Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Trojan.GenericKD.43570421.8546.14954

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.GenericKD.43570421.8546.14954 (renamed file extension from 14954 to exe)
Analysis ID:255762
MD5:a09e812fab18b593b1a5f1c05eb83e9c
SHA1:ae951ba64a108f9ef6f1e288672de04815d215a2
SHA256:0df24ed22c633936c784444cf7a5b47970bdadcdd129353d4abdef55e02fa26b

Most interesting Screenshot:

Detection

AgentTesla
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected AgentTesla
Yara detected AntiVM_3
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "FHjxBGDCvHK", "URL: ": "https://Q5aGhnJU4C.com", "To: ": "rijo@gleoman.com", "ByHost: ": "smtp.yandex.com:587", "Password: ": "onmGK3VCTm5pD", "From: ": "rijo@gleoman.com"}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeSUSP_Reversed_Base64_Encoded_EXEDetects an base64 encoded executable with reversed charactersFlorian Roth
  • 0x3c3c1:$sh3: uUGZv1GIT9ERg4Wag4WdyBSZiBCdv5mbhNGItFmcn9mcwBycphGV

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.235800113.0000000000BF2000.00000002.00020000.sdmpSUSP_Reversed_Base64_Encoded_EXEDetects an base64 encoded executable with reversed charactersFlorian Roth
  • 0x3c1c1:$sh3: uUGZv1GIT9ERg4Wag4WdyBSZiBCdv5mbhNGItFmcn9mcwBycphGV
00000002.00000002.233723190.00000000002D2000.00000002.00020000.sdmpSUSP_Reversed_Base64_Encoded_EXEDetects an base64 encoded executable with reversed charactersFlorian Roth
  • 0x3c1c1:$sh3: uUGZv1GIT9ERg4Wag4WdyBSZiBCdv5mbhNGItFmcn9mcwBycphGV
00000003.00000002.496392131.0000000003358000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000003.00000002.496392131.0000000003358000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000000.00000002.241187069.00000000041D1000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.0.SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe.bf0000.0.unpackSUSP_Reversed_Base64_Encoded_EXEDetects an base64 encoded executable with reversed charactersFlorian Roth
        • 0x3c3c1:$sh3: uUGZv1GIT9ERg4Wag4WdyBSZiBCdv5mbhNGItFmcn9mcwBycphGV
        3.2.SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          3.2.SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe.fb0000.1.unpackSUSP_Reversed_Base64_Encoded_EXEDetects an base64 encoded executable with reversed charactersFlorian Roth
          • 0x3c3c1:$sh3: uUGZv1GIT9ERg4Wag4WdyBSZiBCdv5mbhNGItFmcn9mcwBycphGV
          2.2.SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe.2d0000.0.unpackSUSP_Reversed_Base64_Encoded_EXEDetects an base64 encoded executable with reversed charactersFlorian Roth
          • 0x3c3c1:$sh3: uUGZv1GIT9ERg4Wag4WdyBSZiBCdv5mbhNGItFmcn9mcwBycphGV
          3.0.SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe.fb0000.0.unpackSUSP_Reversed_Base64_Encoded_EXEDetects an base64 encoded executable with reversed charactersFlorian Roth
          • 0x3c3c1:$sh3: uUGZv1GIT9ERg4Wag4WdyBSZiBCdv5mbhNGItFmcn9mcwBycphGV
          Click to see the 2 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe.7108.3.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "FHjxBGDCvHK", "URL: ": "https://Q5aGhnJU4C.com", "To: ": "rijo@gleoman.com", "ByHost: ": "smtp.yandex.com:587", "Password: ": "onmGK3VCTm5pD", "From: ": "rijo@gleoman.com"}
          Machine Learning detection for sampleShow sources
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeJoe Sandbox ML: detected
          Source: global trafficTCP traffic: 192.168.2.4:49726 -> 77.88.21.158:587
          Source: global trafficTCP traffic: 192.168.2.4:49726 -> 77.88.21.158:587
          Source: unknownDNS traffic detected: queries for: smtp.yandex.com
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.497369650.0000000003478000.00000004.00000001.sdmpString found in binary or memory: http://crl.certum.pl/ca.crl0h
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.497369650.0000000003478000.00000004.00000001.sdmpString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.497369650.0000000003478000.00000004.00000001.sdmpString found in binary or memory: http://crls.yandex.net/certum/ycasha2.crl0-
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.497369650.0000000003478000.00000004.00000001.sdmpString found in binary or memory: http://repository.certum.pl/ca.cer09
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.497369650.0000000003478000.00000004.00000001.sdmpString found in binary or memory: http://repository.certum.pl/ctnca.cer09
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.497369650.0000000003478000.00000004.00000001.sdmpString found in binary or memory: http://repository.certum.pl/ycasha2.cer0
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.497369650.0000000003478000.00000004.00000001.sdmpString found in binary or memory: http://smtp.yandex.com
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.497369650.0000000003478000.00000004.00000001.sdmpString found in binary or memory: http://subca.ocsp-certum.com0.
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.497369650.0000000003478000.00000004.00000001.sdmpString found in binary or memory: http://subca.ocsp-certum.com01
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.497369650.0000000003478000.00000004.00000001.sdmpString found in binary or memory: http://www.certum.pl/CPS0
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.497369650.0000000003478000.00000004.00000001.sdmpString found in binary or memory: http://yandex.crl.certum.pl/ycasha2.crl0q
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.497369650.0000000003478000.00000004.00000001.sdmpString found in binary or memory: http://yandex.ocsp-responder.com03
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.496392131.0000000003358000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.497644251.00000000034AA000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000003.321511174.00000000015B4000.00000004.00000001.sdmpString found in binary or memory: https://Q5aGhnJU4C.com
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.496392131.0000000003358000.00000004.00000001.sdmpString found in binary or memory: https://Q5aGhnJU4C.comX
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.497369650.0000000003478000.00000004.00000001.sdmpString found in binary or memory: https://www.certum.pl/CPS0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A033C NtQueryInformationProcess,0_2_016A033C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A7049 NtQueryInformationProcess,0_2_016A7049
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A0302 NtQueryInformationProcess,0_2_016A0302
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A21E90_2_016A21E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A10600_2_016A1060
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A58590_2_016A5859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A30C80_2_016A30C8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A789A0_2_016A789A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A17A10_2_016A17A1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A8F900_2_016A8F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A71680_2_016A7168
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A61780_2_016A6178
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A71580_2_016A7158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A612F0_2_016A612F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016AD9200_2_016AD920
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A30A90_2_016A30A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016AA3B00_2_016AA3B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A52600_2_016A5260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A52700_2_016A5270
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A1C690_2_016A1C69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A54000_2_016A5400
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A54100_2_016A5410
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A04D20_2_016A04D2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A3F700_2_016A3F70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A3F390_2_016A3F39
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A0FB80_2_016A0FB8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A3F800_2_016A3F80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A56790_2_016A5679
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A56880_2_016A5688
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_031AFB303_2_031AFB30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_031AFB203_2_031AFB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_058624703_2_05862470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_0586C7F03_2_0586C7F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_058681483_2_05868148
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_058600403_2_05860040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_05862F403_2_05862F40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_05863C083_2_05863C08
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_0586C7E13_2_0586C7E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_058681393_2_05868139
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_058600073_2_05860007
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_058640303_2_05864030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_05862F303_2_05862F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_058677A83_2_058677A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_0586772D3_2_0586772D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_058673783_2_05867378
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065FF6183_2_065FF618
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065FC3803_2_065FC380
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065FB9D03_2_065FB9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065F82573_2_065F8257
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065F9E483_2_065F9E48
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065FF6173_2_065FF617
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065FC3773_2_065FC377
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065FC0583_2_065FC058
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065FC04F3_2_065FC04F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065F00403_2_065F0040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065FD8DF3_2_065FD8DF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065F9CD83_2_065F9CD8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065FD8E83_2_065FD8E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065FB9C73_2_065FB9C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A9AE283_2_06A9AE28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A92F903_2_06A92F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A987D53_2_06A987D5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A917303_2_06A91730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A904003_2_06A90400
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A925D83_2_06A925D8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A9C3B73_2_06A9C3B7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A980C03_2_06A980C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A908183_2_06A90818
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A9AE273_2_06A9AE27
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A926573_2_06A92657
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A98FEF3_2_06A98FEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A98FF83_2_06A98FF8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A95FCF3_2_06A95FCF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A95FD83_2_06A95FD8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A917233_2_06A91723
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A925CF3_2_06A925CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A9CBFA3_2_06A9CBFA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A903F73_2_06A903F7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A98B053_2_06A98B05
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A980B73_2_06A980B7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A998903_2_06A99890
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A9080F3_2_06A9080F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A9987F3_2_06A9987F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A9A05B3_2_06A9A05B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A999A53_2_06A999A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A981413_2_06A98141
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000000.00000002.237049033.00000000031A0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSparta.dll. vs SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000000.00000002.242631278.0000000008480000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLoreal.exe4 vs SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000000.00000002.241187069.00000000041D1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDBtlyQZOzpOxajPVmODmKHqrAe.exe4 vs SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000000.00000002.235941242.0000000000CB4000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamerPGqS.exe. vs SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000002.00000000.233477072.0000000000394000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamerPGqS.exe. vs SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.501296920.0000000006B50000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.501229091.0000000006B40000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.501070616.0000000006AA0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.494664452.0000000001074000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamerPGqS.exe. vs SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.494009809.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameDBtlyQZOzpOxajPVmODmKHqrAe.exe4 vs SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.494767380.00000000014F7000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.500573169.00000000064A0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeBinary or memory string: OriginalFilenamerPGqS.exe. vs SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, type: SAMPLEMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: 00000000.00000002.235800113.0000000000BF2000.00000002.00020000.sdmp, type: MEMORYMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: 00000002.00000002.233723190.00000000002D2000.00000002.00020000.sdmp, type: MEMORYMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: 00000000.00000000.225527752.0000000000BF2000.00000002.00020000.sdmp, type: MEMORYMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: 00000003.00000002.494274738.0000000000FB2000.00000002.00020000.sdmp, type: MEMORYMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: 00000002.00000000.233396970.00000000002D2000.00000002.00020000.sdmp, type: MEMORYMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: 00000003.00000000.234951772.0000000000FB2000.00000002.00020000.sdmp, type: MEMORYMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: Process Memory Space: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe PID: 7108, type: MEMORYMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: Process Memory Space: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe PID: 7000, type: MEMORYMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: Process Memory Space: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe PID: 7100, type: MEMORYMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: 0.0.SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe.bf0000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: 3.2.SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe.fb0000.1.unpack, type: UNPACKEDPEMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe.2d0000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: 3.0.SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe.fb0000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: 2.0.SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe.2d0000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: 0.2.SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe.bf0000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, reference = Internal Research, score = file
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000000.00000002.237073541.00000000031D1000.00000004.00000001.sdmpBinary or memory string: Databricks.sln
          Source: classification engineClassification label: mal96.troj.spyw.evad.winEXE@5/1@2/1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe.logJump to behavior
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe {path}
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe {path}
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe {path}Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe {path}Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_00BF26B9 pushad ; retf 0_2_00BF26C4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_00BF3A70 push ss; retf 0_2_00BF3A91
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A302B push 00000001h; ret 0_2_016A3030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 0_2_016A0FB8 push 00000001h; retf 0_2_016A1008
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 2_2_002D3A70 push ss; retf 2_2_002D3A91
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 2_2_002D26B9 pushad ; retf 2_2_002D26C4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_00FB26B9 pushad ; retf 3_2_00FB26C4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_00FB3A70 push ss; retf 3_2_00FB3A91
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065FCD41 pushfd ; ret 3_2_065FCD42
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_065F512F push edi; retn 0000h3_2_065F5131
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A907BF push es; ret 3_2_06A907C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A97FDE push es; ret 3_2_06A97FEC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A97F1A push es; ret 3_2_06A97F20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeCode function: 3_2_06A9C71F push es; ret 3_2_06A9C720
          Source: initial sampleStatic PE information: section name: .text entropy: 7.55923260747
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM_3Show sources
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe PID: 7000, type: MEMORY
          Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
          Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000000.00000002.238845790.0000000003AB2000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000000.00000002.238845790.0000000003AB2000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeWindow / User API: threadDelayed 740Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 7004Thread sleep time: -38000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 7024Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -3689348814741908s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6744Thread sleep count: 740 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6744Thread sleep count: 57 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -88968s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -58594s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -58218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -58000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -57500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -85968s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -56906s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -56406s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -56218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -56000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -83718s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -82968s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -82359s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -82077s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -54218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -54000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -80718s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -80109s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -79359s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -79077s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -52500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -78468s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -77718s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -51594s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -77109s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -51218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -76500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -50718s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -50500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -75468s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -49906s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -74109s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -49218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -73500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -73218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -48312s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -47906s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -47718s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -71250s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -47218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -70500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -70218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -69609s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -45906s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -45718s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -68250s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -45312s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -67218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -66891s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -43906s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -43406s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -64500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -42812s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -42312s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -62859s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -41312s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -40906s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -40718s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -60327s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -40000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -38500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -38218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -38000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -36906s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -34718s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -34500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -51327s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -51000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -49968s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -32906s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -48327s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -48000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -31094s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -46359s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -30718s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -45750s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -30218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -44718s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -42750s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -41109s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -40827s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -39468s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -37827s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -37500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -34218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -59812s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -56718s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -55594s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -55094s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -54500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -53594s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -50812s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -50594s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -49718s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -44406s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -44218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -43500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -43312s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -42406s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -42218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -40406s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -37312s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -37094s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -36406s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -36218s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -36000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -35312s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -35094s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -34906s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -33812s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -33594s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -33094s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -32718s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -31812s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -31594s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -52094s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -50094s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -48594s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -48094s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -46094s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -45000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -42594s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -41000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -40812s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -40594s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -39906s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -39000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -38812s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -38594s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe TID: 6732Thread sleep time: -37906s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeLast function: Thread delayed
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.500573169.00000000064A0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000000.00000002.238845790.0000000003AB2000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000000.00000002.238845790.0000000003AB2000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000000.00000002.238845790.0000000003AB2000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000000.00000002.238845790.0000000003AB2000.00000004.00000001.sdmpBinary or memory string: VMWARE
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000000.00000002.238845790.0000000003AB2000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.501500615.0000000006B70000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllJ
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.500573169.00000000064A0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.500573169.00000000064A0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000000.00000002.238845790.0000000003AB2000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000000.00000002.238845790.0000000003AB2000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000000.00000002.238845790.0000000003AB2000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
          Source: SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exe, 00000003.00000002.500573169.00000000064A0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43570421.8546.exeProcess queried: DebugPortJump to behavior