Play interactive tour

Edit tour

Analysis Report SecuriteInfo.com.Trojan.Packed2.42850.4964.3326

Overview

General Information

Sample Name:	SecuriteInfo.com.Trojan.Packed2.42850.4964.3326 (renamed file extension from 3326 to exe)
Analysis ID:	356696
MD5:	2201881c6cc2de12c71f906e43178ef9
SHA1:	2b494db5e52b74df25ff068d0d2a3295aae4f658
SHA256:	945ebbaf8c08902ed75eb98f5cabd2dbd88708c1aac37a35762db091c1ce0476
Infos:
Most interesting Screenshot:

Detection

FormBook

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected FormBook

C2 URLs / IPs found in malware configuration

Injects a PE file into a foreign processes

Tries to detect virtualization through RDTSC time measurements

Antivirus or Machine Learning detection for unpacked file

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Startup

System is w10x64

SecuriteInfo.com.Trojan.Packed2.42850.4964.exe (PID: 6984 cmdline: 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe' MD5: 2201881C6CC2DE12C71F906E43178EF9)

SecuriteInfo.com.Trojan.Packed2.42850.4964.exe (PID: 2088 cmdline: {path} MD5: 2201881C6CC2DE12C71F906E43178EF9)

cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.aone223.com/67d/"], "decoy": ["initiationportal.com", "priority1fleet.com", "xn--c1abvlc0ba.xn--p1acf", "foto-golyh-devushek.com", "losangeles-nightlife.com", "mynewbandname.com", "iaiibhzsbw.net", "allwest-originals.com", "peakofgoodlife.com", "traeespana.com", "prizotinstagram.online", "powerd.net", "rutharroyo.com", "spreadtheaimee.com", "tomleefamily.com", "workingcompass.net", "quallateematerial.com", "davizion.com", "ashleeramdanfit.com", "gamers-evolution.com", "bohrabiz.com", "twigandbloomfloral.com", "nhdpartners.com", "wakedcma.com", "algulotomotiv.com", "kocaelikiralikvinc.com", "listenupfoundation.net", "studiozetamilano.com", "luckybluebird.net", "xigo100.com", "hattonpalacejewellery.com", "bolsasmariabonita.com", "didierjammet.com", "wndslve.com", "wiprideinc.com", "aktiv.plus", "americanseniorcarecorp.com", "calmbears.com", "gearsevenfitness.com", "naigves.com", "stremate.webcam", "awakenedbyowls.com", "pelican-foot.com", "t-c-o-t-c.com", "disinfectingcinci.com", "buyrealestatewithchris.com", "g-grid.net", "dodadungthongminh.asia", "prospect300.com", "rjutilities.com", "mylegalmavens.com", "talalmando.com", "localheroes.space", "writinglover.site", "brink100.com", "bim3dstudio.com", "absak-lab1.net", "torontodo.com", "repwebtools.com", "films4christians.com", "raptorroofingcompany.com", "lrrestoration.com", "zhongqinglvyou.com", "jangabeach.com"]}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x183f9:$sqlite3step: 68 34 1C 7B E1 0x1850c:$sqlite3step: 68 34 1C 7B E1 0x18428:$sqlite3text: 68 38 2A 90 C5 0x1854d:$sqlite3text: 68 38 2A 90 C5 0x1843b:$sqlite3blob: 68 53 D8 7F 8C 0x18563:$sqlite3blob: 68 53 D8 7F 8C
00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x13a6f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x13a962:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x166d18:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x166f82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x146485:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x172aa5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x145f71:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x172591:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x146587:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x172ba7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1466ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x172d1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x13b37a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x16799a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1451ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x17180c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x13c073:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x168693:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x14c127:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x178747:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x14d12a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x149209:$sqlite3step: 68 34 1C 7B E1 0x14931c:$sqlite3step: 68 34 1C 7B E1 0x175829:$sqlite3step: 68 34 1C 7B E1 0x17593c:$sqlite3step: 68 34 1C 7B E1 0x149238:$sqlite3text: 68 38 2A 90 C5 0x14935d:$sqlite3text: 68 38 2A 90 C5 0x175858:$sqlite3text: 68 38 2A 90 C5 0x17597d:$sqlite3text: 68 38 2A 90 C5 0x14924b:$sqlite3blob: 68 53 D8 7F 8C 0x149373:$sqlite3blob: 68 53 D8 7F 8C 0x17586b:$sqlite3blob: 68 53 D8 7F 8C 0x175993:$sqlite3blob: 68 53 D8 7F 8C
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x183f9:$sqlite3step: 68 34 1C 7B E1 0x1850c:$sqlite3step: 68 34 1C 7B E1 0x18428:$sqlite3text: 68 38 2A 90 C5 0x1854d:$sqlite3text: 68 38 2A 90 C5 0x1843b:$sqlite3blob: 68 53 D8 7F 8C 0x18563:$sqlite3blob: 68 53 D8 7F 8C
5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x175f9:$sqlite3step: 68 34 1C 7B E1 0x1770c:$sqlite3step: 68 34 1C 7B E1 0x17628:$sqlite3text: 68 38 2A 90 C5 0x1774d:$sqlite3text: 68 38 2A 90 C5 0x1763b:$sqlite3blob: 68 53 D8 7F 8C 0x17763:$sqlite3blob: 68 53 D8 7F 8C
0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0xec198:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0xec402:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x1187b8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x118a22:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0xf7f25:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x124545:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0xf7a11:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x124031:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0xf8027:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x124647:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0xf819f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x1247bf:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xece1a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x11943a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0xf6c8c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x1232ac:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xedb13:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x11a133:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0xfdbc7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x12a1e7:$sequence_8: 3C 54 74 04 3C 74 75 F4 0xfebca:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0xfaca9:$sqlite3step: 68 34 1C 7B E1 0xfadbc:$sqlite3step: 68 34 1C 7B E1 0x1272c9:$sqlite3step: 68 34 1C 7B E1 0x1273dc:$sqlite3step: 68 34 1C 7B E1 0xfacd8:$sqlite3text: 68 38 2A 90 C5 0xfadfd:$sqlite3text: 68 38 2A 90 C5 0x1272f8:$sqlite3text: 68 38 2A 90 C5 0x12741d:$sqlite3text: 68 38 2A 90 C5 0xfaceb:$sqlite3blob: 68 53 D8 7F 8C 0xfae13:$sqlite3blob: 68 53 D8 7F 8C 0x12730b:$sqlite3blob: 68 53 D8 7F 8C 0x127433:$sqlite3blob: 68 53 D8 7F 8C
Click to see the 4 entries

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack

Malware Configuration Extractor: FormBook {"C2 list": ["www.aone223.com/67d/"], "decoy": ["initiationportal.com", "priority1fleet.com", "xn--c1abvlc0ba.xn--p1acf", "foto-golyh-devushek.com", "losangeles-nightlife.com", "mynewbandname.com", "iaiibhzsbw.net", "allwest-originals.com", "peakofgoodlife.com", "traeespana.com", "prizotinstagram.online", "powerd.net", "rutharroyo.com", "spreadtheaimee.com", "tomleefamily.com", "workingcompass.net", "quallateematerial.com", "davizion.com", "ashleeramdanfit.com", "gamers-evolution.com", "bohrabiz.com", "twigandbloomfloral.com", "nhdpartners.com", "wakedcma.com", "algulotomotiv.com", "kocaelikiralikvinc.com", "listenupfoundation.net", "studiozetamilano.com", "luckybluebird.net", "xigo100.com", "hattonpalacejewellery.com", "bolsasmariabonita.com", "didierjammet.com", "wndslve.com", "wiprideinc.com", "aktiv.plus", "americanseniorcarecorp.com", "calmbears.com", "gearsevenfitness.com", "naigves.com", "stremate.webcam", "awakenedbyowls.com", "pelican-foot.com", "t-c-o-t-c.com", "disinfectingcinci.com", "buyrealestatewithchris.com", "g-grid.net", "dodadungthongminh.asia", "prospect300.com", "rjutilities.com", "mylegalmavens.com", "talalmando.com", "localheroes.space", "writinglover.site", "brink100.com", "bim3dstudio.com", "absak-lab1.net", "torontodo.com", "repwebtools.com", "films4christians.com", "raptorroofingcompany.com", "lrrestoration.com", "zhongqinglvyou.com", "jangabeach.com"]}

Multi AV Scanner detection for domain / URL

Show sources

Source: www.aone223.com/67d/

Virustotal: Detection: 6%

Perma Link

Multi AV Scanner detection for submitted file

Show sources

Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Virustotal: Detection: 19%			Perma Link
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	ReversingLabs: Detection: 25%

Yara detected FormBook

Show sources

Source: Yara match	File source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPE

Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack

Avira: Label: TR/Crypt.ZPACK.Gen

Compliance:

Uses 32bit PE files

Show sources

Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Contains modern PE file flags such as dynamic base (ASLR) or NX

Show sources

Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Binary contains paths to debug symbols

Show sources

Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000005.00000002.697724037.00000000012AF000.00000040.00000001.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Software Vulnerabilities:

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 4x nop then pop esi		5_2_004172D3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 4x nop then pop edi		5_2_00416C8C

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: www.aone223.com/67d/

Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	String found in binary or memory: http://code.google.com/feeds/p/topicalmemorysystem/downloads/basic.xml
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	String found in binary or memory: http://code.google.com/p/topicalmemorysystem/
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	String found in binary or memory: http://topicalmemorysystem.googlecode.com/files/
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	String found in binary or memory: http://www.biblegateway.com/passage/?search=
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	String found in binary or memory: http://www.biblija.net/biblija.cgi?m=
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	String found in binary or memory: http://www.blueletterbible.org/Bible.cfm?b=
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	String found in binary or memory: http://www.esvstudybible.org/search?q=
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	String found in binary or memory: http://www.esvstudybible.org/search?q=Whttp://www.blueletterbible.org/Bible.cfm?b=
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.695420401.00000000012AB000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected FormBook

Show sources

Source: Yara match	File source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPE

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00419D50 NtCreateFile,	5_2_00419D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00419E00 NtReadFile,	5_2_00419E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00419E80 NtClose,	5_2_00419E80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00419F30 NtAllocateVirtualMemory,	5_2_00419F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00419D4A NtCreateFile,	5_2_00419D4A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00419DFA NtReadFile,	5_2_00419DFA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00419E4B NtReadFile,	5_2_00419E4B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00419E7A NtClose,	5_2_00419E7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00419F2B NtAllocateVirtualMemory,	5_2_00419F2B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9860 NtQuerySystemInformation,LdrInitializeThunk,	5_2_011F9860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9660 NtAllocateVirtualMemory,LdrInitializeThunk,	5_2_011F9660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F96E0 NtFreeVirtualMemory,LdrInitializeThunk,	5_2_011F96E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9910 NtAdjustPrivilegesToken,	5_2_011F9910
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9950 NtQueueApcThread,	5_2_011F9950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F99A0 NtCreateSection,	5_2_011F99A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F99D0 NtCreateProcessEx,	5_2_011F99D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9820 NtEnumerateKey,	5_2_011F9820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011FB040 NtSuspendThread,	5_2_011FB040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9840 NtDelayExecution,	5_2_011F9840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F98A0 NtWriteVirtualMemory,	5_2_011F98A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F98F0 NtReadVirtualMemory,	5_2_011F98F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9B00 NtSetValueKey,	5_2_011F9B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011FA3B0 NtGetContextThread,	5_2_011FA3B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9A10 NtQuerySection,	5_2_011F9A10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9A00 NtProtectVirtualMemory,	5_2_011F9A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9A20 NtResumeThread,	5_2_011F9A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9A50 NtCreateFile,	5_2_011F9A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9A80 NtOpenDirectoryObject,	5_2_011F9A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011FAD30 NtSetContextThread,	5_2_011FAD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9520 NtWaitForSingleObject,	5_2_011F9520
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9540 NtReadFile,	5_2_011F9540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9560 NtWriteFile,	5_2_011F9560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F95D0 NtClose,	5_2_011F95D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F95F0 NtQueryInformationFile,	5_2_011F95F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9710 NtQueryInformationToken,	5_2_011F9710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011FA710 NtOpenProcessToken,	5_2_011FA710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9730 NtQueryVirtualMemory,	5_2_011F9730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011FA770 NtOpenThread,	5_2_011FA770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9770 NtSetInformationFile,	5_2_011F9770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9760 NtOpenProcess,	5_2_011F9760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9780 NtMapViewOfSection,	5_2_011F9780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F97A0 NtUnmapViewOfSection,	5_2_011F97A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9FE0 NtCreateMutant,	5_2_011F9FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9610 NtEnumerateValueKey,	5_2_011F9610
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9650 NtQueryValueKey,	5_2_011F9650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F9670 NtQueryInformationProcess,	5_2_011F9670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F96D0 NtCreateKey,	5_2_011F96D0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 0_2_0157D20C	0_2_0157D20C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 0_2_0157F2D0	0_2_0157F2D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 0_2_0157F2C0	0_2_0157F2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00401030	5_2_00401030
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0041E038	5_2_0041E038
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0041D1B2	5_2_0041D1B2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_004012FC	5_2_004012FC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0041E2A2	5_2_0041E2A2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00402D90	5_2_00402D90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00409E2C	5_2_00409E2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00409E30	5_2_00409E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0041E7AC	5_2_0041E7AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00402FB0	5_2_00402FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011BF900	5_2_011BF900
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D4120	5_2_011D4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D2990	5_2_011D2990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D99BF	5_2_011D99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CC1C0	5_2_011CC1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E701D	5_2_011E701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0128E824	5_2_0128E824
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B6800	5_2_011B6800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01271002	5_2_01271002
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA830	5_2_011DA830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012820A8	5_2_012820A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CB090	5_2_011CB090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E20A0	5_2_011E20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012828EC	5_2_012828EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012760F5	5_2_012760F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B88E0	5_2_011B88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01282B28	5_2_01282B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127231B	5_2_0127231B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DAB40	5_2_011DAB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0125CB4F	5_2_0125CB4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D3360	5_2_011D3360
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DEB9A	5_2_011DEB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E138B	5_2_011E138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011EEBB0	5_2_011EEBB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0125EB8A	5_2_0125EB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012623E3	5_2_012623E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011EABD8	5_2_011EABD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01208BE8	5_2_01208BE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127DBD2	5_2_0127DBD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012703DA	5_2_012703DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0126FA2B	5_2_0126FA2B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DB236	5_2_011DB236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01275A4F	5_2_01275A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012832A9	5_2_012832A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012822AE	5_2_012822AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274AEF	5_2_01274AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127E2C5	5_2_0127E2C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01282D07	5_2_01282D07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B0D20	5_2_011B0D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D2D50	5_2_011D2D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01281D55	5_2_01281D55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E2581	5_2_011E2581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01272D82	5_2_01272D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E65A0	5_2_011E65A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012825DD	5_2_012825DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CD5E0	5_2_011CD5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C841F	5_2_011C841F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D2430	5_2_011D2430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127D466	5_2_0127D466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127CC77	5_2_0127CC77
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DB477	5_2_011DB477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274496	5_2_01274496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E4CD4	5_2_011E4CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012767E2	5_2_012767E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01281FF1	5_2_01281FF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0128DFCE	5_2_0128DFCE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D5600	5_2_011D5600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D6E30	5_2_011D6E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127D616	5_2_0127D616
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0123AE60	5_2_0123AE60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01261EB6	5_2_01261EB6

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: String function: 011BB150 appears 174 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: String function: 01245720 appears 85 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: String function: 0120D08C appears 47 times

Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.695420401.00000000012AB000.00000004.00000020.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.695000293.0000000000B32000.00000002.00020000.sdmp	Binary or memory string: OriginalFilename+ vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.702089593.0000000008DC0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemscorrc.dllT vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000005.00000002.698216795.000000000143F000.00000040.00000001.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000005.00000002.696595806.00000000006E2000.00000002.00020000.sdmp	Binary or memory string: OriginalFilename+ vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Binary or memory string: OriginalFilename+ vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research

Source: classification engine

Classification label: mal92.troj.evad.winEXE@3/1@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.log

Jump to behavior

Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Virustotal: Detection: 19%
Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	ReversingLabs: Detection: 25%

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe'
Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe {path}
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe {path}	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000005.00000002.697724037.00000000012AF000.00000040.00000001.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Data Obfuscation:

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_004168C9 push edi; ret	5_2_00416941
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00416927 push edi; ret	5_2_00416941
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00413A69 push ecx; ret	5_2_00413A6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0041CEF2 push eax; ret	5_2_0041CEF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0041CEFB push eax; ret	5_2_0041CF62
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0041CEA5 push eax; ret	5_2_0041CEF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0041CF5C push eax; ret	5_2_0041CF62
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_00416786 push ecx; retf	5_2_00416798
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0120D0D1 push ecx; ret	5_2_0120D0E4

Hooking and other Techniques for Hiding and Protection:

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	RDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	RDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Code function: 5_2_00409A80 rdtsc

5_2_00409A80

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe TID: 7004

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Code function: 5_2_00409A80 rdtsc

5_2_00409A80

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe

Code function: 5_2_011F9860 NtQuerySystemInformation,LdrInitializeThunk,

5_2_011F9860

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B9100 mov eax, dword ptr fs:[00000030h]	5_2_011B9100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B9100 mov eax, dword ptr fs:[00000030h]	5_2_011B9100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B9100 mov eax, dword ptr fs:[00000030h]	5_2_011B9100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C0100 mov eax, dword ptr fs:[00000030h]	5_2_011C0100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C0100 mov eax, dword ptr fs:[00000030h]	5_2_011C0100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C0100 mov eax, dword ptr fs:[00000030h]	5_2_011C0100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B3138 mov ecx, dword ptr fs:[00000030h]	5_2_011B3138
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E513A mov eax, dword ptr fs:[00000030h]	5_2_011E513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E513A mov eax, dword ptr fs:[00000030h]	5_2_011E513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D4120 mov eax, dword ptr fs:[00000030h]	5_2_011D4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D4120 mov eax, dword ptr fs:[00000030h]	5_2_011D4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D4120 mov eax, dword ptr fs:[00000030h]	5_2_011D4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D4120 mov eax, dword ptr fs:[00000030h]	5_2_011D4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D4120 mov ecx, dword ptr fs:[00000030h]	5_2_011D4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127E962 mov eax, dword ptr fs:[00000030h]	5_2_0127E962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B395E mov eax, dword ptr fs:[00000030h]	5_2_011B395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B395E mov eax, dword ptr fs:[00000030h]	5_2_011B395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01288966 mov eax, dword ptr fs:[00000030h]	5_2_01288966
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DB944 mov eax, dword ptr fs:[00000030h]	5_2_011DB944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DB944 mov eax, dword ptr fs:[00000030h]	5_2_011DB944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011BB171 mov eax, dword ptr fs:[00000030h]	5_2_011BB171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011BB171 mov eax, dword ptr fs:[00000030h]	5_2_011BB171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01271951 mov eax, dword ptr fs:[00000030h]	5_2_01271951
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011BC962 mov eax, dword ptr fs:[00000030h]	5_2_011BC962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012749A4 mov eax, dword ptr fs:[00000030h]	5_2_012749A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012749A4 mov eax, dword ptr fs:[00000030h]	5_2_012749A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012749A4 mov eax, dword ptr fs:[00000030h]	5_2_012749A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012749A4 mov eax, dword ptr fs:[00000030h]	5_2_012749A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012369A6 mov eax, dword ptr fs:[00000030h]	5_2_012369A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B519E mov eax, dword ptr fs:[00000030h]	5_2_011B519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B519E mov ecx, dword ptr fs:[00000030h]	5_2_011B519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B8190 mov ecx, dword ptr fs:[00000030h]	5_2_011B8190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E2990 mov eax, dword ptr fs:[00000030h]	5_2_011E2990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E4190 mov eax, dword ptr fs:[00000030h]	5_2_011E4190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011EA185 mov eax, dword ptr fs:[00000030h]	5_2_011EA185
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012351BE mov eax, dword ptr fs:[00000030h]	5_2_012351BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012351BE mov eax, dword ptr fs:[00000030h]	5_2_012351BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012351BE mov eax, dword ptr fs:[00000030h]	5_2_012351BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012351BE mov eax, dword ptr fs:[00000030h]	5_2_012351BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0128F1B5 mov eax, dword ptr fs:[00000030h]	5_2_0128F1B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0128F1B5 mov eax, dword ptr fs:[00000030h]	5_2_0128F1B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DC182 mov eax, dword ptr fs:[00000030h]	5_2_011DC182
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011EC9BF mov eax, dword ptr fs:[00000030h]	5_2_011EC9BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011EC9BF mov eax, dword ptr fs:[00000030h]	5_2_011EC9BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]	5_2_011D99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]	5_2_011D99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D99BF mov eax, dword ptr fs:[00000030h]	5_2_011D99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]	5_2_011D99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]	5_2_011D99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D99BF mov eax, dword ptr fs:[00000030h]	5_2_011D99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]	5_2_011D99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]	5_2_011D99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D99BF mov eax, dword ptr fs:[00000030h]	5_2_011D99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]	5_2_011D99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]	5_2_011D99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D99BF mov eax, dword ptr fs:[00000030h]	5_2_011D99BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E99BC mov eax, dword ptr fs:[00000030h]	5_2_011E99BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127A189 mov eax, dword ptr fs:[00000030h]	5_2_0127A189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127A189 mov ecx, dword ptr fs:[00000030h]	5_2_0127A189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C61A7 mov eax, dword ptr fs:[00000030h]	5_2_011C61A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C61A7 mov eax, dword ptr fs:[00000030h]	5_2_011C61A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C61A7 mov eax, dword ptr fs:[00000030h]	5_2_011C61A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C61A7 mov eax, dword ptr fs:[00000030h]	5_2_011C61A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E61A0 mov eax, dword ptr fs:[00000030h]	5_2_011E61A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E61A0 mov eax, dword ptr fs:[00000030h]	5_2_011E61A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012441E8 mov eax, dword ptr fs:[00000030h]	5_2_012441E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012889E7 mov eax, dword ptr fs:[00000030h]	5_2_012889E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C99C7 mov eax, dword ptr fs:[00000030h]	5_2_011C99C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C99C7 mov eax, dword ptr fs:[00000030h]	5_2_011C99C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C99C7 mov eax, dword ptr fs:[00000030h]	5_2_011C99C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C99C7 mov eax, dword ptr fs:[00000030h]	5_2_011C99C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CC1C0 mov eax, dword ptr fs:[00000030h]	5_2_011CC1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DD1EF mov eax, dword ptr fs:[00000030h]	5_2_011DD1EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011BB1E1 mov eax, dword ptr fs:[00000030h]	5_2_011BB1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011BB1E1 mov eax, dword ptr fs:[00000030h]	5_2_011BB1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011BB1E1 mov eax, dword ptr fs:[00000030h]	5_2_011BB1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B31E0 mov eax, dword ptr fs:[00000030h]	5_2_011B31E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]	5_2_012731DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]	5_2_012731DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]	5_2_012731DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]	5_2_012731DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]	5_2_012731DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]	5_2_012731DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]	5_2_012731DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012731DC mov ecx, dword ptr fs:[00000030h]	5_2_012731DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012731DC mov ecx, dword ptr fs:[00000030h]	5_2_012731DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]	5_2_012731DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]	5_2_012731DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]	5_2_012731DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]	5_2_012731DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]	5_2_011E701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]	5_2_011E701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]	5_2_011E701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]	5_2_011E701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]	5_2_011E701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]	5_2_011E701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B6800 mov eax, dword ptr fs:[00000030h]	5_2_011B6800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B6800 mov eax, dword ptr fs:[00000030h]	5_2_011B6800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B6800 mov eax, dword ptr fs:[00000030h]	5_2_011B6800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA830 mov eax, dword ptr fs:[00000030h]	5_2_011DA830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA830 mov eax, dword ptr fs:[00000030h]	5_2_011DA830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA830 mov eax, dword ptr fs:[00000030h]	5_2_011DA830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA830 mov eax, dword ptr fs:[00000030h]	5_2_011DA830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E002D mov eax, dword ptr fs:[00000030h]	5_2_011E002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E002D mov eax, dword ptr fs:[00000030h]	5_2_011E002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E002D mov eax, dword ptr fs:[00000030h]	5_2_011E002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E002D mov eax, dword ptr fs:[00000030h]	5_2_011E002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E002D mov eax, dword ptr fs:[00000030h]	5_2_011E002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01237016 mov eax, dword ptr fs:[00000030h]	5_2_01237016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01237016 mov eax, dword ptr fs:[00000030h]	5_2_01237016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01237016 mov eax, dword ptr fs:[00000030h]	5_2_01237016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CB02A mov eax, dword ptr fs:[00000030h]	5_2_011CB02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CB02A mov eax, dword ptr fs:[00000030h]	5_2_011CB02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CB02A mov eax, dword ptr fs:[00000030h]	5_2_011CB02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CB02A mov eax, dword ptr fs:[00000030h]	5_2_011CB02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01284015 mov eax, dword ptr fs:[00000030h]	5_2_01284015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01284015 mov eax, dword ptr fs:[00000030h]	5_2_01284015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E4020 mov edi, dword ptr fs:[00000030h]	5_2_011E4020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B5050 mov eax, dword ptr fs:[00000030h]	5_2_011B5050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B5050 mov eax, dword ptr fs:[00000030h]	5_2_011B5050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B5050 mov eax, dword ptr fs:[00000030h]	5_2_011B5050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B7057 mov eax, dword ptr fs:[00000030h]	5_2_011B7057
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D0050 mov eax, dword ptr fs:[00000030h]	5_2_011D0050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D0050 mov eax, dword ptr fs:[00000030h]	5_2_011D0050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01272073 mov eax, dword ptr fs:[00000030h]	5_2_01272073
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01281074 mov eax, dword ptr fs:[00000030h]	5_2_01281074
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01271843 mov eax, dword ptr fs:[00000030h]	5_2_01271843
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DF86D mov eax, dword ptr fs:[00000030h]	5_2_011DF86D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B9080 mov eax, dword ptr fs:[00000030h]	5_2_011B9080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B3880 mov eax, dword ptr fs:[00000030h]	5_2_011B3880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B3880 mov eax, dword ptr fs:[00000030h]	5_2_011B3880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011EF0BF mov ecx, dword ptr fs:[00000030h]	5_2_011EF0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011EF0BF mov eax, dword ptr fs:[00000030h]	5_2_011EF0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011EF0BF mov eax, dword ptr fs:[00000030h]	5_2_011EF0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01233884 mov eax, dword ptr fs:[00000030h]	5_2_01233884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01233884 mov eax, dword ptr fs:[00000030h]	5_2_01233884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F90AF mov eax, dword ptr fs:[00000030h]	5_2_011F90AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C28AE mov eax, dword ptr fs:[00000030h]	5_2_011C28AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C28AE mov eax, dword ptr fs:[00000030h]	5_2_011C28AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C28AE mov eax, dword ptr fs:[00000030h]	5_2_011C28AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C28AE mov ecx, dword ptr fs:[00000030h]	5_2_011C28AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C28AE mov eax, dword ptr fs:[00000030h]	5_2_011C28AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C28AE mov eax, dword ptr fs:[00000030h]	5_2_011C28AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]	5_2_011E20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]	5_2_011E20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]	5_2_011E20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]	5_2_011E20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]	5_2_011E20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]	5_2_011E20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]	5_2_011E78A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]	5_2_011E78A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]	5_2_011E78A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]	5_2_011E78A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]	5_2_011E78A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]	5_2_011E78A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]	5_2_011E78A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]	5_2_011E78A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]	5_2_011E78A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B78D6 mov eax, dword ptr fs:[00000030h]	5_2_011B78D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B78D6 mov eax, dword ptr fs:[00000030h]	5_2_011B78D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B78D6 mov ecx, dword ptr fs:[00000030h]	5_2_011B78D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012760F5 mov eax, dword ptr fs:[00000030h]	5_2_012760F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012760F5 mov eax, dword ptr fs:[00000030h]	5_2_012760F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012760F5 mov eax, dword ptr fs:[00000030h]	5_2_012760F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012760F5 mov eax, dword ptr fs:[00000030h]	5_2_012760F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B70C0 mov eax, dword ptr fs:[00000030h]	5_2_011B70C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B70C0 mov eax, dword ptr fs:[00000030h]	5_2_011B70C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127B0C7 mov eax, dword ptr fs:[00000030h]	5_2_0127B0C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127B0C7 mov eax, dword ptr fs:[00000030h]	5_2_0127B0C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C28FD mov eax, dword ptr fs:[00000030h]	5_2_011C28FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C28FD mov eax, dword ptr fs:[00000030h]	5_2_011C28FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C28FD mov eax, dword ptr fs:[00000030h]	5_2_011C28FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012718CA mov eax, dword ptr fs:[00000030h]	5_2_012718CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0124B8D0 mov eax, dword ptr fs:[00000030h]	5_2_0124B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0124B8D0 mov ecx, dword ptr fs:[00000030h]	5_2_0124B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0124B8D0 mov eax, dword ptr fs:[00000030h]	5_2_0124B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0124B8D0 mov eax, dword ptr fs:[00000030h]	5_2_0124B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0124B8D0 mov eax, dword ptr fs:[00000030h]	5_2_0124B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0124B8D0 mov eax, dword ptr fs:[00000030h]	5_2_0124B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B58EC mov eax, dword ptr fs:[00000030h]	5_2_011B58EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DB8E4 mov eax, dword ptr fs:[00000030h]	5_2_011DB8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DB8E4 mov eax, dword ptr fs:[00000030h]	5_2_011DB8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B40E1 mov eax, dword ptr fs:[00000030h]	5_2_011B40E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B40E1 mov eax, dword ptr fs:[00000030h]	5_2_011B40E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B40E1 mov eax, dword ptr fs:[00000030h]	5_2_011B40E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]	5_2_011B88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]	5_2_011B88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]	5_2_011B88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]	5_2_011B88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]	5_2_011B88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]	5_2_011B88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]	5_2_011B88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]	5_2_011DA309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127131B mov eax, dword ptr fs:[00000030h]	5_2_0127131B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01246365 mov eax, dword ptr fs:[00000030h]	5_2_01246365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01246365 mov eax, dword ptr fs:[00000030h]	5_2_01246365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01246365 mov eax, dword ptr fs:[00000030h]	5_2_01246365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011BF358 mov eax, dword ptr fs:[00000030h]	5_2_011BF358
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E3B5A mov eax, dword ptr fs:[00000030h]	5_2_011E3B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E3B5A mov eax, dword ptr fs:[00000030h]	5_2_011E3B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E3B5A mov eax, dword ptr fs:[00000030h]	5_2_011E3B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E3B5A mov eax, dword ptr fs:[00000030h]	5_2_011E3B5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011BDB40 mov eax, dword ptr fs:[00000030h]	5_2_011BDB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E3B7A mov eax, dword ptr fs:[00000030h]	5_2_011E3B7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E3B7A mov eax, dword ptr fs:[00000030h]	5_2_011E3B7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B7B70 mov eax, dword ptr fs:[00000030h]	5_2_011B7B70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CF370 mov eax, dword ptr fs:[00000030h]	5_2_011CF370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CF370 mov eax, dword ptr fs:[00000030h]	5_2_011CF370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CF370 mov eax, dword ptr fs:[00000030h]	5_2_011CF370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01288B58 mov eax, dword ptr fs:[00000030h]	5_2_01288B58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011BDB60 mov ecx, dword ptr fs:[00000030h]	5_2_011BDB60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DEB9A mov eax, dword ptr fs:[00000030h]	5_2_011DEB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DEB9A mov eax, dword ptr fs:[00000030h]	5_2_011DEB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E2397 mov eax, dword ptr fs:[00000030h]	5_2_011E2397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01285BA5 mov eax, dword ptr fs:[00000030h]	5_2_01285BA5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011EB390 mov eax, dword ptr fs:[00000030h]	5_2_011EB390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01271BA8 mov eax, dword ptr fs:[00000030h]	5_2_01271BA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B4B94 mov edi, dword ptr fs:[00000030h]	5_2_011B4B94
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C1B8F mov eax, dword ptr fs:[00000030h]	5_2_011C1B8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C1B8F mov eax, dword ptr fs:[00000030h]	5_2_011C1B8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E138B mov eax, dword ptr fs:[00000030h]	5_2_011E138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E138B mov eax, dword ptr fs:[00000030h]	5_2_011E138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E138B mov eax, dword ptr fs:[00000030h]	5_2_011E138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01289BBE mov eax, dword ptr fs:[00000030h]	5_2_01289BBE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01288BB6 mov eax, dword ptr fs:[00000030h]	5_2_01288BB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0126D380 mov ecx, dword ptr fs:[00000030h]	5_2_0126D380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127138A mov eax, dword ptr fs:[00000030h]	5_2_0127138A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0125EB8A mov ecx, dword ptr fs:[00000030h]	5_2_0125EB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0125EB8A mov eax, dword ptr fs:[00000030h]	5_2_0125EB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0125EB8A mov eax, dword ptr fs:[00000030h]	5_2_0125EB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0125EB8A mov eax, dword ptr fs:[00000030h]	5_2_0125EB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E4BAD mov eax, dword ptr fs:[00000030h]	5_2_011E4BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E4BAD mov eax, dword ptr fs:[00000030h]	5_2_011E4BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E4BAD mov eax, dword ptr fs:[00000030h]	5_2_011E4BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012623E3 mov ecx, dword ptr fs:[00000030h]	5_2_012623E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012623E3 mov ecx, dword ptr fs:[00000030h]	5_2_012623E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012623E3 mov eax, dword ptr fs:[00000030h]	5_2_012623E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E53C5 mov eax, dword ptr fs:[00000030h]	5_2_011E53C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012353CA mov eax, dword ptr fs:[00000030h]	5_2_012353CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_012353CA mov eax, dword ptr fs:[00000030h]	5_2_012353CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B1BE9 mov eax, dword ptr fs:[00000030h]	5_2_011B1BE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DDBE9 mov eax, dword ptr fs:[00000030h]	5_2_011DDBE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]	5_2_011E03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]	5_2_011E03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]	5_2_011E03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]	5_2_011E03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]	5_2_011E03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]	5_2_011E03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011D3A1C mov eax, dword ptr fs:[00000030h]	5_2_011D3A1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B5210 mov eax, dword ptr fs:[00000030h]	5_2_011B5210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B5210 mov ecx, dword ptr fs:[00000030h]	5_2_011B5210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B5210 mov eax, dword ptr fs:[00000030h]	5_2_011B5210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B5210 mov eax, dword ptr fs:[00000030h]	5_2_011B5210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011BAA16 mov eax, dword ptr fs:[00000030h]	5_2_011BAA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011BAA16 mov eax, dword ptr fs:[00000030h]	5_2_011BAA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01271229 mov eax, dword ptr fs:[00000030h]	5_2_01271229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C8A0A mov eax, dword ptr fs:[00000030h]	5_2_011C8A0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]	5_2_011CBA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]	5_2_011CBA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]	5_2_011CBA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CBA00 mov ecx, dword ptr fs:[00000030h]	5_2_011CBA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]	5_2_011CBA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]	5_2_011CBA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]	5_2_011CBA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]	5_2_011CBA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]	5_2_011CBA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]	5_2_011CBA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]	5_2_011CBA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]	5_2_011CBA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]	5_2_011CBA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]	5_2_011CBA00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B8239 mov eax, dword ptr fs:[00000030h]	5_2_011B8239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B8239 mov eax, dword ptr fs:[00000030h]	5_2_011B8239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B8239 mov eax, dword ptr fs:[00000030h]	5_2_011B8239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]	5_2_011DB236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]	5_2_011DB236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]	5_2_011DB236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]	5_2_011DB236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]	5_2_011DB236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]	5_2_011DB236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127AA16 mov eax, dword ptr fs:[00000030h]	5_2_0127AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127AA16 mov eax, dword ptr fs:[00000030h]	5_2_0127AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F4A2C mov eax, dword ptr fs:[00000030h]	5_2_011F4A2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F4A2C mov eax, dword ptr fs:[00000030h]	5_2_011F4A2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]	5_2_011DA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]	5_2_011DA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]	5_2_011DA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]	5_2_011DA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]	5_2_011DA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]	5_2_011DA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]	5_2_011DA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]	5_2_011DA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]	5_2_011DA229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B4A20 mov eax, dword ptr fs:[00000030h]	5_2_011B4A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B4A20 mov eax, dword ptr fs:[00000030h]	5_2_011B4A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0126B260 mov eax, dword ptr fs:[00000030h]	5_2_0126B260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0126B260 mov eax, dword ptr fs:[00000030h]	5_2_0126B260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01288A62 mov eax, dword ptr fs:[00000030h]	5_2_01288A62
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B9240 mov eax, dword ptr fs:[00000030h]	5_2_011B9240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B9240 mov eax, dword ptr fs:[00000030h]	5_2_011B9240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B9240 mov eax, dword ptr fs:[00000030h]	5_2_011B9240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B9240 mov eax, dword ptr fs:[00000030h]	5_2_011B9240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F927A mov eax, dword ptr fs:[00000030h]	5_2_011F927A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01275A4F mov eax, dword ptr fs:[00000030h]	5_2_01275A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01275A4F mov eax, dword ptr fs:[00000030h]	5_2_01275A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01275A4F mov eax, dword ptr fs:[00000030h]	5_2_01275A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01275A4F mov eax, dword ptr fs:[00000030h]	5_2_01275A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127EA55 mov eax, dword ptr fs:[00000030h]	5_2_0127EA55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01244257 mov eax, dword ptr fs:[00000030h]	5_2_01244257
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F5A69 mov eax, dword ptr fs:[00000030h]	5_2_011F5A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F5A69 mov eax, dword ptr fs:[00000030h]	5_2_011F5A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011F5A69 mov eax, dword ptr fs:[00000030h]	5_2_011F5A69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01271A5F mov eax, dword ptr fs:[00000030h]	5_2_01271A5F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011ED294 mov eax, dword ptr fs:[00000030h]	5_2_011ED294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011ED294 mov eax, dword ptr fs:[00000030h]	5_2_011ED294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011EDA88 mov eax, dword ptr fs:[00000030h]	5_2_011EDA88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011EDA88 mov eax, dword ptr fs:[00000030h]	5_2_011EDA88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E12BD mov esi, dword ptr fs:[00000030h]	5_2_011E12BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E12BD mov eax, dword ptr fs:[00000030h]	5_2_011E12BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E12BD mov eax, dword ptr fs:[00000030h]	5_2_011E12BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CAAB0 mov eax, dword ptr fs:[00000030h]	5_2_011CAAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011CAAB0 mov eax, dword ptr fs:[00000030h]	5_2_011CAAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011EFAB0 mov eax, dword ptr fs:[00000030h]	5_2_011EFAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B1AA0 mov eax, dword ptr fs:[00000030h]	5_2_011B1AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C62A0 mov eax, dword ptr fs:[00000030h]	5_2_011C62A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C62A0 mov eax, dword ptr fs:[00000030h]	5_2_011C62A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C62A0 mov eax, dword ptr fs:[00000030h]	5_2_011C62A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C62A0 mov eax, dword ptr fs:[00000030h]	5_2_011C62A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127129A mov eax, dword ptr fs:[00000030h]	5_2_0127129A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B52A5 mov eax, dword ptr fs:[00000030h]	5_2_011B52A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B52A5 mov eax, dword ptr fs:[00000030h]	5_2_011B52A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B52A5 mov eax, dword ptr fs:[00000030h]	5_2_011B52A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B52A5 mov eax, dword ptr fs:[00000030h]	5_2_011B52A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B52A5 mov eax, dword ptr fs:[00000030h]	5_2_011B52A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E5AA0 mov eax, dword ptr fs:[00000030h]	5_2_011E5AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E5AA0 mov eax, dword ptr fs:[00000030h]	5_2_011E5AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]	5_2_01274AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]	5_2_01274AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]	5_2_01274AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]	5_2_01274AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]	5_2_01274AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]	5_2_01274AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]	5_2_01274AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]	5_2_01274AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]	5_2_01274AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]	5_2_01274AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]	5_2_01274AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]	5_2_01274AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]	5_2_01274AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]	5_2_01274AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B12D4 mov eax, dword ptr fs:[00000030h]	5_2_011B12D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127B2E8 mov eax, dword ptr fs:[00000030h]	5_2_0127B2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127B2E8 mov eax, dword ptr fs:[00000030h]	5_2_0127B2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127B2E8 mov eax, dword ptr fs:[00000030h]	5_2_0127B2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127B2E8 mov eax, dword ptr fs:[00000030h]	5_2_0127B2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B3ACA mov eax, dword ptr fs:[00000030h]	5_2_011B3ACA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E2ACB mov eax, dword ptr fs:[00000030h]	5_2_011E2ACB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B5AC0 mov eax, dword ptr fs:[00000030h]	5_2_011B5AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B5AC0 mov eax, dword ptr fs:[00000030h]	5_2_011B5AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B5AC0 mov eax, dword ptr fs:[00000030h]	5_2_011B5AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01288ADD mov eax, dword ptr fs:[00000030h]	5_2_01288ADD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E2AE4 mov eax, dword ptr fs:[00000030h]	5_2_011E2AE4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B751A mov eax, dword ptr fs:[00000030h]	5_2_011B751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B751A mov eax, dword ptr fs:[00000030h]	5_2_011B751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B751A mov eax, dword ptr fs:[00000030h]	5_2_011B751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B751A mov eax, dword ptr fs:[00000030h]	5_2_011B751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011B9515 mov ecx, dword ptr fs:[00000030h]	5_2_011B9515
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0123A537 mov eax, dword ptr fs:[00000030h]	5_2_0123A537
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_01288D34 mov eax, dword ptr fs:[00000030h]	5_2_01288D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0127E539 mov eax, dword ptr fs:[00000030h]	5_2_0127E539
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_0125CD04 mov eax, dword ptr fs:[00000030h]	5_2_0125CD04
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E4D3B mov eax, dword ptr fs:[00000030h]	5_2_011E4D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E4D3B mov eax, dword ptr fs:[00000030h]	5_2_011E4D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011E4D3B mov eax, dword ptr fs:[00000030h]	5_2_011E4D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]	5_2_011C3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]	5_2_011C3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]	5_2_011C3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]	5_2_011C3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]	5_2_011C3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]	5_2_011C3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]	5_2_011C3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]	5_2_011C3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]	5_2_011C3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]	5_2_011C3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]	5_2_011C3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]	5_2_011C3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]	5_2_011C3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe	Code function: 5_2_011BAD30 mov eax, dword ptr fs:[00000030h]	5_2_011BAD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.428

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report SecuriteInfo.com.Trojan.Packed2.42850.4964.3326

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: FormBook

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging: