Analysis Report SecuriteInfo.com.Trojan.MulDrop15.61980.13868.3384

Overview

General Information

Sample Name: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.3384 (renamed file extension from 3384 to exe)
Analysis ID: 323839
MD5: 0998148d355b1e7bad7b44558aa4c125
SHA1: 5d062cb98564c1f2bc821c0a3e81b228780f77f7
SHA256: 8ef317f2278fbe6a533e8f78b932698e986280d2f4a6716aaaaa4dc5692222a8
Tags: AgentTesla

Most interesting Screenshot:

Detection

AgentTesla
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AgentTesla
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Modifies the hosts file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Antivirus or Machine Learning detection for unpacked file
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains strange resources
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

AV Detection:

barindex
Found malware configuration
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.5664.2.memstr Malware Configuration Extractor: Agenttesla {"Username: ": "qRlQv5b8v4k0m", "URL: ": "http://5YdEMfw1vYcxQtIJ.com", "To: ": "bmmc@novget.com", "ByHost: ": "novget.com:587", "Password: ": "fTUctjBYd8i", "From: ": "bmmc@novget.com"}
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe ReversingLabs: Detection: 31%
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Virustotal: Detection: 30% Perma Link
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe ReversingLabs: Detection: 31%
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Joe Sandbox ML: detected
Antivirus or Machine Learning detection for unpacked file
Source: 2.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.400000.0.unpack Avira: Label: TR/Spy.Gen8
Source: 20.2.vlc.exe.400000.0.unpack Avira: Label: TR/Spy.Gen8
Source: 19.2.vlc.exe.400000.0.unpack Avira: Label: TR/Spy.Gen8
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\ Jump to behavior

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Source: Traffic Snort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.3:49743 -> 167.88.170.2:587
Source: Traffic Snort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.3:49745 -> 167.88.170.2:587
May check the online IP address of the machine
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 184.73.247.141 184.73.247.141
Source: Joe Sandbox View IP Address: 184.73.247.141 184.73.247.141
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknown DNS traffic detected: queries for: api.ipify.org
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmp String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.498331561.000000000348A000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.499427077.00000000034E3000.00000004.00000001.sdmp String found in binary or memory: http://5YdEMfw1vYcxQtIJ.com
Source: vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmp String found in binary or memory: http://DynDns.comDynDNS
Source: vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmp String found in binary or memory: http://HReuFq.com
Source: vlc.exe, 00000013.00000002.492517745.00000000030AC000.00000004.00000001.sdmp String found in binary or memory: http://api.ipify.org
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000003.472294046.00000000015B6000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.499968225.00000000067C5000.00000004.00000001.sdmp String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000003.472294046.00000000015B6000.00000004.00000001.sdmp String found in binary or memory: http://crl.comodoca.com/COMODORSADomainValidation
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.494298446.000000000325B000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.499968225.00000000067C5000.00000004.00000001.sdmp String found in binary or memory: http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl0
Source: vlc.exe, 00000013.00000002.492517745.00000000030AC000.00000004.00000001.sdmp String found in binary or memory: http://elb097307-934924932.us-east-1.elb.amazonaws.com
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218382193.0000000005C30000.00000004.00000001.sdmp String found in binary or memory: http://en.wikipN
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://fontfabrik.com
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.499127131.00000000034D6000.00000004.00000001.sdmp String found in binary or memory: http://novget.com
Source: vlc.exe, 00000013.00000002.499968225.00000000067C5000.00000004.00000001.sdmp String found in binary or memory: http://ocsp.comodoca.com0
Source: vlc.exe String found in binary or memory: http://schemas.microso
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.492364241.0000000003098000.00000004.00000001.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220143406.0000000005C12000.00000004.00000001.sdmp String found in binary or memory: http://www.carterandcone.com
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220201223.0000000005C12000.00000004.00000001.sdmp String found in binary or memory: http://www.carterandcone.comn-u
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220201223.0000000005C12000.00000004.00000001.sdmp String found in binary or memory: http://www.carterandcone.comon
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220143406.0000000005C12000.00000004.00000001.sdmp String found in binary or memory: http://www.carterandcone.comq
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220143406.0000000005C12000.00000004.00000001.sdmp String found in binary or memory: http://www.carterandcone.comyrlS
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225289437.0000000005C34000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224595210.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.223959100.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/N
Source: vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.223854426.0000000005C52000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers/O
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225560487.0000000005C4E000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers9
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224188865.0000000005C52000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designersE
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225123261.0000000005C52000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designersP
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225457522.0000000005C52000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designersk
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224188865.0000000005C52000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designersz
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224595210.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comFN
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225289437.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comI.TTF
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224549941.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comL.TTF
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.230794690.0000000005C33000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comaT
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225588787.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comalsF
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225487535.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comcom
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225487535.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comd
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225289437.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comditom
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225289437.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comessed7
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224198483.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comessedf
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.223821132.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comique
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225009614.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comitud
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.230975135.0000000005C33000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comoitum
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224595210.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comtu
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.224146770.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comueed
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.225588787.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comvT
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.226940473.0000000005C33000.00000004.00000001.sdmp String found in binary or memory: http://www.galapagosdesign.com/
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221786965.0000000005C34000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220932324.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/Liha
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222098114.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/N
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221333628.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/R
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/T
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222098114.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0t
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222987089.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222098114.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/T
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222098114.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/m
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/l
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/m
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220785926.0000000005C2B000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/p
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/r-t
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.221084547.0000000005C34000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222469453.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/t
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220932324.0000000005C34000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/uheT
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.229992289.0000000005C1B000.00000004.00000001.sdmp String found in binary or memory: http://www.monotype.
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.222024096.0000000005C56000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.219300688.0000000005C1A000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.219300688.0000000005C1A000.00000004.00000001.sdmp String found in binary or memory: http://www.sandoll.co.krU
Source: vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218760455.0000000005C2B000.00000004.00000001.sdmp String found in binary or memory: http://www.typography.neta_
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218827779.0000000005C2B000.00000004.00000001.sdmp String found in binary or memory: http://www.typography.netalik
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218760455.0000000005C2B000.00000004.00000001.sdmp String found in binary or memory: http://www.typography.netez
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218760455.0000000005C2B000.00000004.00000001.sdmp String found in binary or memory: http://www.typography.netivh
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.218760455.0000000005C2B000.00000004.00000001.sdmp String found in binary or memory: http://www.typography.netsiv-u
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.255170523.0000000005D00000.00000002.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220143406.0000000005C12000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.305594390.0000000005B10000.00000002.00000001.sdmp, vlc.exe, 0000000B.00000002.320206271.0000000005890000.00000002.00000001.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000003.220143406.0000000005C12000.00000004.00000001.sdmp String found in binary or memory: http://www.zhongyicts.com.cno.3
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.492479441.00000000030A6000.00000004.00000001.sdmp String found in binary or memory: https://api.ipify.org
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.492364241.0000000003098000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.492479441.00000000030A6000.00000004.00000001.sdmp String found in binary or memory: https://api.ipify.org/
Source: vlc.exe, 00000013.00000002.492479441.00000000030A6000.00000004.00000001.sdmp String found in binary or memory: https://api.ipify.org4$l8
Source: vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmp String found in binary or memory: https://api.ipify.orgGETMozilla/5.0
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.484715731.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000006.00000002.301432064.0000000002C68000.00000004.00000001.sdmp, vlc.exe, 0000000B.00000002.316498806.0000000003851000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.484731635.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000014.00000002.484733374.0000000000402000.00000040.00000001.sdmp String found in binary or memory: https://api.telegram.org/bot%telegramapi%/
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmp String found in binary or memory: https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe String found in binary or memory: https://discord.com/
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe String found in binary or memory: https://discord.com/4
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe String found in binary or memory: https://discord.com/8
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.494298446.000000000325B000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.499968225.00000000067C5000.00000004.00000001.sdmp String found in binary or memory: https://secure.comodo.com/CPS0
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.484715731.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000006.00000002.301432064.0000000002C68000.00000004.00000001.sdmp, vlc.exe, 0000000B.00000002.316498806.0000000003851000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.484731635.0000000000402000.00000040.00000001.sdmp, vlc.exe, 00000014.00000002.484733374.0000000000402000.00000040.00000001.sdmp String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, vlc.exe, 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, vlc.exe, 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmp String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Creates a DirectInput object (often for capturing keystrokes)
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.251609553.00000000010EB000.00000004.00000020.sdmp Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Spam, unwanted Advertisements and Ransom Demands:

barindex
Modifies the hosts file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File written: C:\Windows\System32\drivers\etc\hosts Jump to behavior

System Summary:

barindex
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 0_2_010AC284 0_2_010AC284
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 0_2_010AE640 0_2_010AE640
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 0_2_010AE650 0_2_010AE650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 0_2_0742C398 0_2_0742C398
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 0_2_0742BAC8 0_2_0742BAC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 0_2_0742B780 0_2_0742B780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06843FE8 2_2_06843FE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06841448 2_2_06841448
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06847308 2_2_06847308
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_0684B9B0 2_2_0684B9B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_0684ED98 2_2_0684ED98
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06848A30 2_2_06848A30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06846278 2_2_06846278
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_068493A0 2_2_068493A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06872618 2_2_06872618
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_0687F780 2_2_0687F780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06871FE0 2_2_06871FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_0687EB0C 2_2_0687EB0C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_0687D738 2_2_0687D738
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_0687AB78 2_2_0687AB78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_0687BA88 2_2_0687BA88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_0687CFF8 2_2_0687CFF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06878FF8 2_2_06878FF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5DFE0 2_2_06A5DFE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A593E8 2_2_06A593E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A50040 2_2_06A50040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A54D80 2_2_06A54D80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5B130 2_2_06A5B130
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5D158 2_2_06A5D158
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A555C7 2_2_06A555C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A555D0 2_2_06A555D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5B123 2_2_06A5B123
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_00ECC284 6_2_00ECC284
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_00ECE640 6_2_00ECE640
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_00ECE650 6_2_00ECE650
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06C30448 6_2_06C30448
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06C32D38 6_2_06C32D38
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06C36158 6_2_06C36158
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06D6BAC8 6_2_06D6BAC8
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06D6C398 6_2_06D6C398
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06D6B780 6_2_06D6B780
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 11_2_00DEC284 11_2_00DEC284
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 11_2_00DEE650 11_2_00DEE650
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 11_2_00DEE640 11_2_00DEE640
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 11_2_06B4BAC8 11_2_06B4BAC8
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 11_2_06B4C398 11_2_06B4C398
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 11_2_06B4B780 11_2_06B4B780
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 11_2_07260428 11_2_07260428
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 11_2_0726BAA0 11_2_0726BAA0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 11_2_072647C1 11_2_072647C1
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 11_2_072647D0 11_2_072647D0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 11_2_07265920 11_2_07265920
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 11_2_0726591E 11_2_0726591E
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 11_2_072601B0 11_2_072601B0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 11_2_0726019F 11_2_0726019F
PE file contains strange resources
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: vlc.exe.0.dr Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: vlc.exe.0.dr Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: vlc.exe.0.dr Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameOhOvZMWOvVyKYxqxFjBeQ.exe4 vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamePanlwmqitxzsq.dll4 vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmp Binary or memory string: OriginalFilenameClassLibrary3.dll< vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000000.214469304.0000000000902000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameJqeofcirr6.exe` vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.251609553.00000000010EB000.00000004.00000020.sdmp Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000001.00000000.245925171.0000000000382000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameJqeofcirr6.exe` vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.503386805.0000000006850000.00000002.00000001.sdmp Binary or memory string: OriginalFilenamewshom.ocx vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000000.247521411.0000000000DF2000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameJqeofcirr6.exe` vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.484715731.0000000000402000.00000040.00000001.sdmp Binary or memory string: OriginalFilenameOhOvZMWOvVyKYxqxFjBeQ.exe4 vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.504414136.0000000007130000.00000002.00000001.sdmp Binary or memory string: OriginalFilenamemscorrc.dllT vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.503840561.0000000006A30000.00000002.00000001.sdmp Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Binary or memory string: OriginalFilenameJqeofcirr6.exe` vs SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: vlc.exe.0.dr Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: classification engine Classification label: mal100.troj.adwa.spyw.evad.winEXE@17/7@6/1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN Jump to behavior
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Virustotal: Detection: 30%
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe ReversingLabs: Detection: 31%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe'
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe'
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Data Obfuscation:

barindex
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 0_2_074230F8 push 00C364D1h; ret 0_2_07423135
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06849711 push eax; iretd 2_2_068497B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_068776BF push es; iretd 2_2_068776FC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06877E3F push edi; retn 0000h 2_2_06877E41
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06871093 push es; ret 2_2_06871094
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_068710A3 push es; ret 2_2_068710D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5E5B8 pushad ; ret 2_2_06A5E63A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5CAF8 push edx; ret 2_2_06A5CAFA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5CAFB push edx; ret 2_2_06A5CB02
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5E63B pushad ; ret 2_2_06A5E642
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5CB9B push ebx; ret 2_2_06A5CBA2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5CB53 push ebx; ret 2_2_06A5CB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5D0F8 push esi; ret 2_2_06A5D0FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5D0FB push esi; ret 2_2_06A5D102
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5C84B push ecx; ret 2_2_06A5C852
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5ED9B pushad ; ret 2_2_06A5EDA1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5CD01 push esp; ret 2_2_06A5CD02
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5E500 pushad ; ret 2_2_06A5E502
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5ED03 push eax; ret 2_2_06A5ED09
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5E50B pushad ; ret 2_2_06A5E552
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06A5E553 pushad ; ret 2_2_06A5E55A
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06C35E81 push ebp; retn 0006h 6_2_06C35E82
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06C357B0 push eax; retn 0006h 6_2_06C357B2
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06C325AD push eax; retn 0006h 6_2_06C325C1
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06C38297 push 0000007Dh; ret 6_2_06C3832E
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06C35A68 push edx; retn 0006h 6_2_06C35A6A
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06C35A70 push edx; retn 0006h 6_2_06C35A72
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06C35A78 push edx; retn 0006h 6_2_06C35AD2
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06C37218 pushad ; retn 0006h 6_2_06C3721A
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06C37311 pushad ; retn 0006h 6_2_06C37312
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 6_2_06C3731B pushad ; retn 0006h 6_2_06C37332
Source: initial sample Static PE information: section name: .text entropy: 7.96249614821
Source: initial sample Static PE information: section name: .text entropy: 7.96249614821
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: vlc.exe.0.dr, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: vlc.exe.0.dr, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 0.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.900000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 0.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.900000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 0.0.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.900000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 0.0.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.900000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 1.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.380000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 1.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.380000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 1.0.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.380000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 1.0.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.380000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 2.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.df0000.1.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 2.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.df0000.1.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 2.0.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.df0000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 2.0.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.df0000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 6.0.vlc.exe.720000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 6.0.vlc.exe.720000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 6.2.vlc.exe.720000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 6.2.vlc.exe.720000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 11.2.vlc.exe.450000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 11.2.vlc.exe.450000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 11.0.vlc.exe.450000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 11.0.vlc.exe.450000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 16.0.vlc.exe.310000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 16.0.vlc.exe.310000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 16.2.vlc.exe.310000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 16.2.vlc.exe.310000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 17.0.vlc.exe.160000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 17.0.vlc.exe.160000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 17.2.vlc.exe.160000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 17.2.vlc.exe.160000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 18.2.vlc.exe.210000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 18.2.vlc.exe.210000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 18.0.vlc.exe.210000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 18.0.vlc.exe.210000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 19.2.vlc.exe.a30000.1.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 19.2.vlc.exe.a30000.1.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 19.0.vlc.exe.a30000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 19.0.vlc.exe.a30000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 20.2.vlc.exe.870000.1.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 20.2.vlc.exe.870000.1.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'
Source: 20.0.vlc.exe.870000.0.unpack, c2Fo1FUEUu0RWAsNqc/iCBtguA2vUiZwpErbx.cs High entropy of concatenated method names: '.ctor', 'iCBAtgu2v', 'biZUwpErb', 'zU2qFo1FE', 'Dispose', 'bu0cRWAsN', 'blGCQ2p59jBKi6Eh09', 'RpJlS91oerHo5WgUoj', 'TIaY7n381CVUDcgeVK', 'sGHUJcud3rxknBYegI'
Source: 20.0.vlc.exe.870000.0.unpack, fq3MQHL5s4kEV6MXwJ/wguCTMihOcuL6dhVxS.cs High entropy of concatenated method names: 'phVuxSLq3', 'JQHa5s4kE', 'u6MeXwJd3', 'bV72wWdrn', 'XqVjTEeoe', 'aRvfP3EdK', '.ctor', '.cctor', 'LaN6iW2wc6kNZSQa9K', 'Tslsx4RPCSl2jSVmPP'

Persistence and Installation Behavior:

barindex
Drops PE files
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Jump to dropped file

Boot Survival:

barindex
Stores files to the Windows start menu directory
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe\:Zone.Identifier:$DATA Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run vlc Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run vlc Jump to behavior

Hooking and other Techniques for Hiding and Protection:

barindex
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Registry key monitored for changes: HKEY_CURRENT_USER_Classes Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

barindex
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000000.00000002.252002961.0000000002C61000.00000004.00000001.sdmp, vlc.exe, 00000006.00000002.301273221.0000000002C05000.00000004.00000001.sdmp, vlc.exe, 0000000B.00000002.316006335.00000000028D1000.00000004.00000001.sdmp Binary or memory string: SBIEDLL.DLL
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Thread delayed: delay time: 922337203685477
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Window / User API: threadDelayed 3753 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Window / User API: threadDelayed 6071 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Window / User API: threadDelayed 2626
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Window / User API: threadDelayed 7218
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Window / User API: threadDelayed 3672
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Window / User API: threadDelayed 6165
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe TID: 5808 Thread sleep count: 64 > 30 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe TID: 2168 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe TID: 6384 Thread sleep time: -27670116110564310s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe TID: 6388 Thread sleep count: 3753 > 30 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe TID: 6388 Thread sleep count: 6071 > 30 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6252 Thread sleep count: 64 > 30 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6272 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6540 Thread sleep count: 64 > 30 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 6640 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 7056 Thread sleep time: -25825441703193356s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 7060 Thread sleep count: 2626 > 30
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 7060 Thread sleep count: 7218 > 30
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 780 Thread sleep time: -27670116110564310s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 3016 Thread sleep count: 3672 > 30
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe TID: 3016 Thread sleep count: 6165 > 30
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\ Jump to behavior
Source: vlc.exe, 0000000B.00000002.316006335.00000000028D1000.00000004.00000001.sdmp Binary or memory string: vmware
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000003.472294046.00000000015B6000.00000004.00000001.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging:

barindex
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Code function: 2_2_06847FB8 LdrInitializeThunk, 2_2_06847FB8
Enables debug privileges
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process token adjusted: Debug
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

barindex
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Memory written: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Memory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe base: 400000 value starts with: 4D5A Jump to behavior
Modifies the hosts file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File written: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Jump to behavior
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.492478031.0000000001AC0000.00000002.00000001.sdmp, vlc.exe, 00000013.00000002.491073913.00000000019C0000.00000002.00000001.sdmp, vlc.exe, 00000014.00000002.491597533.0000000001730000.00000002.00000001.sdmp Binary or memory string: Program Manager
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.492478031.0000000001AC0000.00000002.00000001.sdmp, vlc.exe, 00000013.00000002.491073913.00000000019C0000.00000002.00000001.sdmp, vlc.exe, 00000014.00000002.491597533.0000000001730000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.492478031.0000000001AC0000.00000002.00000001.sdmp, vlc.exe, 00000013.00000002.491073913.00000000019C0000.00000002.00000001.sdmp, vlc.exe, 00000014.00000002.491597533.0000000001730000.00000002.00000001.sdmp Binary or memory string: Progman
Source: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe, 00000002.00000002.492478031.0000000001AC0000.00000002.00000001.sdmp, vlc.exe, 00000013.00000002.491073913.00000000019C0000.00000002.00000001.sdmp, vlc.exe, 00000014.00000002.491597533.0000000001730000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\vlc.exe Code function: 11_2_0726A300 GetUserNameA, 11_2_0726A300
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings:

barindex
Modifies the hosts file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File written: C:\Windows\System32\drivers\etc\hosts Jump to behavior

Stealing of Sensitive Information:

barindex
Yara detected AgentTesla
Source: Yara match File source: 00000006.00000002.301432064.0000000002C68000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.484731635.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.301127275.0000000002BC1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.316498806.0000000003851000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.301544638.0000000003B41000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.252002961.0000000002C61000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.316335903.0000000002978000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.484715731.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.484733374.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.252121672.0000000002D02000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: vlc.exe PID: 6248, type: MEMORY
Source: Yara match File source: Process Memory Space: vlc.exe PID: 6996, type: MEMORY
Source: Yara match File source: Process Memory Space: vlc.exe PID: 6536, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe PID: 1740, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe PID: 5664, type: MEMORY
Source: Yara match File source: Process Memory Space: vlc.exe PID: 6904, type: MEMORY
Source: Yara match File source: 2.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions Jump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Tries to harvest and steal ftp login credentials
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\ Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml Jump to behavior
Tries to steal Mail credentials (via file access)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.494562870.0000000003276000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: vlc.exe PID: 6996, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe PID: 5664, type: MEMORY
Source: Yara match File source: Process Memory Space: vlc.exe PID: 6904, type: MEMORY

Remote Access Functionality:

barindex
Yara detected AgentTesla
Source: Yara match File source: 00000006.00000002.301432064.0000000002C68000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.484731635.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.252302125.0000000003C61000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.301127275.0000000002BC1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.492574404.0000000002E21000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.316498806.0000000003851000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.301544638.0000000003B41000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.252002961.0000000002C61000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 0000000B.00000002.316335903.0000000002978000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.493762678.0000000003221000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.491667671.0000000002FE1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.484715731.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.484733374.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.252121672.0000000002D02000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: vlc.exe PID: 6248, type: MEMORY
Source: Yara match File source: Process Memory Space: vlc.exe PID: 6996, type: MEMORY
Source: Yara match File source: Process Memory Space: vlc.exe PID: 6536, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe PID: 1740, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe PID: 5664, type: MEMORY
Source: Yara match File source: Process Memory Space: vlc.exe PID: 6904, type: MEMORY
Source: Yara match File source: 2.2.SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 19.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.2.vlc.exe.400000.0.unpack, type: UNPACKEDPE
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 323839 Sample: SecuriteInfo.com.Trojan.Mul... Startdate: 27/11/2020 Architecture: WINDOWS Score: 100 40 novget.com 2->40 42 nagano-19599.herokussl.com 2->42 44 2 other IPs or domains 2->44 60 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->60 62 Found malware configuration 2->62 64 Multi AV Scanner detection for dropped file 2->64 66 8 other signatures 2->66 7 SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe 1 6 2->7         started        11 vlc.exe 2 2->11         started        13 vlc.exe 3 2->13         started        signatures3 process4 file5 34 C:\Users\user\AppData\Roaming\...\vlc.exe, PE32 7->34 dropped 36 C:\Users\user\...\vlc.exe:Zone.Identifier, ASCII 7->36 dropped 38 SecuriteInfo.com.T...61980.13868.exe.log, ASCII 7->38 dropped 68 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 7->68 70 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 7->70 72 Injects a PE file into a foreign processes 7->72 15 SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe 15 2 7->15         started        19 SecuriteInfo.com.Trojan.MulDrop15.61980.13868.exe 7->19         started        21 vlc.exe 11->21         started        24 vlc.exe 2 13->24         started        26 vlc.exe 13->26         started        28 vlc.exe 13->28         started        30 vlc.exe 13->30         started        signatures6 process7 dnsIp8 46 elb097307-934924932.us-east-1.elb.amazonaws.com 184.73.247.141, 443, 49742 AMAZON-AESUS United States 15->46 48 nagano-19599.herokussl.com 15->48 50 api.ipify.org 15->50 52 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 15->52 54 Tries to steal Mail credentials (via file access) 15->54 56 Tries to harvest and steal ftp login credentials 15->56 58 2 other signatures 15->58 32 C:\Windows\System32\drivers\etc\hosts, ASCII 21->32 dropped file9 signatures10
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
184.73.247.141
 unknown United States
14618 AMAZON-AESUS false

Contacted Domains

Name IP Active
elb097307-934924932.us-east-1.elb.amazonaws.com 184.73.247.141 true
novget.com 167.88.170.2 true
api.ipify.org unknown unknown