Windows Analysis Report
SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe

Overview

General Information

Sample name: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe
Analysis ID: 1665804
MD5: 2191df558e41b894bb7de46b73d22b04
SHA1: 517965b53c86831cd88dad1c63653e347e442f53
SHA256: 40f5ae4aaa26d50dd35cbb46a252ab16314af9c0957d8ac7ca62c2f8a6497c0a
Tags: exeuser-SecuriteInfoCom
Infos:

Detection

Score: 56
Range: 0 - 100
Confidence: 100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Yara detected Keylogger Generic

Classification

AV Detection
barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\Desktop\Overlunky.exe ReversingLabs: Detection: 22%
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe ReversingLabs: Detection: 22%
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Virustotal: Detection: 22% Perma Link
Source: unknown HTTPS traffic detected: 140.82.112.4:443 -> 192.168.2.4:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49712 version: TLS 1.2
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D421E0 ?fail@ios_base@std@@QEBA_NXZ,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,CloseHandle,CloseHandle,abort, 0_2_00007FF6A5D421E0
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 140.82.112.4 140.82.112.4
Source: Joe Sandbox View IP Address: 185.199.108.133 185.199.108.133
Source: Joe Sandbox View IP Address: 185.199.108.133 185.199.108.133
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D136D0 InternetGetConnectedState,InternetOpenA,lstrlenA,InternetOpenUrlA,remove,rename,__acrt_iob_func,fflush,__acrt_iob_func,fflush,fopen_s,InternetCloseHandle,__acrt_iob_func,fflush,__acrt_iob_func,__acrt_iob_func,fflush,__acrt_iob_func,__acrt_iob_func,fflush,__acrt_iob_func,InternetCloseHandle,__acrt_iob_func,fflush,__acrt_iob_func,fflush,HttpQueryInfoA,InternetReadFile,fwrite,InternetReadFile,fwrite,fflush,fclose,InternetCloseHandle,fclose,InternetCloseHandle,__acrt_iob_func,fflush,__acrt_iob_func, 0_2_00007FF6A5D136D0
Source: global traffic HTTP traffic detected: GET /spelunky-fyi/overlunky/releases/download/whip/Overlunky.dll HTTP/1.1Accept: */*User-Agent: Overlunky UpdaterHost: github.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /github-production-release-asset-2e65be/311203851/4c20cd6b-9a4f-404f-ade4-198a3c7ba37e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250415%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250415T191913Z&X-Amz-Expires=300&X-Amz-Signature=68173c69b20cb01feb7ec9c1f6df168b384c29de5975c18bacffbf8bccc4a058&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DOverlunky.dll&response-content-type=application%2Foctet-stream HTTP/1.1Accept: */*User-Agent: Overlunky UpdaterCache-Control: no-cacheHost: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /spelunky-fyi/overlunky/releases/download/whip/Overlunky.exe HTTP/1.1Accept: */*User-Agent: Overlunky UpdaterHost: github.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /github-production-release-asset-2e65be/311203851/d7b11efa-8940-401f-808f-e581f33bea1b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250415%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250415T191924Z&X-Amz-Expires=300&X-Amz-Signature=cdcc470fcb3f80e87f9edeefb924c29916eb519192931a5838d21c72df5391b9&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DOverlunky.exe&response-content-type=application%2Foctet-stream HTTP/1.1Accept: */*User-Agent: Overlunky UpdaterCache-Control: no-cacheHost: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic DNS traffic detected: DNS query: github.com
Source: global traffic DNS traffic detected: DNS query: objects.githubusercontent.com
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3628948650.00007FFC9B62F000.00000002.00000001.01000000.00000009.sdmp, Overlunky.dll.0.dr String found in binary or memory: http://github.com/kikito/inspect.lua
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3628948650.00007FFC9B62F000.00000002.00000001.01000000.00000009.sdmp, Overlunky.dll.0.dr String found in binary or memory: http://scripts.sil.org/cms/scripts/page.php?site_id=nrsi&id=iws-appendixa
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3628948650.00007FFC9B62F000.00000002.00000001.01000000.00000009.sdmp, Overlunky.dll.0.dr String found in binary or memory: http://www.dearimgui.org/faq/
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3628948650.00007FFC9B62F000.00000002.00000001.01000000.00000009.sdmp, Overlunky.dll.0.dr String found in binary or memory: http://www.dearimgui.org/faq/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~%
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3628948650.00007FFC9B62F000.00000002.00000001.01000000.00000009.sdmp, Overlunky.dll.0.dr String found in binary or memory: https://api.github.com/repos/spelunky-fyi/overlunky/git/ref/tags/whip
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3624491053.0000016B67B6C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3624710287.0000016B67BBB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.3463965408.0000016B67BBB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/p
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3628948650.00007FFC9B62F000.00000002.00000001.01000000.00000009.sdmp, Overlunky.dll.0.dr String found in binary or memory: https://github.com/spelunky-fyi/overlunky#overlunky
Source: Overlunky.exe.0.dr String found in binary or memory: https://github.com/spelunky-fyi/overlunky/releases/download/whip/Overlunky.dll
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3624710287.0000016B67BBB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.3463965408.0000016B67BBB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/spelunky-fyi/overlunky/releases/download/whip/Overlunky.dll3
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, Overlunky.exe.0.dr String found in binary or memory: https://github.com/spelunky-fyi/overlunky/releases/download/whip/Overlunky.exe
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, Overlunky.exe.0.dr String found in binary or memory: https://github.com/spelunky-fyi/overlunky/releases/download/whip/Overlunky.exe../Spel2.exetrueupdate
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3628948650.00007FFC9B62F000.00000002.00000001.01000000.00000009.sdmp, Overlunky.dll.0.dr String found in binary or memory: https://github.com/spelunky-fyi/overlunky/releases/tag/whip
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3624710287.0000016B67BBB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.3463965408.0000016B67BBB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/y
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.1170316193.0000016B67BFD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://objects.githubusercontent.com/
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.1170185282.0000016B67BF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.1170316193.0000016B67BFD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://objects.githubusercontent.com/_
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.3463867505.0000016B67C2D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.3463932641.0000016B67C3E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3625112771.0000016B67C42000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://objects.githubusercontent.com/github-production-
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.1170409408.0000016B67C4C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.3463932641.0000016B67C3E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3625112771.0000016B67C42000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/311203851/4c20cd6b-9a4f
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.3463965408.0000016B67BDF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/311203851/d7b11efa-8940
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.1170185282.0000016B67BF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.1170316193.0000016B67BFD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://objects.githubusercontent.com/o
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3628948650.00007FFC9B62F000.00000002.00000001.01000000.00000009.sdmp, Overlunky.dll.0.dr String found in binary or memory: https://spelunky-fyi.github.io/overlunky/
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3628948650.00007FFC9B62F000.00000002.00000001.01000000.00000009.sdmp, Overlunky.dll.0.dr String found in binary or memory: https://spelunky-fyi.github.io/overlunky/Read
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown HTTPS traffic detected: 140.82.112.4:443 -> 192.168.2.4:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49712 version: TLS 1.2
Installs a raw input device (often for capturing keystrokes)
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3628948650.00007FFC9B62F000.00000002.00000001.01000000.00000009.sdmp Binary or memory string: RegisterRawInputDevices memstr_0b8d1242-7
Yara detected Keylogger Generic
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe PID: 3840, type: MEMORYSTR
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D16F20 0_2_00007FF6A5D16F20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D11290 0_2_00007FF6A5D11290
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D1B250 0_2_00007FF6A5D1B250
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D29700 0_2_00007FF6A5D29700
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D3E700 0_2_00007FF6A5D3E700
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D3C6F0 0_2_00007FF6A5D3C6F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D2A6D0 0_2_00007FF6A5D2A6D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D30660 0_2_00007FF6A5D30660
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D3D600 0_2_00007FF6A5D3D600
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D3D0D0 0_2_00007FF6A5D3D0D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D3A000 0_2_00007FF6A5D3A000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D257F0 0_2_00007FF6A5D257F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D3D7D0 0_2_00007FF6A5D3D7D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D32790 0_2_00007FF6A5D32790
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D1AF70 0_2_00007FF6A5D1AF70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D33A90 0_2_00007FF6A5D33A90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D3AA00 0_2_00007FF6A5D3AA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D421E0 0_2_00007FF6A5D421E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D2A9B0 0_2_00007FF6A5D2A9B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D379B0 0_2_00007FF6A5D379B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D40970 0_2_00007FF6A5D40970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D40140 0_2_00007FF6A5D40140
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D29500 0_2_00007FF6A5D29500
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D3ECF0 0_2_00007FF6A5D3ECF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D38490 0_2_00007FF6A5D38490
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D14C40 0_2_00007FF6A5D14C40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D3A430 0_2_00007FF6A5D3A430
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D3AB80 0_2_00007FF6A5D3AB80
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: String function: 00007FF6A5D28400 appears 58 times
Source: classification engine Classification label: mal56.winEXE@2/3@2/2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D24220 CreateToolhelp32Snapshot,memset,Process32First,Process32Next,strrchr,strlen,memcpy,memcpy,_invalid_parameter_noinfo_noreturn,__std_terminate, 0_2_00007FF6A5D24220
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe File created: C:\Users\user\Desktop\Overlunky.dll Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:352:120:WilError_03
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe ReversingLabs: Detection: 22%
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Virustotal: Detection: 22%
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: Formatting exception: --inject use the old injection method instead of Detours with --launch_game
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] --inject use the old injection method instead of Detours with --launch_game
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [panic] Injecting failed, maybe you should try --launch_game instead...
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: Formatting exception:Injecting failed, maybe you should try --launch_game instead...
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] --help show this helpful help
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] --help show this helpful help
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: Formatting exception: --launch_game [path] launch ../Spel2.exe, path/Spel2.exe, or a specific exe, and load OL with Detours
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] Already injected, let's not do that again. If you want to inject multiple game processes, use the --launch_game parameter.
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] --launch_game [path] launch ../Spel2.exe, path/Spel2.exe, or a specific exe, and load OL with Detours
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] Without --launch_game the launcher will search for a process called Spel2.exe and inject OL when found.
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: Formatting exception: --help show this helpful help
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: Formatting exception: --help show this helpful help
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: Formatting exception:Already injected, let's not do that again. If you want to inject multiple game processes, use the --launch_game parameter.
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: Formatting exception:Without --launch_game the launcher will search for a process called Spel2.exe and inject OL when found.
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] Without --launch_game the launcher will search for a process called Spel2.exe and inject OL when found.
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] --inject use the old injection method instead of Detours with --launch_game
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] --help show this helpful help
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] --help show this helpful help
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] --launch_game [path] launch ../Spel2.exe, path/Spel2.exe, or a specific exe, and load OL with Detours
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [panic] Injecting failed, maybe you should try --launch_game instead...
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] Already injected, let's not do that again. If you want to inject multiple game processes, use the --launch_game parameter.
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: Formatting exception: --launch_game [path] launch ../Spel2.exe, path/Spel2.exe, or a specific exe, and load OL with Detours
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: Formatting exception: --help show this helpful help
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: Formatting exception: --help show this helpful help
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: Formatting exception: --inject use the old injection method instead of Detours with --launch_game
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: Formatting exception:Already injected, let's not do that again. If you want to inject multiple game processes, use the --launch_game parameter.
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: Formatting exception:Without --launch_game the launcher will search for a process called Spel2.exe and inject OL when found.
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: Formatting exception:Injecting failed, maybe you should try --launch_game instead...
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] --launch_game [path] launch ../Spel2.exe, path/Spel2.exe, or a specific exe, and load OL with Detours
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] --help show this helpful help
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] --help show this helpful help
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] --inject use the old injection method instead of Detours with --launch_game
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] Already injected, let's not do that again. If you want to inject multiple game processes, use the --launch_game parameter.
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [info] Without --launch_game the launcher will search for a process called Spel2.exe and inject OL when found.
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: [panic] Injecting failed, maybe you should try --launch_game instead...
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: {}{}Formatting exception:Cannot find the address of the library in current process: {}Formatting exception:Cannot find library in the target process: {}Formatting exception:Overlunky DLL version: {}Formatting exception:Overlunky EXE version: {}Formatting exception:Found Spel2.exe PID: {}Formatting exception:Cannot find the address of the function in current process: {} :: {}Formatting exception:Injecting DLL into process... {}Formatting exception:Launching game... {}Formatting exception:Launching game with DLL... {}Formatting exception:DLL not found! {}Formatting exception:Allocation failed: {:#x}OverlunkyImagehlpApiVersionExbad castformat specifier requires numeric argumentFormatting exception:AutoUpdate: Can't connect to the internetinjectFormatting exception: --oldflip launch the game with -oldflip, may improve performance with external windowsstatusexistsFormatting exception: --launch_game [path] launch ../Spel2.exe, path/Spel2.exe, or a specific exe, and load OL with DetoursSymSetOptionsSymGetOptions%s:%d: assertion failed: %s.detourOverlunky Updaterunknown format specifierinvalid format specifierupdate_launcherprecision is not integerwidth is not integerinvalid format specifier for charinfo_dumpFormatting exception: --help show this helpful helpoldflipUnknown exceptioninvalid string positionFormatting exception: --version show version informationdll_versionOverlunky.versionnegative precisioninvalid precision_CorExeMainnansystemstring pointer is null\Overlunky.dllhttps://github.com/spelunky-fyi/overlunky/releases/download/whip/Overlunky.dll\info_dump.dllcanonicalbad array new lengthnegative widthvector too longstring too longcannot switch from automatic to manual argument indexingcannot switch from manual to automatic argument indexingmissing '}' in format stringunmatched '}' in format stringinvalid format stringnumber is too biginf0123456789abcdefSymInitializehttps://github.com/spelunky-fyi/overlunky/releases/download/whip/Overlunky.exe../Spel2.exetrueupdateOverlunky UpdatefalseFormatting exception: --inject use the old injection method instead of Detours with --launch_gameSymFromNameconsoleFormatting exception:AutoUpdate: Can't write new filecannot write to fileargument not foundOverlunky.dll.oldOverlunky.exe.oldFormatting exception: --update_launcher update launcher to the latest WHIP buildFormatting exception: --update reset AutoUpdate setting and update launcher and DLL to the latest WHIP buildFormatting exception:DLL injecteddisabledFormatting exception: --console keep console open to debug scripts etcgenericwbFormatting exception:AutoUpdate: Can't connect to githubFormatting exception:AutoUpdate: Can't get version information from githubFormatting exception:AutoUpdate: Can't get release information from githubFormatting exception:AutoUpdate: Can't read file from githubWINDIRNANFormatting exception:Game launched with DLLFormatting
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: {}{}Formatting exception:Cannot find the address of the library in current process: {}Formatting exception:Cannot find library in the target process: {}Formatting exception:Overlunky DLL version: {}Formatting exception:Overlunky EXE version: {}Formatting exception:Found Spel2.exe PID: {}Formatting exception:Cannot find the address of the function in current process: {} :: {}Formatting exception:Injecting DLL into process... {}Formatting exception:Launching game... {}Formatting exception:Launching game with DLL... {}Formatting exception:DLL not found! {}Formatting exception:Allocation failed: {:#x}OverlunkyImagehlpApiVersionExbad castformat specifier requires numeric argumentFormatting exception:AutoUpdate: Can't connect to the internetinjectFormatting exception: --oldflip launch the game with -oldflip, may improve performance with external windowsstatusexistsFormatting exception: --launch_game [path] launch ../Spel2.exe, path/Spel2.exe, or a specific exe, and load OL with DetoursSymSetOptionsSymGetOptions%s:%d: assertion failed: %s.detourOverlunky Updaterunknown format specifierinvalid format specifierupdate_launcherprecision is not integerwidth is not integerinvalid format specifier for charinfo_dumpFormatting exception: --help show this helpful helpoldflipUnknown exceptioninvalid string positionFormatting exception: --version show version informationdll_versionOverlunky.versionnegative precisioninvalid precision_CorExeMainnansystemstring pointer is null\Overlunky.dllhttps://github.com/spelunky-fyi/overlunky/releases/download/whip/Overlunky.dll\info_dump.dllcanonicalbad array new lengthnegative widthvector too longstring too longcannot switch from automatic to manual argument indexingcannot switch from manual to automatic argument indexingmissing '}' in format stringunmatched '}' in format stringinvalid format stringnumber is too biginf0123456789abcdefSymInitializehttps://github.com/spelunky-fyi/overlunky/releases/download/whip/Overlunky.exe../Spel2.exetrueupdateOverlunky UpdatefalseFormatting exception: --inject use the old injection method instead of Detours with --launch_gameSymFromNameconsoleFormatting exception:AutoUpdate: Can't write new filecannot write to fileargument not foundOverlunky.dll.oldOverlunky.exe.oldFormatting exception: --update_launcher update launcher to the latest WHIP buildFormatting exception: --update reset AutoUpdate setting and update launcher and DLL to the latest WHIP buildFormatting exception:DLL injecteddisabledFormatting exception: --console keep console open to debug scripts etcgenericwbFormatting exception:AutoUpdate: Can't connect to githubFormatting exception:AutoUpdate: Can't get version information from githubFormatting exception:AutoUpdate: Can't get release information from githubFormatting exception:AutoUpdate: Can't read file from githubWINDIRNANFormatting exception:Game launched with DLLFormatting
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe String found in binary or memory: {}{}Formatting exception:Cannot find the address of the library in current process: {}Formatting exception:Cannot find library in the target process: {}Formatting exception:Overlunky DLL version: {}Formatting exception:Overlunky EXE version: {}Formatting exception:Found Spel2.exe PID: {}Formatting exception:Cannot find the address of the function in current process: {} :: {}Formatting exception:Injecting DLL into process... {}Formatting exception:Launching game... {}Formatting exception:Launching game with DLL... {}Formatting exception:DLL not found! {}Formatting exception:Allocation failed: {:#x}OverlunkyImagehlpApiVersionExbad castformat specifier requires numeric argumentFormatting exception:AutoUpdate: Can't connect to the internetinjectFormatting exception: --oldflip launch the game with -oldflip, may improve performance with external windowsstatusexistsFormatting exception: --launch_game [path] launch ../Spel2.exe, path/Spel2.exe, or a specific exe, and load OL with DetoursSymSetOptionsSymGetOptions%s:%d: assertion failed: %s.detourOverlunky Updaterunknown format specifierinvalid format specifierupdate_launcherprecision is not integerwidth is not integerinvalid format specifier for charinfo_dumpFormatting exception: --help show this helpful helpoldflipUnknown exceptioninvalid string positionFormatting exception: --version show version informationdll_versionOverlunky.versionnegative precisioninvalid precision_CorExeMainnansystemstring pointer is null\Overlunky.dllhttps://github.com/spelunky-fyi/overlunky/releases/download/whip/Overlunky.dll\info_dump.dllcanonicalbad array new lengthnegative widthvector too longstring too longcannot switch from automatic to manual argument indexingcannot switch from manual to automatic argument indexingmissing '}' in format stringunmatched '}' in format stringinvalid format stringnumber is too biginf0123456789abcdefSymInitializehttps://github.com/spelunky-fyi/overlunky/releases/download/whip/Overlunky.exe../Spel2.exetrueupdateOverlunky UpdatefalseFormatting exception: --inject use the old injection method instead of Detours with --launch_gameSymFromNameconsoleFormatting exception:AutoUpdate: Can't write new filecannot write to fileargument not foundOverlunky.dll.oldOverlunky.exe.oldFormatting exception: --update_launcher update launcher to the latest WHIP buildFormatting exception: --update reset AutoUpdate setting and update launcher and DLL to the latest WHIP buildFormatting exception:DLL injecteddisabledFormatting exception: --console keep console open to debug scripts etcgenericwbFormatting exception:AutoUpdate: Can't connect to githubFormatting exception:AutoUpdate: Can't get version information from githubFormatting exception:AutoUpdate: Can't get release information from githubFormatting exception:AutoUpdate: Can't read file from githubWINDIRNANFormatting exception:Game launched with DLLFormatting
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D23300 _getche,LoadLibraryA,GetProcAddress,__acrt_iob_func,fflush,__acrt_iob_func,__acrt_iob_func,fflush,__acrt_iob_func,fflush,memcpy,memcpy,puts,puts,puts,puts, 0_2_00007FF6A5D23300
PE file contains sections with non-standard names
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Static PE information: section name: .00cfg
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Static PE information: section name: .detourc
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Static PE information: section name: .detourd
Source: Overlunky.dll.0.dr Static PE information: section name: .00cfg
Source: Overlunky.dll.0.dr Static PE information: section name: .detourc
Source: Overlunky.dll.0.dr Static PE information: section name: .detourd
Source: Overlunky.exe.0.dr Static PE information: section name: .00cfg
Source: Overlunky.exe.0.dr Static PE information: section name: .detourc
Source: Overlunky.exe.0.dr Static PE information: section name: .detourd
Drops PE files
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe File created: C:\Users\user\Desktop\Overlunky.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe File created: C:\Users\user\Desktop\Overlunky.exe Jump to dropped file
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Window / User API: threadDelayed 428 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Window / User API: threadDelayed 3765 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Window / User API: threadDelayed 2442 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Window / User API: threadDelayed 1508 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Window / User API: threadDelayed 783 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Dropped PE file which has not been started: C:\Users\user\Desktop\Overlunky.dll Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe API coverage: 9.2 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe TID: 5324 Thread sleep time: -85600s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D421E0 ?fail@ios_base@std@@QEBA_NXZ,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,CloseHandle,CloseHandle,abort, 0_2_00007FF6A5D421E0
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3624710287.0000016B67BDF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.3463965408.0000016B67BDF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW7
Source: SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3624710287.0000016B67BDF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000002.3624710287.0000016B67B9F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.3463965408.0000016B67B9D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe, 00000000.00000003.3463965408.0000016B67BDF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D42F60 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF6A5D42F60
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D23300 _getche,LoadLibraryA,GetProcAddress,__acrt_iob_func,fflush,__acrt_iob_func,__acrt_iob_func,fflush,__acrt_iob_func,fflush,memcpy,memcpy,puts,puts,puts,puts, 0_2_00007FF6A5D23300
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D42F60 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF6A5D42F60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D42F50 SetUnhandledExceptionFilter, 0_2_00007FF6A5D42F50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D43308 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF6A5D43308
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: GetLocaleInfoEx,FormatMessageA, 0_2_00007FF6A5D42ACC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.ABApplication.VEVX-3560.5245.14683.exe Code function: 0_2_00007FF6A5D435B0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_00007FF6A5D435B0