Source: dbeaver.exe | Static PE information: certificate valid |
Source: dbeaver.exe | Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F35E94 __doserrno,_errno,_errno,__doserrno,FindFirstFileW,_errno,_errno,_errno,_errno,_errno,GetDriveTypeW,free,free,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose, | 0_2_00007FF6C6F35E94 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F32A20 free,malloc,FindFirstFileW,FindNextFileW,free,FindClose,malloc,free,free, | 0_2_00007FF6C6F32A20 |
Source: dbeaver.exe | String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: dbeaver.exe | String found in binary or memory: http://ocsp.thawte.com0 |
Source: dbeaver.exe | String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: dbeaver.exe | String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: dbeaver.exe | String found in binary or memory: http://sv.symcd.com0& |
Source: dbeaver.exe | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: dbeaver.exe | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: dbeaver.exe | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: dbeaver.exe | String found in binary or memory: https://d.symcb.com/cps0% |
Source: dbeaver.exe | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F41BD0 | 0_2_00007FF6C6F41BD0 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F36680 | 0_2_00007FF6C6F36680 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F34E90 | 0_2_00007FF6C6F34E90 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F3D6A8 | 0_2_00007FF6C6F3D6A8 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F44158 | 0_2_00007FF6C6F44158 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F44958 | 0_2_00007FF6C6F44958 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F43870 | 0_2_00007FF6C6F43870 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F42070 | 0_2_00007FF6C6F42070 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F3DC94 | 0_2_00007FF6C6F3DC94 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F41518 | 0_2_00007FF6C6F41518 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F4364C | 0_2_00007FF6C6F4364C |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F38EE4 | 0_2_00007FF6C6F38EE4 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F46300 | 0_2_00007FF6C6F46300 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F36F30 | 0_2_00007FF6C6F36F30 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F3654C | 0_2_00007FF6C6F3654C |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F4094C | 0_2_00007FF6C6F4094C |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F44D8C | 0_2_00007FF6C6F44D8C |
Source: dbeaver.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: dbeaver.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: dbeaver.exe, 00000000.00000002.219120303.0000000000740000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameuser32j% vs dbeaver.exe |
Source: classification engine | Classification label: sus24.evad.winEXE@1/0@0/0 |
Source: dbeaver.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\dbeaver.exe | Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: dbeaver.exe | String found in binary or memory: --launcher.library |
Source: dbeaver.exe | String found in binary or memory: --launcher.suppressErrors |
Source: dbeaver.exe | String found in binary or memory: --launcher.ini |
Source: dbeaver.exe | String found in binary or memory: .exe.exe-vmargs-name.--launcher.library--launcher.suppressErrors-protectroot--launcher.inieclipseorg.eclipse.equinox.launcherorg.eclipse.equinox.launcherpluginseclipse.inirt%[^ |
Source: dbeaver.exe | Static PE information: certificate valid |
Source: dbeaver.exe | Static PE information: Image base 0x140000000 > 0x60000000 |
Source: dbeaver.exe | Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F3FC90 LoadLibraryA,GetProcAddress,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, | 0_2_00007FF6C6F3FC90 |
Source: C:\Users\user\Desktop\dbeaver.exe | System information queried: CurrentTimeZoneInformation | Jump to behavior |
Source: C:\Users\user\Desktop\dbeaver.exe | Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess | graph_0-9228 |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F35E94 __doserrno,_errno,_errno,__doserrno,FindFirstFileW,_errno,_errno,_errno,_errno,_errno,GetDriveTypeW,free,free,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose, | 0_2_00007FF6C6F35E94 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F32A20 free,malloc,FindFirstFileW,FindNextFileW,free,FindClose,malloc,free,free, | 0_2_00007FF6C6F32A20 |
Source: C:\Users\user\Desktop\dbeaver.exe | API call chain: ExitProcess graph end node | graph_0-9230 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F383BC RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_2_00007FF6C6F383BC |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F3FC90 LoadLibraryA,GetProcAddress,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, | 0_2_00007FF6C6F3FC90 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F46474 GetProcessHeap,HeapAlloc,_errno,_errno,__doserrno,_errno,GetProcessHeap,HeapFree,SetEndOfFile,_errno,__doserrno,GetLastError, | 0_2_00007FF6C6F46474 |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F383BC RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_2_00007FF6C6F383BC |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F36F18 SetUnhandledExceptionFilter, | 0_2_00007FF6C6F36F18 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F3FF30 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_00007FF6C6F3FF30 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F36A00 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_2_00007FF6C6F36A00 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: _getptd,EnumSystemLocalesA,GetUserDefaultLangID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,_itow_s, | 0_2_00007FF6C6F3C7EC |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, | 0_2_00007FF6C6F3C0A8 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: GetLocaleInfoW, | 0_2_00007FF6C6F400D8 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,free,GetLocaleInfoA, | 0_2_00007FF6C6F40134 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: _getptd,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA, | 0_2_00007FF6C6F3C348 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: EnumSystemLocalesA, | 0_2_00007FF6C6F3C780 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: GetLocaleInfoA, | 0_2_00007FF6C6F3C294 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: GetLocaleInfoA, | 0_2_00007FF6C6F42AA0 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: EnumSystemLocalesA, | 0_2_00007FF6C6F3C6EC |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: _getptd,GetLocaleInfoA, | 0_2_00007FF6C6F3C1AC |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: _getptd,GetLocaleInfoA, | 0_2_00007FF6C6F3C5DC |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F38070 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, | 0_2_00007FF6C6F38070 |
Source: C:\Users\user\Desktop\dbeaver.exe | Code function: 0_2_00007FF6C6F41BD0 _lock,___lc_codepage_func,free,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte, | 0_2_00007FF6C6F41BD0 |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.