0000000004100000.00000004.00001000.00020000.00000000.sdmp, avx_Cracked.exe, 00000000.00000002.3234822215.0000000000401000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: A*\AF:\RFD\xNewCode\xNewPro\xT\trjFN\Project1.vbp
Source: classification engine Classification label: mal96.spre.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\avx_Cracked.exe Mutant created: NULL
Source: C:\Users\user\Desktop\avx_Cracked.exe File created: C:\Users\user\AppData\Local\Temp\~DF2F626955114B1B31.TMP Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: avx_Cracked.exe ReversingLabs: Detection: 57%
Source: C:\Users\user\Desktop\avx_Cracked.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Section loaded: msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Section loaded: asycfilt.dll Jump to behavior
Source: avx_Cracked.exe Static file information: File size 11622687 > 1048576
Source: avx_Cracked.exe Static PE information: Raw size of .boot is bigger than: 0x100000 < 0x2d8000
Source: initial sample Static PE information: section where entry point is pointing to: .boot
Source: avx_Cracked.exe Static PE information: section name:
Source: avx_Cracked.exe Static PE information: section name:
Source: avx_Cracked.exe Static PE information: section name:
Source: avx_Cracked.exe Static PE information: section name: .themida
Source: avx_Cracked.exe Static PE information: section name: .boot
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0069406D push edx; mov dword ptr [esp], 301B8BBEh 0_2_00693FE8
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_007CB072 push ebx; mov dword ptr [esp], edi 0_2_007CB0E4
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00705062 push ebp; mov dword ptr [esp], ecx 0_2_007050B9
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_006A5079 push esi; mov dword ptr [esp], 661593D7h 0_2_006A50AD
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0071D055 push 791EA119h; mov dword ptr [esp], ebp 0_2_0071D07D
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0071D055 push edx; mov dword ptr [esp], ebx 0_2_0071D084
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_006E5044 push ecx; mov dword ptr [esp], ebx 0_2_006E5061
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_006E5044 push eax; mov dword ptr [esp], edi 0_2_006E5079
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0080D0AA push ebp; mov dword ptr [esp], 4BC5E4A1h 0_2_0080D0FF
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0080D0AA push 6BF1BD9Fh; mov dword ptr [esp], ecx 0_2_0080D16C
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_007AA051 push ebp; mov dword ptr [esp], ebx 0_2_007AA04B
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00640057 push 73405F31h; mov dword ptr [esp], eax 0_2_00640079
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00640057 push edi; mov dword ptr [esp], 4780CE92h 0_2_00640092
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00645052 push 20098EBFh; mov dword ptr [esp], edx 0_2_0064507B
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00645052 push esi; mov dword ptr [esp], 679AAD0Dh 0_2_006450EB
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push 1040B19Bh; mov dword ptr [esp], edi 0_2_0063E081
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push ebx; mov dword ptr [esp], 421DB3B1h 0_2_0063E0F7
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push 4E0AC9D8h; mov dword ptr [esp], ebx 0_2_0063E12B
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push ecx; mov dword ptr [esp], ebp 0_2_0063E159
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push ebp; mov dword ptr [esp], 7EEA6082h 0_2_0063E211
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push eax; mov dword ptr [esp], 00000000h 0_2_0063E223
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push 76C4083Fh; mov dword ptr [esp], edx 0_2_0063E289
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push 025BF787h; mov dword ptr [esp], ebp 0_2_0063E29F
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push eax; mov dword ptr [esp], ebp 0_2_0063E2B5
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push esi; mov dword ptr [esp], 00000010h 0_2_0063E310
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push 43806AB8h; mov dword ptr [esp], eax 0_2_0063E377
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push ebp; mov dword ptr [esp], esi 0_2_0063E464
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push 5ADBEC0Ah; mov dword ptr [esp], eax 0_2_0063E47F
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push edx; mov dword ptr [esp], eax 0_2_0063E4DA
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push edx; mov dword ptr [esp], ecx 0_2_0063E50F
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_0063E05B push edi; mov dword ptr [esp], ebp 0_2_0063E528
Source: avx_Cracked.exe Static PE information: section name: entropy: 7.933615943763996

Boot Survival

barindex
Source: C:\Users\user\Desktop\avx_Cracked.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\avx_Cracked.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Code function: 0_2_00403A5C sgdt fword ptr [eax] 0_2_00403A5C
Source: C:\Users\user\Desktop\avx_Cracked.exe Window / User API: threadDelayed 3183 Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Window / User API: threadDelayed 6703 Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe TID: 7156 Thread sleep count: 3183 > 30 Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe TID: 7156 Thread sleep time: -159150s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe TID: 7156 Thread sleep count: 6703 > 30 Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe TID: 7156 Thread sleep time: -335150s >= -30000s Jump to behavior
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\avx_Cracked.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\avx_Cracked.exe Last function: Thread delayed
Source: avx_Cracked.exe, 00000000.00000002.3236817423.0000000004000000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: avx_Cracked.exe, 00000000.00000002.3236499019.0000000000D2C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__#
Source: avx_Cracked.exe, 00000000.00000002.3234669482.000000000009C000.00000004.00000010.00020000.00000000.sdmp Binary or memory string: \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__em00024
Source: C:\Users\user\Desktop\avx_Cracked.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\avx_Cracked.exe Process Stats: CPU usage > 42% for more than 60s
Source: C:\Users\user\Desktop\avx_Cracked.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\avx_Cracked.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\avx_Cracked.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\avx_Cracked.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\avx_Cracked.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\avx_Cracked.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\avx_Cracked.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\avx_Cracked.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\avx_Cracked.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Process queried: DebugObjectHandle Jump to behavior
Source: C:\Users\user\Desktop\avx_Cracked.exe Process queried: DebugPort Jump to behavior
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected