Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
avx_Cracked.exe

Overview

General Information

Sample name:avx_Cracked.exe
Analysis ID:1442325
MD5:604f557a561320764432a9a0feab44c0
SHA1:66f3d11b2a7e5f08152db3090068ea1a5bfa7d65
SHA256:b33810de1ba7b0383c7d35006a1691a6c27480516d30bf2ec4cdd173171071a3
Tags:BlankGrabberexeThemida
Infos:

Detection

Mofksys
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Mofksys
Found potential dummy code loops (likely to delay analysis)
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to detect virtual machines (SGDT)
Detected potential crypto function
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • avx_Cracked.exe (PID: 7152 cmdline: "C:\Users\user\Desktop\avx_Cracked.exe" MD5: 604F557A561320764432A9A0FEAB44C0)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000000.00000003.2044535691.0000000004100000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
    00000000.00000002.3234822215.0000000000401000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_MofksysYara detected MofksysJoe Security
      Process Memory Space: avx_Cracked.exe PID: 7152JoeSecurity_MofksysYara detected MofksysJoe Security
        SourceRuleDescriptionAuthorStrings
        0.2.avx_Cracked.exe.400000.0.unpackJoeSecurity_MofksysYara detected MofksysJoe Security
          No Sigma rule has matched
          No Snort rule has matched

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: avx_Cracked.exeAvira: detected
          Source: avx_Cracked.exeReversingLabs: Detection: 57%
          Source: avx_Cracked.exeJoe Sandbox ML: detected
          Source: avx_Cracked.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

          Spreading

          barindex
          Source: Yara matchFile source: 0.2.avx_Cracked.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000003.2044535691.0000000004100000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.3234822215.0000000000401000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: avx_Cracked.exe PID: 7152, type: MEMORYSTR

          System Summary

          barindex
          Source: avx_Cracked.exeStatic PE information: section name:
          Source: avx_Cracked.exeStatic PE information: section name:
          Source: avx_Cracked.exeStatic PE information: section name:
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042805B0_2_0042805B
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042606B0_2_0042606B
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B0_2_0063E05B
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004220000_2_00422000
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004260070_2_00426007
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042200A0_2_0042200A
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_006340280_2_00634028
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042200F0_2_0042200F
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004220140_2_00422014
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004260190_2_00426019
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004220230_2_00422023
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_006380090_2_00638009
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_006420150_2_00642015
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_006160150_2_00616015
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0064601C0_2_0064601C
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004271710_2_00427171
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042B2460_2_0042B246
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004222690_2_00422269
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042527B0_2_0042527B
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042221E0_2_0042221E
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042F2260_2_0042F226
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004222250_2_00422225
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004252C70_2_004252C7
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004252CC0_2_004252CC
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004252D10_2_004252D1
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063A2CA0_2_0063A2CA
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042E2F70_2_0042E2F7
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004222840_2_00422284
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004262880_2_00426288
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004222890_2_00422289
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042234C0_2_0042234C
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004223510_2_00422351
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004243590_2_00424359
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042337B0_2_0042337B
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004223C40_2_004223C4
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004223CE0_2_004223CE
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004223D30_2_004223D3
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004293D30_2_004293D3
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004253F80_2_004253F8
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004254430_2_00425443
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004254480_2_00425448
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004254520_2_00425452
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004284520_2_00428452
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004254570_2_00425457
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042545C0_2_0042545C
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004254610_2_00425461
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004264220_2_00426422
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004264270_2_00426427
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004264310_2_00426431
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004284350_2_00428435
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004254EA0_2_004254EA
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042457F0_2_0042457F
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042A5020_2_0042A502
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042951C0_2_0042951C
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004295310_2_00429531
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004245890_2_00424589
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004306430_2_00430643
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004306550_2_00430655
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0043065A0_2_0043065A
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0043065F0_2_0043065F
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004306640_2_00430664
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004306690_2_00430669
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0043066E0_2_0043066E
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004306730_2_00430673
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004296CB0_2_004296CB
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004306CD0_2_004306CD
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004296D00_2_004296D0
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004286E60_2_004286E6
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004246BA0_2_004246BA
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004246BF0_2_004246BF
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004306BE0_2_004306BE
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004307400_2_00430740
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042475F0_2_0042475F
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0043075E0_2_0043075E
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004307630_2_00430763
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004247690_2_00424769
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004307680_2_00430768
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042476E0_2_0042476E
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0043076D0_2_0043076D
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004307720_2_00430772
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004247780_2_00424778
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042477D0_2_0042477D
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042B7CF0_2_0042B7CF
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0043078B0_2_0043078B
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004307900_2_00430790
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042A7AB0_2_0042A7AB
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042A7BA0_2_0042A7BA
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004228540_2_00422854
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004308760_2_00430876
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004228750_2_00422875
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0043087B0_2_0043087B
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042F8300_2_0042F830
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004278C90_2_004278C9
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004308F80_2_004308F8
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004308800_2_00430880
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004308850_2_00430885
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0043088A0_2_0043088A
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0043088F0_2_0043088F
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004308990_2_00430899
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0043089E0_2_0043089E
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004308A30_2_004308A3
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004268A00_2_004268A0
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004228AC0_2_004228AC
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004238B30_2_004238B3
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004308BC0_2_004308BC
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004249520_2_00424952
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004309020_2_00430902
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0043092F0_2_0043092F
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004259F90_2_004259F9
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004309840_2_00430984
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_004309890_2_00430989
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A440_2_00425A44
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A4E0_2_00425A4E
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430A6F0_2_00430A6F
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430A740_2_00430A74
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430A790_2_00430A79
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430A7E0_2_00430A7E
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A0D0_2_00425A0D
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A120_2_00425A12
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A170_2_00425A17
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A210_2_00425A21
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A260_2_00425A26
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A2B0_2_00425A2B
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A300_2_00425A30
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A350_2_00425A35
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A3A0_2_00425A3A
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425AC10_2_00425AC1
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00611AEB0_2_00611AEB
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0060BACB0_2_0060BACB
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430A830_2_00430A83
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A850_2_00425A85
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A8F0_2_00425A8F
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430A8D0_2_00430A8D
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0060DAAF0_2_0060DAAF
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00428A8D0_2_00428A8D
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430A920_2_00430A92
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430A970_2_00430A97
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A940_2_00425A94
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A990_2_00425A99
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425A9E0_2_00425A9E
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430A9C0_2_00430A9C
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425AA30_2_00425AA3
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430AA10_2_00430AA1
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430AA60_2_00430AA6
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425AAD0_2_00425AAD
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425AB20_2_00425AB2
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430AB00_2_00430AB0
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430AB50_2_00430AB5
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425ABC0_2_00425ABC
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042DB7A0_2_0042DB7A
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430B0A0_2_00430B0A
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00429B320_2_00429B32
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425B870_2_00425B87
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00605BA70_2_00605BA7
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042DB850_2_0042DB85
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_005EDB860_2_005EDB86
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425B980_2_00425B98
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042FBBE0_2_0042FBBE
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00609C670_2_00609C67
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00412C100_2_00412C10
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042CCC20_2_0042CCC2
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00426CC00_2_00426CC0
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00424CC70_2_00424CC7
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425CC40_2_00425CC4
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425CC90_2_00425CC9
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00426CC90_2_00426CC9
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425CCE0_2_00425CCE
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00426CCE0_2_00426CCE
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00424CD20_2_00424CD2
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425CE30_2_00425CE3
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00422CF70_2_00422CF7
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00427CF80_2_00427CF8
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00422CFC0_2_00422CFC
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430C950_2_00430C95
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425CBF0_2_00425CBF
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425D460_2_00425D46
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425D4B0_2_00425D4B
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00422D010_2_00422D01
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00422D0B0_2_00422D0B
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423DC30_2_00423DC3
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423DC80_2_00423DC8
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423DCD0_2_00423DCD
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423DD70_2_00423DD7
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423DDC0_2_00423DDC
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423D9F0_2_00423D9F
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423DBE0_2_00423DBE
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425DBC0_2_00425DBC
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_005E3E440_2_005E3E44
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423E5E0_2_00423E5E
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423E630_2_00423E63
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423E6D0_2_00423E6D
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423E720_2_00423E72
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00430E0A0_2_00430E0A
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425E0E0_2_00425E0E
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423E180_2_00423E18
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042EE270_2_0042EE27
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00435EC90_2_00435EC9
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423EEB0_2_00423EEB
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042DEEE0_2_0042DEEE
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423E860_2_00423E86
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00429E8E0_2_00429E8E
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423E900_2_00423E90
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423E950_2_00423E95
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00429EBC0_2_00429EBC
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00431F7D0_2_00431F7D
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0042AF080_2_0042AF08
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00422F3B0_2_00422F3B
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423FC10_2_00423FC1
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423FC60_2_00423FC6
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423FCB0_2_00423FCB
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00621FF00_2_00621FF0
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00617FF30_2_00617FF3
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063BFD00_2_0063BFD0
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0062DFD60_2_0062DFD6
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425F8B0_2_00425F8B
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423F940_2_00423F94
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00425F9D0_2_00425F9D
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423FA60_2_00423FA6
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423FAD0_2_00423FAD
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00423FB70_2_00423FB7
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00625F980_2_00625F98
          Source: avx_Cracked.exeBinary or memory string: OriginalFilename vs avx_Cracked.exe
          Source: avx_Cracked.exe, 00000000.00000003.2044556388.0000000003130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTJprojMain.exe<?xml version="1.0" encoding="UTF-8" standalone="yes"?> vs avx_Cracked.exe
          Source: avx_Cracked.exe, 00000000.00000000.1972179599.0000000000420000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTJprojMain.exe vs avx_Cracked.exe
          Source: avx_Cracked.exeBinary or memory string: OriginalFilenameTJprojMain.exe vs avx_Cracked.exe
          Source: avx_Cracked.exeBinary or memory string: OriginalFilenamedjoin.exej% vs avx_Cracked.exe
          Source: avx_Cracked.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: avx_Cracked.exe, avx_Cracked.exe, 00000000.00000003.2044535691.0000000004100000.00000004.00001000.00020000.00000000.sdmp, avx_Cracked.exe, 00000000.00000002.3234822215.0000000000401000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: A*\AF:\RFD\xNewCode\xNewPro\xT\trjFN\Project1.vbp
          Source: classification engineClassification label: mal96.spre.evad.winEXE@1/1@0/0
          Source: C:\Users\user\Desktop\avx_Cracked.exeMutant created: NULL
          Source: C:\Users\user\Desktop\avx_Cracked.exeFile created: C:\Users\user\AppData\Local\Temp\~DF2F626955114B1B31.TMPJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: avx_Cracked.exeReversingLabs: Detection: 57%
          Source: C:\Users\user\Desktop\avx_Cracked.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeSection loaded: msvbvm60.dllJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeSection loaded: asycfilt.dllJump to behavior
          Source: avx_Cracked.exeStatic file information: File size 11622687 > 1048576
          Source: avx_Cracked.exeStatic PE information: Raw size of .boot is bigger than: 0x100000 < 0x2d8000
          Source: initial sampleStatic PE information: section where entry point is pointing to: .boot
          Source: avx_Cracked.exeStatic PE information: section name:
          Source: avx_Cracked.exeStatic PE information: section name:
          Source: avx_Cracked.exeStatic PE information: section name:
          Source: avx_Cracked.exeStatic PE information: section name: .themida
          Source: avx_Cracked.exeStatic PE information: section name: .boot
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0069406D push edx; mov dword ptr [esp], 301B8BBEh0_2_00693FE8
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_007CB072 push ebx; mov dword ptr [esp], edi0_2_007CB0E4
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00705062 push ebp; mov dword ptr [esp], ecx0_2_007050B9
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_006A5079 push esi; mov dword ptr [esp], 661593D7h0_2_006A50AD
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0071D055 push 791EA119h; mov dword ptr [esp], ebp0_2_0071D07D
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0071D055 push edx; mov dword ptr [esp], ebx0_2_0071D084
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_006E5044 push ecx; mov dword ptr [esp], ebx0_2_006E5061
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_006E5044 push eax; mov dword ptr [esp], edi0_2_006E5079
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0080D0AA push ebp; mov dword ptr [esp], 4BC5E4A1h0_2_0080D0FF
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0080D0AA push 6BF1BD9Fh; mov dword ptr [esp], ecx0_2_0080D16C
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_007AA051 push ebp; mov dword ptr [esp], ebx0_2_007AA04B
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00640057 push 73405F31h; mov dword ptr [esp], eax0_2_00640079
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00640057 push edi; mov dword ptr [esp], 4780CE92h0_2_00640092
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00645052 push 20098EBFh; mov dword ptr [esp], edx0_2_0064507B
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00645052 push esi; mov dword ptr [esp], 679AAD0Dh0_2_006450EB
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push 1040B19Bh; mov dword ptr [esp], edi0_2_0063E081
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push ebx; mov dword ptr [esp], 421DB3B1h0_2_0063E0F7
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push 4E0AC9D8h; mov dword ptr [esp], ebx0_2_0063E12B
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push ecx; mov dword ptr [esp], ebp0_2_0063E159
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push ebp; mov dword ptr [esp], 7EEA6082h0_2_0063E211
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push eax; mov dword ptr [esp], 00000000h0_2_0063E223
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push 76C4083Fh; mov dword ptr [esp], edx0_2_0063E289
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push 025BF787h; mov dword ptr [esp], ebp0_2_0063E29F
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push eax; mov dword ptr [esp], ebp0_2_0063E2B5
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push esi; mov dword ptr [esp], 00000010h0_2_0063E310
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push 43806AB8h; mov dword ptr [esp], eax0_2_0063E377
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push ebp; mov dword ptr [esp], esi0_2_0063E464
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push 5ADBEC0Ah; mov dword ptr [esp], eax0_2_0063E47F
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push edx; mov dword ptr [esp], eax0_2_0063E4DA
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push edx; mov dword ptr [esp], ecx0_2_0063E50F
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_0063E05B push edi; mov dword ptr [esp], ebp0_2_0063E528
          Source: avx_Cracked.exeStatic PE information: section name: entropy: 7.933615943763996

          Boot Survival

          barindex
          Source: C:\Users\user\Desktop\avx_Cracked.exeWindow searched: window name: RegmonClassJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

          Malware Analysis System Evasion

          barindex
          Source: C:\Users\user\Desktop\avx_Cracked.exeSystem information queried: FirmwareTableInformationJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeCode function: 0_2_00403A5C sgdt fword ptr [eax]0_2_00403A5C
          Source: C:\Users\user\Desktop\avx_Cracked.exeWindow / User API: threadDelayed 3183Jump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeWindow / User API: threadDelayed 6703Jump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exe TID: 7156Thread sleep count: 3183 > 30Jump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exe TID: 7156Thread sleep time: -159150s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exe TID: 7156Thread sleep count: 6703 > 30Jump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exe TID: 7156Thread sleep time: -335150s >= -30000sJump to behavior
          Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
          Source: C:\Users\user\Desktop\avx_Cracked.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\avx_Cracked.exeLast function: Thread delayed
          Source: avx_Cracked.exe, 00000000.00000002.3236817423.0000000004000000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
          Source: avx_Cracked.exe, 00000000.00000002.3236499019.0000000000D2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__#
          Source: avx_Cracked.exe, 00000000.00000002.3234669482.000000000009C000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__em00024
          Source: C:\Users\user\Desktop\avx_Cracked.exeSystem information queried: ModuleInformationJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeProcess information queried: ProcessInformationJump to behavior

          Anti Debugging

          barindex
          Source: C:\Users\user\Desktop\avx_Cracked.exeProcess Stats: CPU usage > 42% for more than 60s
          Source: C:\Users\user\Desktop\avx_Cracked.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeOpen window title or class name: regmonclass
          Source: C:\Users\user\Desktop\avx_Cracked.exeOpen window title or class name: gbdyllo
          Source: C:\Users\user\Desktop\avx_Cracked.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
          Source: C:\Users\user\Desktop\avx_Cracked.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
          Source: C:\Users\user\Desktop\avx_Cracked.exeOpen window title or class name: procmon_window_class
          Source: C:\Users\user\Desktop\avx_Cracked.exeOpen window title or class name: ollydbg
          Source: C:\Users\user\Desktop\avx_Cracked.exeOpen window title or class name: filemonclass
          Source: C:\Users\user\Desktop\avx_Cracked.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
          Source: C:\Users\user\Desktop\avx_Cracked.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeProcess queried: DebugObjectHandleJump to behavior
          Source: C:\Users\user\Desktop\avx_Cracked.exeProcess queried: DebugPortJump to behavior
          Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading
          1
          DLL Side-Loading
          441
          Virtualization/Sandbox Evasion
          OS Credential Dumping621
          Security Software Discovery
          Remote Services1
          Archive Collected Data
          1
          Encrypted Channel
          Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Software Packing
          LSASS Memory441
          Virtualization/Sandbox Evasion
          Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)