Source: SecuriteInfo.com.Mal.EncPk-APW.3323.dll |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
Source: Yara match |
File source: 00000002.00000002.370902825.0000000000A50000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.435655612.00000000013D0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.383594776.0000000003220000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.2.loaddll32.exe.13d0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.rundll32.exe.3220000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.rundll32.exe.a50000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000002.00000002.370902825.0000000000A50000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.435655612.00000000013D0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.383594776.0000000003220000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.2.loaddll32.exe.13d0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.rundll32.exe.3220000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.rundll32.exe.a50000.2.raw.unpack, type: UNPACKEDPE |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 |
0_2_01205F16 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205A25 |
0_2_01205A25 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_0120150C |
0_2_0120150C |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01203A14 |
0_2_01203A14 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01201B1E |
0_2_01201B1E |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205262 |
0_2_01205262 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01202566 |
0_2_01202566 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01201967 |
0_2_01201967 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01202A69 |
0_2_01202A69 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205378 |
0_2_01205378 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01203FAB |
0_2_01203FAB |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01202FAF |
0_2_01202FAF |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_012092B2 |
0_2_012092B2 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_012031B3 |
0_2_012031B3 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_012088BA |
0_2_012088BA |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_012013C5 |
0_2_012013C5 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01201CD0 |
0_2_01201CD0 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_012027D4 |
0_2_012027D4 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_012043D8 |
0_2_012043D8 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A5F16 |
2_2_007A5F16 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A5378 |
2_2_007A5378 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A2A69 |
2_2_007A2A69 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A5262 |
2_2_007A5262 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A2566 |
2_2_007A2566 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A1967 |
2_2_007A1967 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A5A25 |
2_2_007A5A25 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A1B1E |
2_2_007A1B1E |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A3A14 |
2_2_007A3A14 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A150C |
2_2_007A150C |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A43D8 |
2_2_007A43D8 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A1CD0 |
2_2_007A1CD0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A27D4 |
2_2_007A27D4 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A13C5 |
2_2_007A13C5 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A88BA |
2_2_007A88BA |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A92B2 |
2_2_007A92B2 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A31B3 |
2_2_007A31B3 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A3FAB |
2_2_007A3FAB |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A2FAF |
2_2_007A2FAF |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_03206A9C |
3_2_03206A9C |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_03202100 |
3_2_03202100 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_0320150C |
3_2_0320150C |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_0320510C |
3_2_0320510C |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_03203A14 |
3_2_03203A14 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_03205F16 |
3_2_03205F16 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_03201B1E |
3_2_03201B1E |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_03202566 |
3_2_03202566 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_03201967 |
3_2_03201967 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_03202A69 |
3_2_03202A69 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_03203574 |
3_2_03203574 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_03202FAF |
3_2_03202FAF |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_032092B2 |
3_2_032092B2 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_032088BA |
3_2_032088BA |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_03204593 |
3_2_03204593 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_032013C5 |
3_2_032013C5 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_03203DCD |
3_2_03203DCD |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_032027D4 |
3_2_032027D4 |
Source: SecuriteInfo.com.Mal.EncPk-APW.3323.dll |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
Source: classification engine |
Classification label: mal52.troj.winDLL@7/0@0/0 |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll,DllServer |
Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll' |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll',#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll,DllServer |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll',#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll',#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll,DllServer |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll',#1 |
Jump to behavior |
Source: SecuriteInfo.com.Mal.EncPk-APW.3323.dll |
Static PE information: section name: .code |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], edx |
0_2_01205F7B |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax |
0_2_01205F94 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax |
0_2_01205FDD |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax |
0_2_0120604B |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax |
0_2_01206124 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], edi |
0_2_0120614F |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], edx |
0_2_0120625E |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax |
0_2_012062B5 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax |
0_2_01206343 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax |
0_2_0120635D |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], ebp |
0_2_01206368 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax |
0_2_01206385 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], edx |
0_2_012063B4 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax |
0_2_01206483 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax |
0_2_012064F2 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax |
0_2_012064FE |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax |
0_2_0120650A |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], edi |
0_2_01206567 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], edi |
0_2_012065A9 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], eax |
0_2_01206610 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax |
0_2_01206685 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-08h]; mov dword ptr [esp], ecx |
0_2_012066C2 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax |
0_2_012066E8 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], edi |
0_2_01206781 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], edx |
0_2_012067B6 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax |
0_2_0120684C |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax |
0_2_01206858 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-10h]; mov dword ptr [esp], edx |
0_2_01206926 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax |
0_2_01206945 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax |
0_2_01206951 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], edx |
0_2_012069D6 |
Source: Yara match |
File source: 00000002.00000002.370902825.0000000000A50000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.435655612.00000000013D0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.383594776.0000000003220000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.2.loaddll32.exe.13d0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.rundll32.exe.3220000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.rundll32.exe.a50000.2.raw.unpack, type: UNPACKEDPE |
Source: C:\Windows\System32\loaddll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_01202A69 xor edi, dword ptr fs:[00000030h] |
0_2_01202A69 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_007A2A69 xor edi, dword ptr fs:[00000030h] |
2_2_007A2A69 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_03202A69 xor edi, dword ptr fs:[00000030h] |
3_2_03202A69 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: Yara match |
File source: 00000002.00000002.370902825.0000000000A50000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.435655612.00000000013D0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.383594776.0000000003220000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.2.loaddll32.exe.13d0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.rundll32.exe.3220000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.rundll32.exe.a50000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000002.00000002.370902825.0000000000A50000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.435655612.00000000013D0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.383594776.0000000003220000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.2.loaddll32.exe.13d0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 3.2.rundll32.exe.3220000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.rundll32.exe.a50000.2.raw.unpack, type: UNPACKEDPE |