Source: jesovROZ8A.exe |
Virustotal: Detection: 85% |
Perma Link |
Source: jesovROZ8A.exe |
ReversingLabs: Detection: 100% |
Source: jesovROZ8A.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00401401 |
0_2_00401401 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00403827 |
0_2_00403827 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0040142A |
0_2_0040142A |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00401C2B |
0_2_00401C2B |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0040C4D3 |
0_2_0040C4D3 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0040BCEA |
0_2_0040BCEA |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0040AD5F |
0_2_0040AD5F |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0040AD60 |
0_2_0040AD60 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00408116 |
0_2_00408116 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00417516 |
0_2_00417516 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0040FD1C |
0_2_0040FD1C |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00410528 |
0_2_00410528 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0042313D |
0_2_0042313D |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_004125CA |
0_2_004125CA |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_004131CC |
0_2_004131CC |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_004221ED |
0_2_004221ED |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_004065F2 |
0_2_004065F2 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_004065F6 |
0_2_004065F6 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00411982 |
0_2_00411982 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00410DBE |
0_2_00410DBE |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00413220 |
0_2_00413220 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00421AE6 |
0_2_00421AE6 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0041B2F3 |
0_2_0041B2F3 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0040D684 |
0_2_0040D684 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0040D6A0 |
0_2_0040D6A0 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0041BF43 |
0_2_0041BF43 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00404B50 |
0_2_00404B50 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00409711 |
0_2_00409711 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0041E32C |
0_2_0041E32C |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0040E734 |
0_2_0040E734 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0041CBD1 |
0_2_0041CBD1 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_004203E1 |
0_2_004203E1 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0040BFFB |
0_2_0040BFFB |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00425FFC |
0_2_00425FFC |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00407388 |
0_2_00407388 |
Source: unknown |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 588 |
Source: jesovROZ8A.exe, 00000000.00000002.206549685.0000000000446000.00000004.00020000.sdmp |
Binary or memory string: OriginalFilenameChevy.exe` vs jesovROZ8A.exe |
Source: jesovROZ8A.exe |
Binary or memory string: OriginalFilenameChevy.exe` vs jesovROZ8A.exe |
Source: jesovROZ8A.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: jesovROZ8A.exe |
Static PE information: Section: UPX1 ZLIB complexity 0.996900699013 |
Source: classification engine |
Classification label: mal60.winEXE@2/4@0/0 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2416 |
Source: C:\Windows\SysWOW64\WerFault.exe |
File created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER97.tmp |
Jump to behavior |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: jesovROZ8A.exe |
Virustotal: Detection: 85% |
Source: jesovROZ8A.exe |
ReversingLabs: Detection: 100% |
Source: unknown |
Process created: C:\Users\user\Desktop\jesovROZ8A.exe 'C:\Users\user\Desktop\jesovROZ8A.exe' |
Source: unknown |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 588 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0040D056 push ds; retf |
0_2_0040D132 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00405414 push ds; retn 0000h |
0_2_0040542F |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_004060E9 push ecx; ret |
0_2_004060EA |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00410DFE pushad ; ret |
0_2_00410E01 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0040D5B6 push 00880000h; ret |
0_2_0040D658 |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_004046EA pushad ; ret |
0_2_004046EF |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_00405EFB pushad ; ret |
0_2_00405EFC |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Code function: 0_2_0040577F push edi; ret |
0_2_0040578C |
Source: initial sample |
Static PE information: section name: UPX0 |
Source: initial sample |
Static PE information: section name: UPX1 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\jesovROZ8A.exe |
Process queried: DebugPort |
Jump to behavior |