Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_023E207B CryptDuplicateHash,CryptEncrypt,CryptDestroyHash, |
1_2_023E207B |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_023E215A CryptDuplicateHash,CryptDecrypt,CryptVerifySignatureW,CryptDestroyHash, |
1_2_023E215A |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_023E1F11 CryptExportKey, |
1_2_023E1F11 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_023E1F75 CryptAcquireContextW,CryptImportKey,LocalFree,CryptReleaseContext, |
1_2_023E1F75 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_023E1F56 CryptGetHashParam, |
1_2_023E1F56 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_023E1FFC CryptGenKey,CryptCreateHash,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext, |
1_2_023E1FFC |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E7207B CryptDuplicateHash,CryptEncrypt,CryptDestroyHash, |
3_2_00E7207B |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E71FFC CryptGenKey,CryptCreateHash,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext, |
3_2_00E71FFC |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E71F75 CryptAcquireContextW,CryptDecodeObjectEx,CryptImportKey,LocalFree,CryptReleaseContext, |
3_2_00E71F75 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E71F11 CryptExportKey, |
3_2_00E71F11 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E71F56 CryptGetHashParam, |
3_2_00E71F56 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E7215A CryptDuplicateHash,CryptDecrypt,CryptVerifySignatureW,CryptDestroyHash, |
3_2_00E7215A |
Source: unknown |
TCP traffic detected without corresponding DNS query: 190.117.206.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 190.117.206.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 190.117.206.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 203.99.187.137 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 203.99.187.137 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 203.99.187.137 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 200.55.168.82 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 200.55.168.82 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 200.55.168.82 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 70.32.94.58 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 70.32.94.58 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 70.32.94.58 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 213.138.100.98 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 213.138.100.98 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 213.138.100.98 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 144.76.62.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 144.76.62.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 144.76.62.10 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 203.99.188.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 203.99.188.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 203.99.188.203 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 201.196.15.79 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 201.196.15.79 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 201.196.15.79 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_00424B11 GetKeyState,GetKeyState,GetKeyState, |
0_2_00424B11 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_0042EEC9 __EH_prolog3,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetParent,SendMessageA,_memset,ScreenToClient,_memset,GetCursorPos,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SetWindowPos,SendMessageA,_memset,SendMessageA,GetParent, |
0_2_0042EEC9 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_0040F3F3 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA, |
0_2_0040F3F3 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_0040963B SendMessageA,UpdateWindow,GetKeyState,GetKeyState,GetKeyState,GetParent,PostMessageA, |
0_2_0040963B |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_00421E22 ScreenToClient,_memset,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow, |
0_2_00421E22 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_00424B11 GetKeyState,GetKeyState,GetKeyState, |
1_2_00424B11 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_0042EEC9 __EH_prolog3,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetParent,SendMessageA,_memset,ScreenToClient,_memset,GetCursorPos,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SetWindowPos,SendMessageA,_memset,SendMessageA,GetParent, |
1_2_0042EEC9 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_0040F3F3 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA, |
1_2_0040F3F3 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_0040963B SendMessageA,UpdateWindow,GetKeyState,GetKeyState,GetKeyState,GetParent,PostMessageA, |
1_2_0040963B |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_00421E22 ScreenToClient,_memset,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow, |
1_2_00421E22 |
Source: Yara match |
File source: 00000003.00000002.911351133.0000000000E71000.00000020.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.659738344.00000000023E1000.00000020.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.659583488.00000000022F0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.911329225.0000000000E40000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.646512151.0000000002311000.00000020.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.646499888.00000000022F0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000002.658516120.0000000000E51000.00000020.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000002.658502869.0000000000E40000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 1.2.YF4dF4w2Cr.exe.22f053f.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.fwdrrebrand.exe.e4053f.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.YF4dF4w2Cr.exe.22f053f.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.YF4dF4w2Cr.exe.22f053f.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.fwdrrebrand.exe.e4053f.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.fwdrrebrand.exe.e4053f.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.YF4dF4w2Cr.exe.22f053f.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.fwdrrebrand.exe.e4053f.2.unpack, type: UNPACKEDPE |
Source: 00000003.00000002.911351133.0000000000E71000.00000020.00000001.sdmp, type: MEMORY |
Matched rule: Emotet Payload Author: kevoreilly |
Source: 00000001.00000002.659738344.00000000023E1000.00000020.00000001.sdmp, type: MEMORY |
Matched rule: Emotet Payload Author: kevoreilly |
Source: 00000001.00000002.659583488.00000000022F0000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Emotet Payload Author: kevoreilly |
Source: 00000003.00000002.911329225.0000000000E40000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Emotet Payload Author: kevoreilly |
Source: 00000000.00000002.646512151.0000000002311000.00000020.00000001.sdmp, type: MEMORY |
Matched rule: Emotet Payload Author: kevoreilly |
Source: 00000000.00000002.646499888.00000000022F0000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Emotet Payload Author: kevoreilly |
Source: 00000002.00000002.658516120.0000000000E51000.00000020.00000001.sdmp, type: MEMORY |
Matched rule: Emotet Payload Author: kevoreilly |
Source: 00000002.00000002.658502869.0000000000E40000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Emotet Payload Author: kevoreilly |
Source: 1.2.YF4dF4w2Cr.exe.22f053f.2.unpack, type: UNPACKEDPE |
Matched rule: Emotet Payload Author: kevoreilly |
Source: 2.2.fwdrrebrand.exe.e4053f.2.unpack, type: UNPACKEDPE |
Matched rule: Emotet Payload Author: kevoreilly |
Source: 1.2.YF4dF4w2Cr.exe.22f053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Emotet Payload Author: kevoreilly |
Source: 1.2.YF4dF4w2Cr.exe.22f053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Trojan_Emotet Author: ReversingLabs |
Source: 0.2.YF4dF4w2Cr.exe.22f053f.2.unpack, type: UNPACKEDPE |
Matched rule: Emotet Payload Author: kevoreilly |
Source: 3.2.fwdrrebrand.exe.e4053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Emotet Payload Author: kevoreilly |
Source: 3.2.fwdrrebrand.exe.e4053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Trojan_Emotet Author: ReversingLabs |
Source: 2.2.fwdrrebrand.exe.e4053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Emotet Payload Author: kevoreilly |
Source: 2.2.fwdrrebrand.exe.e4053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Trojan_Emotet Author: ReversingLabs |
Source: 0.2.YF4dF4w2Cr.exe.22f053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Emotet Payload Author: kevoreilly |
Source: 0.2.YF4dF4w2Cr.exe.22f053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Trojan_Emotet Author: ReversingLabs |
Source: 3.2.fwdrrebrand.exe.e4053f.2.unpack, type: UNPACKEDPE |
Matched rule: Emotet Payload Author: kevoreilly |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_004110C4 |
0_2_004110C4 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_00403470 |
0_2_00403470 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_00432286 |
0_2_00432286 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_004445DA |
0_2_004445DA |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_0043A5F0 |
0_2_0043A5F0 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_0043265A |
0_2_0043265A |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_0043C699 |
0_2_0043C699 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_004468E1 |
0_2_004468E1 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_00432A66 |
0_2_00432A66 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_00444B1E |
0_2_00444B1E |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_00432E86 |
0_2_00432E86 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_00445062 |
0_2_00445062 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_0042B39D |
0_2_0042B39D |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_0044575A |
0_2_0044575A |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_00431DB1 |
0_2_00431DB1 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_022F28C1 |
0_2_022F28C1 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_022F30E8 |
0_2_022F30E8 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_022F30E4 |
0_2_022F30E4 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_023137A5 |
0_2_023137A5 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_023137A9 |
0_2_023137A9 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_02312F82 |
0_2_02312F82 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_004110C4 |
1_2_004110C4 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_00403470 |
1_2_00403470 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_00432286 |
1_2_00432286 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_004445DA |
1_2_004445DA |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_0043A5F0 |
1_2_0043A5F0 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_0043265A |
1_2_0043265A |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_0043C699 |
1_2_0043C699 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_004468E1 |
1_2_004468E1 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_00432A66 |
1_2_00432A66 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_00444B1E |
1_2_00444B1E |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_00432E86 |
1_2_00432E86 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_00445062 |
1_2_00445062 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_0042B39D |
1_2_0042B39D |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_0044575A |
1_2_0044575A |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_00431DB1 |
1_2_00431DB1 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_022F28C1 |
1_2_022F28C1 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_022F30E8 |
1_2_022F30E8 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_022F30E4 |
1_2_022F30E4 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_023E37A9 |
1_2_023E37A9 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_023E37A5 |
1_2_023E37A5 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_023E2F82 |
1_2_023E2F82 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 2_2_00E430E4 |
2_2_00E430E4 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 2_2_00E430E8 |
2_2_00E430E8 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 2_2_00E428C1 |
2_2_00E428C1 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 2_2_00E537A5 |
2_2_00E537A5 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 2_2_00E537A9 |
2_2_00E537A9 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 2_2_00E52F82 |
2_2_00E52F82 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E430E4 |
3_2_00E430E4 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E430E8 |
3_2_00E430E8 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E428C1 |
3_2_00E428C1 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E737A5 |
3_2_00E737A5 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E737A9 |
3_2_00E737A9 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E72F82 |
3_2_00E72F82 |
Source: 00000003.00000002.911351133.0000000000E71000.00000020.00000001.sdmp, type: MEMORY |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: 00000001.00000002.659738344.00000000023E1000.00000020.00000001.sdmp, type: MEMORY |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: 00000001.00000002.659583488.00000000022F0000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: 00000003.00000002.911329225.0000000000E40000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: 00000000.00000002.646512151.0000000002311000.00000020.00000001.sdmp, type: MEMORY |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: 00000000.00000002.646499888.00000000022F0000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: 00000002.00000002.658516120.0000000000E51000.00000020.00000001.sdmp, type: MEMORY |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: 00000002.00000002.658502869.0000000000E40000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: 1.2.YF4dF4w2Cr.exe.22f053f.2.unpack, type: UNPACKEDPE |
Matched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/ |
Source: 1.2.YF4dF4w2Cr.exe.22f053f.2.unpack, type: UNPACKEDPE |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: 2.2.fwdrrebrand.exe.e4053f.2.unpack, type: UNPACKEDPE |
Matched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/ |
Source: 1.2.YF4dF4w2Cr.exe.22f053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/ |
Source: 2.2.fwdrrebrand.exe.e4053f.2.unpack, type: UNPACKEDPE |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: 1.2.YF4dF4w2Cr.exe.22f053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: 1.2.YF4dF4w2Cr.exe.22f053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Trojan_Emotet tc_detection_name = Emotet, author = ReversingLabs, tc_detection_factor = , tc_detection_type = Trojan |
Source: 0.2.YF4dF4w2Cr.exe.22f053f.2.unpack, type: UNPACKEDPE |
Matched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/ |
Source: 0.2.YF4dF4w2Cr.exe.22f053f.2.unpack, type: UNPACKEDPE |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: 3.2.fwdrrebrand.exe.e4053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/ |
Source: 3.2.fwdrrebrand.exe.e4053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: 3.2.fwdrrebrand.exe.e4053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Trojan_Emotet tc_detection_name = Emotet, author = ReversingLabs, tc_detection_factor = , tc_detection_type = Trojan |
Source: 2.2.fwdrrebrand.exe.e4053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/ |
Source: 2.2.fwdrrebrand.exe.e4053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: 2.2.fwdrrebrand.exe.e4053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Trojan_Emotet tc_detection_name = Emotet, author = ReversingLabs, tc_detection_factor = , tc_detection_type = Trojan |
Source: 0.2.YF4dF4w2Cr.exe.22f053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/ |
Source: 0.2.YF4dF4w2Cr.exe.22f053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: 0.2.YF4dF4w2Cr.exe.22f053f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Win32_Trojan_Emotet tc_detection_name = Emotet, author = ReversingLabs, tc_detection_factor = , tc_detection_type = Trojan |
Source: 3.2.fwdrrebrand.exe.e4053f.2.unpack, type: UNPACKEDPE |
Matched rule: MAL_Emotet_Jan20_1 date = 2020-01-29, hash1 = e7c22ccdb1103ee6bd15c528270f56913bb2f47345b360802b74084563f1b73d, author = Florian Roth, description = Detects Emotet malware, reference = https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/ |
Source: 3.2.fwdrrebrand.exe.e4053f.2.unpack, type: UNPACKEDPE |
Matched rule: Emotet author = kevoreilly, description = Emotet Payload, cape_type = Emotet Payload |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_0040C49C IsIconic,GetWindowPlacement,GetWindowRect, |
0_2_0040C49C |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_00418BD1 GetParent,GetParent,IsIconic,GetParent, |
0_2_00418BD1 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_00409E32 IsWindowVisible,IsIconic, |
0_2_00409E32 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_00427FD5 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z,__EH_prolog3,IsIconic,SetForegroundWindow,SendMessageA,PostMessageA, |
0_2_00427FD5 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_0040C49C IsIconic,GetWindowPlacement,GetWindowRect, |
1_2_0040C49C |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_00418BD1 GetParent,GetParent,IsIconic,GetParent, |
1_2_00418BD1 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_00409E32 IsWindowVisible,IsIconic, |
1_2_00409E32 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_00427FD5 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z,__EH_prolog3,IsIconic,SetForegroundWindow,SendMessageA,PostMessageA, |
1_2_00427FD5 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_00401AF0 mov eax, dword ptr fs:[00000030h] |
0_2_00401AF0 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_022F0467 mov eax, dword ptr fs:[00000030h] |
0_2_022F0467 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_022F0C0C mov eax, dword ptr fs:[00000030h] |
0_2_022F0C0C |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_022F1743 mov eax, dword ptr fs:[00000030h] |
0_2_022F1743 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_023112CD mov eax, dword ptr fs:[00000030h] |
0_2_023112CD |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_02311E04 mov eax, dword ptr fs:[00000030h] |
0_2_02311E04 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_00401AF0 mov eax, dword ptr fs:[00000030h] |
1_2_00401AF0 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_022F0467 mov eax, dword ptr fs:[00000030h] |
1_2_022F0467 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_022F0C0C mov eax, dword ptr fs:[00000030h] |
1_2_022F0C0C |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_022F1743 mov eax, dword ptr fs:[00000030h] |
1_2_022F1743 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_023E12CD mov eax, dword ptr fs:[00000030h] |
1_2_023E12CD |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_023E1E04 mov eax, dword ptr fs:[00000030h] |
1_2_023E1E04 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 2_2_00E40467 mov eax, dword ptr fs:[00000030h] |
2_2_00E40467 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 2_2_00E40C0C mov eax, dword ptr fs:[00000030h] |
2_2_00E40C0C |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 2_2_00E41743 mov eax, dword ptr fs:[00000030h] |
2_2_00E41743 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 2_2_00E512CD mov eax, dword ptr fs:[00000030h] |
2_2_00E512CD |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 2_2_00E51E04 mov eax, dword ptr fs:[00000030h] |
2_2_00E51E04 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E40467 mov eax, dword ptr fs:[00000030h] |
3_2_00E40467 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E40C0C mov eax, dword ptr fs:[00000030h] |
3_2_00E40C0C |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E41743 mov eax, dword ptr fs:[00000030h] |
3_2_00E41743 |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E712CD mov eax, dword ptr fs:[00000030h] |
3_2_00E712CD |
Source: C:\Windows\SysWOW64\fwdrrebrand.exe |
Code function: 3_2_00E71E04 mov eax, dword ptr fs:[00000030h] |
3_2_00E71E04 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_00430650 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00430650 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_004366C1 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_004366C1 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_0043B152 SetUnhandledExceptionFilter, |
0_2_0043B152 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 0_2_0043BF7D __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_0043BF7D |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_00430650 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
1_2_00430650 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_004366C1 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
1_2_004366C1 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_0043B152 SetUnhandledExceptionFilter, |
1_2_0043B152 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: 1_2_0043BF7D __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
1_2_0043BF7D |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, |
0_2_004420D1 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW, |
0_2_0043C0B5 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, |
0_2_004421F9 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, |
0_2_00442192 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s, |
0_2_00442235 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,__alloca_probe_16,_malloc,GetLocaleInfoW,WideCharToMultiByte,GetLocaleInfoA, |
0_2_004429C1 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW, |
0_2_0044298D |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
0_2_00442B00 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
0_2_00440CFD |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: _strcpy_s,GetLocaleInfoA,__snwprintf_s,LoadLibraryA, |
0_2_00415026 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement, |
0_2_0044136B |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement, |
0_2_004415C3 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement, |
0_2_00441889 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: GetLocaleInfoA, |
0_2_00443A6E |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, |
0_2_00441CDC |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, |
0_2_00441DF3 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage, |
0_2_00441EFF |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen, |
0_2_00441E8B |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage, |
1_2_004420D1 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW, |
1_2_0043C0B5 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, |
1_2_004421F9 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, |
1_2_00442192 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s, |
1_2_00442235 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,__alloca_probe_16,_malloc,GetLocaleInfoW,WideCharToMultiByte,GetLocaleInfoA, |
1_2_004429C1 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW, |
1_2_0044298D |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
1_2_00442B00 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
1_2_00440CFD |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: _strcpy_s,GetLocaleInfoA,__snwprintf_s,LoadLibraryA, |
1_2_00415026 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement, |
1_2_0044136B |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement, |
1_2_004415C3 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement, |
1_2_00441889 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: GetLocaleInfoA, |
1_2_00443A6E |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP, |
1_2_00441CDC |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA, |
1_2_00441DF3 |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage, |
1_2_00441EFF |
Source: C:\Users\user\Desktop\YF4dF4w2Cr.exe |
Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen, |
1_2_00441E8B |
Source: Yara match |
File source: 00000003.00000002.911351133.0000000000E71000.00000020.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.659738344.00000000023E1000.00000020.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000002.659583488.00000000022F0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.911329225.0000000000E40000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.646512151.0000000002311000.00000020.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.646499888.00000000022F0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000002.658516120.0000000000E51000.00000020.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000002.658502869.0000000000E40000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 1.2.YF4dF4w2Cr.exe.22f053f.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.fwdrrebrand.exe.e4053f.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.YF4dF4w2Cr.exe.22f053f.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.YF4dF4w2Cr.exe.22f053f.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.fwdrrebrand.exe.e4053f.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.fwdrrebrand.exe.e4053f.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.YF4dF4w2Cr.exe.22f053f.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.fwdrrebrand.exe.e4053f.2.unpack, type: UNPACKEDPE |