Source: C:\Users\user\Desktop\mal5.exe |
Code function: 0_2_00405301 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA, |
0_2_00405301 |
Source: C:\Users\user\Desktop\mal5.exe |
Code function: 0_2_00405C94 SetErrorMode,SetErrorMode,FindFirstFileA,SetErrorMode,FindClose, |
0_2_00405C94 |
Source: C:\Users\user\Desktop\mal5.exe |
Code function: 0_2_004026BC FindFirstFileA, |
0_2_004026BC |
Source: C:\Users\user\Desktop\mal5.exe |
Code function: 1_1_00404A29 FindFirstFileExW, |
1_1_00404A29 |
Source: mal5.exe, 00000001.00000003.453704024.0000000005AB8000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt0 |
Source: mal5.exe, 00000001.00000003.453704024.0000000005AB8000.00000004.00000001.sdmp |
String found in binary or memory: http://cdp.geotrust.com/GeoTrustRSACA2018.crl0L |
Source: mal5.exe, 00000001.00000003.453704024.0000000005AB8000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: mal5.exe, 00000001.00000003.453704024.0000000005AB8000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0B |
Source: mal5.exe, 00000001.00000003.453704024.0000000005AB8000.00000004.00000001.sdmp |
String found in binary or memory: http://status.geotrust.com0= |
Source: mal5.exe, 00000001.00000003.453704024.0000000005AB8000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: mal5.exe |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: C:\Users\user\Desktop\mal5.exe |
Code function: 0_2_00404EA0 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,lstrlenA,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_00404EA0 |
Source: C:\Users\user\Desktop\mal5.exe |
Code function: 0_2_0040314A EntryPoint,#17,OleInitialize,SHGetFileInfoA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,GetCommandLineA,GetModuleHandleA,CharNextA,OleUninitialize,ExitProcess,lstrcatA,CreateDirectoryA,lstrcatA,lstrcatA,DeleteFileA,GetModuleFileNameA,lstrcmpiA,CopyFileA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess, |
0_2_0040314A |
Source: mal5.exe, 00000000.00000003.236568306.000000001F0CF000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenamentdll.dllj% vs mal5.exe |
Source: mal5.exe, 00000000.00000002.240515409.000000001ED80000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenamegaFhfKWnVkfloSqIdHKFOomGmLSlSUQjbqMZ.exe4 vs mal5.exe |
Source: mal5.exe |
Binary or memory string: OriginalFilename vs mal5.exe |
Source: mal5.exe, 00000001.00000001.235962942.0000000000414000.00000040.00020000.sdmp |
Binary or memory string: OriginalFilenamegaFhfKWnVkfloSqIdHKFOomGmLSlSUQjbqMZ.exe4 vs mal5.exe |
Source: C:\Users\user\Desktop\mal5.exe |
Code function: 0_2_004041E5 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, |
0_2_004041E5 |
Source: C:\Users\user\Desktop\mal5.exe |
Code function: 1_1_00401489 GetModuleHandleW,GetModuleHandleW,FindResourceW,GetModuleHandleW,LoadResource,LockResource,GetModuleHandleW,SizeofResource,FreeResource,ExitProcess, |
1_1_00401489 |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Code function: 0_2_00405301 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA, |
0_2_00405301 |
Source: C:\Users\user\Desktop\mal5.exe |
Code function: 0_2_00405C94 SetErrorMode,SetErrorMode,FindFirstFileA,SetErrorMode,FindClose, |
0_2_00405C94 |
Source: C:\Users\user\Desktop\mal5.exe |
Code function: 0_2_004026BC FindFirstFileA, |
0_2_004026BC |
Source: C:\Users\user\Desktop\mal5.exe |
Code function: 1_1_00404A29 FindFirstFileExW, |
1_1_00404A29 |
Source: C:\Users\user\Desktop\mal5.exe |
Code function: 1_1_00401E1D SetUnhandledExceptionFilter, |
1_1_00401E1D |
Source: C:\Users\user\Desktop\mal5.exe |
Code function: 1_1_0040446F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
1_1_0040446F |
Source: C:\Users\user\Desktop\mal5.exe |
Code function: 1_1_00401C88 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
1_1_00401C88 |
Source: C:\Users\user\Desktop\mal5.exe |
Code function: 1_1_00401F30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
1_1_00401F30 |
Source: C:\Users\user\Desktop\mal5.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 00000001.00000001.235962942.0000000000414000.00000040.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.240515409.000000001ED80000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: mal5.exe PID: 400, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: mal5.exe PID: 4672, type: MEMORY |
Source: Yara match |
File source: 0.2.mal5.exe.1ed91458.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.mal5.exe.1ed80000.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.1.mal5.exe.415058.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.1.mal5.exe.415058.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.1.mal5.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.mal5.exe.1ed91458.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.mal5.exe.1ed80000.5.unpack, type: UNPACKEDPE |
Source: C:\Users\user\Desktop\mal5.exe |
File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities |
Jump to behavior |
Source: C:\Users\user\Desktop\mal5.exe |
Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 |
Jump to behavior |
Source: Yara match |
File source: 00000001.00000001.235962942.0000000000414000.00000040.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.240515409.000000001ED80000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: mal5.exe PID: 400, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: mal5.exe PID: 4672, type: MEMORY |
Source: Yara match |
File source: 0.2.mal5.exe.1ed91458.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.mal5.exe.1ed80000.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.1.mal5.exe.415058.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.1.mal5.exe.415058.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.1.mal5.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.mal5.exe.1ed91458.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.mal5.exe.1ed80000.5.unpack, type: UNPACKEDPE |