Source: ciscovideoguard.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: ciscovideoguard.exe |
Static PE information: certificate valid |
Source: ciscovideoguard.exe |
Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: ciscovideoguard.exe |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: ciscovideoguard.exe |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: ciscovideoguard.exe |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: ciscovideoguard.exe |
String found in binary or memory: http://s2.symcb.com0 |
Source: ciscovideoguard.exe |
String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: ciscovideoguard.exe |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: ciscovideoguard.exe |
String found in binary or memory: http://sv.symcd.com0& |
Source: ciscovideoguard.exe |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: ciscovideoguard.exe |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: ciscovideoguard.exe |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: ciscovideoguard.exe |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: ciscovideoguard.exe |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: ciscovideoguard.exe |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: ciscovideoguard.exe |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: ciscovideoguard.exe, 00000001.00000002.645433477.0000000000BEA000.00000004.00000020.sdmp |
Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/> |
|
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: 1_2_0096380A |
1_2_0096380A |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: 1_2_0095848E |
1_2_0095848E |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: 1_2_00952C60 |
1_2_00952C60 |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: 1_2_0095E538 |
1_2_0095E538 |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Section loaded: pcshowserver.dll |
Jump to behavior |
Source: ciscovideoguard.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: classification engine |
Classification label: clean5.winEXE@2/0@0/0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4824:120:WilError_01 |
Source: ciscovideoguard.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\ciscovideoguard.exe 'C:\Users\user\Desktop\ciscovideoguard.exe' |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: ciscovideoguard.exe |
Static PE information: certificate valid |
Source: ciscovideoguard.exe |
Static file information: File size 1074416 > 1048576 |
Source: ciscovideoguard.exe |
Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: 1_2_009541BB push ecx; ret |
1_2_009541CE |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: 1_2_0095BF15 push ecx; ret |
1_2_0095BF28 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: 1_2_008F2880 GetSystemInfo, |
1_2_008F2880 |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: 1_2_0095C0BF _memset,IsDebuggerPresent, |
1_2_0095C0BF |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: 1_2_009660CC EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, |
1_2_009660CC |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: 1_2_0090D1D0 GetProcessHeap,HeapAlloc,std::exception::exception, |
1_2_0090D1D0 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: 1_2_009566AE SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
1_2_009566AE |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: 1_2_008F28A0 TlsAlloc,GetLastError,TlsAlloc,GetLastError,InitializeSecurityDescriptor,SetSecurityDescriptorDacl, |
1_2_008F28A0 |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: GetLocaleInfoW, |
1_2_0095B898 |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s, |
1_2_009710CB |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: EnumSystemLocalesW, |
1_2_0095B812 |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW, |
1_2_0097085B |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: EnumSystemLocalesW, |
1_2_00970ACF |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: _GetPrimaryLen,EnumSystemLocalesW, |
1_2_00970BA8 |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: _GetPrimaryLen,EnumSystemLocalesW, |
1_2_00970B2B |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP, |
1_2_00970F4A |
Source: C:\Users\user\Desktop\ciscovideoguard.exe |
Code function: 1_2_00902500 GetSystemTimeAsFileTime,__aulldiv,__aulldiv, |
1_2_00902500 |