Click to jump to signature section
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | ReversingLabs: Detection: 37% |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: DYNAMIC_BASE, NX_COMPAT |
Source: | Binary string: D:\perfecthook\ArcticTech\Release\ArcticTech.pdb source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | String found in binary or memory: http://scripts.sil.org/OFLMulishMediumWeightItalicRoman |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | String found in binary or memory: https://github.com/googlefonts/mulish)Mulish |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Binary or memory string: ...Slnt |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Binary or memory string: ...Slntcaught (...) exception |
Source: classification engine | Classification label: mal48.winDLL@12/0@0/0 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3220:120:WilError_03 |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Windows\System32\loaddll32.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll,__swprintf_l |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | ReversingLabs: Detection: 37% |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll" | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll",#1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll,__swprintf_l | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll",#1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll,__vswprintf_l | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll,_fprintf_l | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll",#1 | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll,__swprintf_l | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll,__vswprintf_l | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll,_fprintf_l | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll",#1 | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Section loaded: msvcp140.dll | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Section loaded: d3dx9_43.dll | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Automated click: OK |
Source: C:\Windows\SysWOW64\rundll32.exe | Automated click: OK |
Source: C:\Windows\SysWOW64\rundll32.exe | Automated click: OK |
Source: C:\Windows\SysWOW64\rundll32.exe | Automated click: OK |
Source: Window Recorder | Window detected: More than 3 window changes detected |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: More than 176 > 100 exports found |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static file information: File size 6404096 > 1048576 |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: Raw size of .text is bigger than: 0x100000 < 0x4e3c00 |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: DYNAMIC_BASE, NX_COMPAT |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: | Binary string: D:\perfecthook\ArcticTech\Release\ArcticTech.pdb source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\loaddll32.exe | Process queried: DebugPort | Jump to behavior |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Tedy.476018.8153.3189.dll",#1 | Jump to behavior |