Source: SecuriteInfo.com.Mal.EncPk-APW.3323.dll | Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
Source: Yara match | File source: 00000002.00000002.370902825.0000000000A50000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.435655612.00000000013D0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.383594776.0000000003220000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0.2.loaddll32.exe.13d0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.3220000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.a50000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000002.00000002.370902825.0000000000A50000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.435655612.00000000013D0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.383594776.0000000003220000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0.2.loaddll32.exe.13d0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.3220000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.a50000.2.raw.unpack, type: UNPACKEDPE |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 | 0_2_01205F16 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205A25 | 0_2_01205A25 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_0120150C | 0_2_0120150C |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01203A14 | 0_2_01203A14 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01201B1E | 0_2_01201B1E |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205262 | 0_2_01205262 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01202566 | 0_2_01202566 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01201967 | 0_2_01201967 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01202A69 | 0_2_01202A69 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205378 | 0_2_01205378 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01203FAB | 0_2_01203FAB |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01202FAF | 0_2_01202FAF |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_012092B2 | 0_2_012092B2 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_012031B3 | 0_2_012031B3 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_012088BA | 0_2_012088BA |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_012013C5 | 0_2_012013C5 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01201CD0 | 0_2_01201CD0 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_012027D4 | 0_2_012027D4 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_012043D8 | 0_2_012043D8 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A5F16 | 2_2_007A5F16 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A5378 | 2_2_007A5378 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A2A69 | 2_2_007A2A69 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A5262 | 2_2_007A5262 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A2566 | 2_2_007A2566 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A1967 | 2_2_007A1967 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A5A25 | 2_2_007A5A25 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A1B1E | 2_2_007A1B1E |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A3A14 | 2_2_007A3A14 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A150C | 2_2_007A150C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A43D8 | 2_2_007A43D8 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A1CD0 | 2_2_007A1CD0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A27D4 | 2_2_007A27D4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A13C5 | 2_2_007A13C5 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A88BA | 2_2_007A88BA |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A92B2 | 2_2_007A92B2 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A31B3 | 2_2_007A31B3 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A3FAB | 2_2_007A3FAB |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A2FAF | 2_2_007A2FAF |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_03206A9C | 3_2_03206A9C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_03202100 | 3_2_03202100 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0320150C | 3_2_0320150C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0320510C | 3_2_0320510C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_03203A14 | 3_2_03203A14 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_03205F16 | 3_2_03205F16 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_03201B1E | 3_2_03201B1E |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_03202566 | 3_2_03202566 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_03201967 | 3_2_03201967 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_03202A69 | 3_2_03202A69 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_03203574 | 3_2_03203574 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_03202FAF | 3_2_03202FAF |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_032092B2 | 3_2_032092B2 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_032088BA | 3_2_032088BA |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_03204593 | 3_2_03204593 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_032013C5 | 3_2_032013C5 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_03203DCD | 3_2_03203DCD |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_032027D4 | 3_2_032027D4 |
Source: SecuriteInfo.com.Mal.EncPk-APW.3323.dll | Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
Source: classification engine | Classification label: mal52.troj.winDLL@7/0@0/0 |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll,DllServer |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll' | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll',#1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll,DllServer | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll',#1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll',#1 | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll,DllServer | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Mal.EncPk-APW.3323.dll',#1 | Jump to behavior |
Source: SecuriteInfo.com.Mal.EncPk-APW.3323.dll | Static PE information: section name: .code |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], edx | 0_2_01205F7B |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax | 0_2_01205F94 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax | 0_2_01205FDD |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax | 0_2_0120604B |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax | 0_2_01206124 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], edi | 0_2_0120614F |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], edx | 0_2_0120625E |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax | 0_2_012062B5 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax | 0_2_01206343 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax | 0_2_0120635D |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], ebp | 0_2_01206368 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax | 0_2_01206385 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], edx | 0_2_012063B4 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax | 0_2_01206483 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax | 0_2_012064F2 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-10h]; mov dword ptr [esp], eax | 0_2_012064FE |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax | 0_2_0120650A |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], edi | 0_2_01206567 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], edi | 0_2_012065A9 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], eax | 0_2_01206610 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax | 0_2_01206685 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-08h]; mov dword ptr [esp], ecx | 0_2_012066C2 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax | 0_2_012066E8 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], edi | 0_2_01206781 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push 00000000h; mov dword ptr [esp], edx | 0_2_012067B6 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax | 0_2_0120684C |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax | 0_2_01206858 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-10h]; mov dword ptr [esp], edx | 0_2_01206926 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-08h]; mov dword ptr [esp], eax | 0_2_01206945 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax | 0_2_01206951 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01205F16 push dword ptr [ebp-0Ch]; mov dword ptr [esp], edx | 0_2_012069D6 |
Source: Yara match | File source: 00000002.00000002.370902825.0000000000A50000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.435655612.00000000013D0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.383594776.0000000003220000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0.2.loaddll32.exe.13d0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.3220000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.a50000.2.raw.unpack, type: UNPACKEDPE |
Source: C:\Windows\System32\loaddll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_01202A69 xor edi, dword ptr fs:[00000030h] | 0_2_01202A69 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 2_2_007A2A69 xor edi, dword ptr fs:[00000030h] | 2_2_007A2A69 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_03202A69 xor edi, dword ptr fs:[00000030h] | 3_2_03202A69 |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: Yara match | File source: 00000002.00000002.370902825.0000000000A50000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.435655612.00000000013D0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.383594776.0000000003220000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0.2.loaddll32.exe.13d0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.3220000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.a50000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000002.00000002.370902825.0000000000A50000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.435655612.00000000013D0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.383594776.0000000003220000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0.2.loaddll32.exe.13d0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.3220000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.a50000.2.raw.unpack, type: UNPACKEDPE |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.