Source: 3.0.cvcvsdf.exe.400000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: 7.2.cvcvsdf.exe.400000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: 1.0.cvcvsdf.exe.400000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: 0.0.Payment Confirmation.exe.400000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: 7.0.cvcvsdf.exe.400000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: 1.2.cvcvsdf.exe.400000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: 8.0.cvcvsdf.exe.400000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: 3.1.cvcvsdf.exe.400000.0.unpack |
Avira: Label: BDS/Backdoor.Gen |
Source: 0.2.Payment Confirmation.exe.400000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: 00000008.00000003.365577575.00000000023BA000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000003.00000002.592032143.000000000238A000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: Process Memory Space: cvcvsdf.exe PID: 4820, type: MEMORY |
Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: cvcvsdf.exe PID: 4820, type: MEMORY |
Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: Process Memory Space: cvcvsdf.exe PID: 4820, type: MEMORY |
Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: Process Memory Space: cvcvsdf.exe PID: 4820, type: MEMORY |
Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: cvcvsdf.exe PID: 7148, type: MEMORY |
Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: cvcvsdf.exe PID: 7148, type: MEMORY |
Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: Process Memory Space: cvcvsdf.exe PID: 7148, type: MEMORY |
Matched rule: DarkComet Author: Jean-Philippe Teissier / @Jipe_ |
Source: Process Memory Space: cvcvsdf.exe PID: 7148, type: MEMORY |
Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: 8.2.cvcvsdf.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 8.2.cvcvsdf.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: 8.2.cvcvsdf.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: 8.2.cvcvsdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 8.2.cvcvsdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: 8.2.cvcvsdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: 3.2.cvcvsdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 3.2.cvcvsdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: 3.2.cvcvsdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: 3.2.cvcvsdf.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects DarkComet RAT Author: Kevin Breen <kevin@techanarchy.net> |
Source: 3.2.cvcvsdf.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: DarkComet RAT Author: botherder https://github.com/botherder |
Source: 3.2.cvcvsdf.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: DarkComet_3 Author: Kevin Breen <kevin@techanarchy.net> |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0044521C NtdllDefWindowProc_A, |
3_2_0044521C |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0043838C GetSubMenu,SaveDC,RestoreDC,GetWindowDC,SaveDC,RestoreDC,NtdllDefWindowProc_A, |
3_2_0043838C |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_004304E8 NtdllDefWindowProc_A, |
3_2_004304E8 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00455220 SetWindowPos,NtdllDefWindowProc_A,GetCapture, |
3_2_00455220 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00445968 SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A, |
3_2_00445968 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00461974 NtdllDefWindowProc_A, |
3_2_00461974 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00445A48 SetActiveWindow,ShowWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus, |
3_2_00445A48 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 7_3_030CC8DC CreateProcessW,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,GetThreadContext,WriteProcessMemory,SetThreadContext,ResumeThread, |
7_3_030CC8DC |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 7_3_030CC8DC CreateProcessW,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,GetThreadContext,WriteProcessMemory,SetThreadContext,ResumeThread, |
7_3_030CC8DC |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 7_3_030CC8DC CreateProcessW,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,GetThreadContext,WriteProcessMemory,SetThreadContext,ResumeThread, |
7_3_030CC8DC |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 7_3_030CC8DC CreateProcessW,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,GetThreadContext,WriteProcessMemory,SetThreadContext,ResumeThread, |
7_3_030CC8DC |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 7_2_030CC8DC CreateProcessW,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,GetThreadContext,WriteProcessMemory,SetThreadContext,ResumeThread, |
7_2_030CC8DC |
Source: 00000008.00000003.365577575.00000000023BA000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Malware_QA_update date = 2016-08-29, hash2 = 6415b45f5bae6429dd5d92d6cae46e8a704873b7090853e68e80cd179058903e, author = Florian Roth, description = VT Research QA uploaded malware - file update.exe, reference = VT Research QA, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 6d805533623d7063241620eec38b7eb9b625533ccadeaf4f6c2cc6db32711541 |
Source: 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Malware_QA_update date = 2016-08-29, hash2 = 6415b45f5bae6429dd5d92d6cae46e8a704873b7090853e68e80cd179058903e, author = Florian Roth, description = VT Research QA uploaded malware - file update.exe, reference = VT Research QA, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 6d805533623d7063241620eec38b7eb9b625533ccadeaf4f6c2cc6db32711541 |
Source: 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: 00000003.00000002.592032143.000000000238A000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: Process Memory Space: cvcvsdf.exe PID: 4820, type: MEMORY |
Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: Process Memory Space: cvcvsdf.exe PID: 4820, type: MEMORY |
Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: Process Memory Space: cvcvsdf.exe PID: 4820, type: MEMORY |
Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: Process Memory Space: cvcvsdf.exe PID: 4820, type: MEMORY |
Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: Process Memory Space: cvcvsdf.exe PID: 7148, type: MEMORY |
Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: Process Memory Space: cvcvsdf.exe PID: 7148, type: MEMORY |
Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: Process Memory Space: cvcvsdf.exe PID: 7148, type: MEMORY |
Matched rule: DarkComet_2 date = 2013-01-12, filetype = memory, author = Jean-Philippe Teissier / @Jipe_, description = DarkComet, version = 1.0 |
Source: Process Memory Space: cvcvsdf.exe PID: 7148, type: MEMORY |
Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: 8.2.cvcvsdf.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Malware_QA_update date = 2016-08-29, hash2 = 6415b45f5bae6429dd5d92d6cae46e8a704873b7090853e68e80cd179058903e, author = Florian Roth, description = VT Research QA uploaded malware - file update.exe, reference = VT Research QA, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 6d805533623d7063241620eec38b7eb9b625533ccadeaf4f6c2cc6db32711541 |
Source: 8.2.cvcvsdf.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: 8.2.cvcvsdf.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: 8.2.cvcvsdf.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: 8.2.cvcvsdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Malware_QA_update date = 2016-08-29, hash2 = 6415b45f5bae6429dd5d92d6cae46e8a704873b7090853e68e80cd179058903e, author = Florian Roth, description = VT Research QA uploaded malware - file update.exe, reference = VT Research QA, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 6d805533623d7063241620eec38b7eb9b625533ccadeaf4f6c2cc6db32711541 |
Source: 8.2.cvcvsdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: 8.2.cvcvsdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: 8.2.cvcvsdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: 3.2.cvcvsdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Malware_QA_update date = 2016-08-29, hash2 = 6415b45f5bae6429dd5d92d6cae46e8a704873b7090853e68e80cd179058903e, author = Florian Roth, description = VT Research QA uploaded malware - file update.exe, reference = VT Research QA, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 6d805533623d7063241620eec38b7eb9b625533ccadeaf4f6c2cc6db32711541 |
Source: 3.2.cvcvsdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: 3.2.cvcvsdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: 3.2.cvcvsdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: 3.2.cvcvsdf.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Malware_QA_update date = 2016-08-29, hash2 = 6415b45f5bae6429dd5d92d6cae46e8a704873b7090853e68e80cd179058903e, author = Florian Roth, description = VT Research QA uploaded malware - file update.exe, reference = VT Research QA, license = https://creativecommons.org/licenses/by-nc/4.0/, score = 6d805533623d7063241620eec38b7eb9b625533ccadeaf4f6c2cc6db32711541 |
Source: 3.2.cvcvsdf.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: RAT_DarkComet date = 01.04.2014, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, description = Detects DarkComet RAT, reference = http://malwareconfig.com/stats/DarkComet |
Source: 3.2.cvcvsdf.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: DarkComet_1 author = botherder https://github.com/botherder, description = DarkComet RAT |
Source: 3.2.cvcvsdf.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: DarkComet_3 date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/DarkComet |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0042EB3C LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
3_2_0042EB3C |
Source: C:\Users\user\Desktop\Payment Confirmation.exe |
Code function: 0_2_00403140 push cs; retf |
0_2_00403144 |
Source: C:\Users\user\Desktop\Payment Confirmation.exe |
Code function: 0_2_00403B78 push cs; retf |
0_2_00403B7C |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_004186D8 push ecx; mov dword ptr [esp], edx |
3_2_004186DD |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_004041D0 push eax; ret |
3_2_0040420C |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0042E1F0 push 0042E21Ch; ret |
3_2_0042E214 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0042225C push 0042229Fh; ret |
3_2_00422297 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0044A278 push ecx; mov dword ptr [esp], edx |
3_2_0044A27C |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_004302E8 push 00430348h; ret |
3_2_00430340 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0041639A push 00416412h; ret |
3_2_0041640A |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0041639C push 00416412h; ret |
3_2_0041640A |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_004324A8 push 004324F4h; ret |
3_2_004324EC |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0045E4B4 push 0045E4E0h; ret |
3_2_0045E4D8 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0044A51C push ecx; mov dword ptr [esp], edx |
3_2_0044A520 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0042C598 push 0042C615h; ret |
3_2_0042C60D |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00430634 push 00430660h; ret |
3_2_00430658 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00408724 push 00408766h; ret |
3_2_0040875E |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0045E7A4 push ecx; mov dword ptr [esp], eax |
3_2_0045E7A9 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0041086C push 00410898h; ret |
3_2_00410890 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0044A818 push 0044A844h; ret |
3_2_0044A83C |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00418934 push ecx; mov dword ptr [esp], edx |
3_2_00418939 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00418A54 push ecx; mov dword ptr [esp], edx |
3_2_00418A59 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00418A98 push ecx; mov dword ptr [esp], edx |
3_2_00418A9D |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00420B54 push 00420BFFh; ret |
3_2_00420BF7 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00430C7C push 00430CD6h; ret |
3_2_00430CCE |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00462C08 push 00462F34h; ret |
3_2_00462F2C |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00416D54 push 00416DA1h; ret |
3_2_00416D99 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0047EE4C push 0047EEE8h; ret |
3_2_0047EEE0 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00420E54 push 00420E97h; ret |
3_2_00420E8F |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00438F0C push 00438F77h; ret |
3_2_00438F6F |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_004670F8 push 00467130h; ret |
3_2_00467128 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0042B278 push 0042B348h; ret |
3_2_0042B340 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0045843C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient, |
3_2_0045843C |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0043B134 IsIconic, |
3_2_0043B134 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_004571F8 IsIconic,GetCapture, |
3_2_004571F8 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0043B1B0 GetWindowLongA,IsIconic,IsWindowVisible,ShowWindow,SetWindowLongA,SetWindowLongA,ShowWindow,ShowWindow, |
3_2_0043B1B0 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_00457B00 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement, |
3_2_00457B00 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0042DCA8 IsIconic,GetWindowPlacement,GetWindowRect, |
3_2_0042DCA8 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0042EB3C LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
3_2_0042EB3C |
Source: C:\Users\user\Desktop\Payment Confirmation.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment Confirmation.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Payment Confirmation.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: 3_2_0042EB3C LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
3_2_0042EB3C |
Source: cvcvsdf.exe, cvcvsdf.exe, 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: cvcvsdf.exe, cvcvsdf.exe, 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp |
Binary or memory string: Progman |
Source: cvcvsdf.exe, 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, cvcvsdf.exe, 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp |
Binary or memory string: Progmanjh@OFjj |
Source: cvcvsdf.exe, 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, cvcvsdf.exe, 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp |
Binary or memory string: Shell_TrayWndjjh |
Source: cvcvsdf.exe, 00000003.00000002.591760385.0000000000E50000.00000002.00000001.sdmp |
Binary or memory string: &Program Manager |
Source: cvcvsdf.exe, 00000003.00000002.591760385.0000000000E50000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |
Source: cvcvsdf.exe, 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, cvcvsdf.exe, 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp |
Binary or memory string: Shell_traywndTrayNotifyWndjhXNF |
Source: cvcvsdf.exe, 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, cvcvsdf.exe, 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp |
Binary or memory string: Shell_traywndTrayNotifyWndjh |
Source: cvcvsdf.exe, 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, cvcvsdf.exe, 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp |
Binary or memory string: ProgmanU |
Source: cvcvsdf.exe, 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, cvcvsdf.exe, 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp |
Binary or memory string: Shell_traywndTrayNotifyWndTrayClockWClassjh |
Source: cvcvsdf.exe, 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, cvcvsdf.exe, 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp |
Binary or memory string: ButtonShell_TrayWndj |
Source: cvcvsdf.exe, 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, cvcvsdf.exe, 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp |
Binary or memory string: Shell_traywndReBarWindow32jh |
Source: cvcvsdf.exe, cvcvsdf.exe, 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp |
Binary or memory string: Shell_traywnd |
Source: cvcvsdf.exe, 00000003.00000002.590959377.0000000000400000.00000040.00000001.sdmp, cvcvsdf.exe, 00000008.00000002.365956885.0000000000400000.00000040.00000001.sdmp |
Binary or memory string: Shell_TrayWndPjjh |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA, |
3_2_00406D1C |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA, |
3_2_00406E28 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: GetLocaleInfoA, |
3_2_0040D33C |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvcvsdf.exe |
Code function: GetLocaleInfoA, |
3_2_0040D388 |