Source: udmugning.exe |
Metadefender: Detection: 35% |
Perma Link |
Source: udmugning.exe |
ReversingLabs: Detection: 79% |
Source: udmugning.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: C:\Users\user\Desktop\udmugning.exe |
Code function: 1_2_0040994D |
1_2_0040994D |
Source: C:\Users\user\Desktop\udmugning.exe |
Code function: 1_2_004011CA |
1_2_004011CA |
Source: C:\Users\user\Desktop\udmugning.exe |
Code function: 1_2_004099E1 |
1_2_004099E1 |
Source: C:\Users\user\Desktop\udmugning.exe |
Code function: 1_2_00409A6E |
1_2_00409A6E |
Source: udmugning.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: udmugning.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: udmugning.exe, 00000001.00000002.474813749.0000000002300000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameuser32j% vs udmugning.exe |
Source: udmugning.exe, 00000001.00000002.485300567.0000000005090000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameSHELL32.DLL.MUIj% vs udmugning.exe |
Source: udmugning.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: classification engine |
Classification label: mal72.troj.evad.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\udmugning.exe |
File created: C:\Users\user\AppData\Local\Temp\~DF5440564B0D50F574.TMP |
Jump to behavior |
Source: udmugning.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\udmugning.exe |
Section loaded: C:\Windows\SysWOW64\msvbvm60.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: udmugning.exe |
Metadefender: Detection: 35% |
Source: udmugning.exe |
ReversingLabs: Detection: 79% |
Source: Yara match |
File source: udmugning.exe, type: SAMPLE |
Source: Yara match |
File source: 00000001.00000002.474162328.0000000000401000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000001.00000000.206225191.0000000000401000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 1.0.udmugning.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 1.2.udmugning.exe.400000.0.unpack, type: UNPACKEDPE |
Source: udmugning.exe |
Static PE information: real checksum: 0x1fc2a should be: 0x22a75 |
Source: C:\Users\user\Desktop\udmugning.exe |
Code function: 1_2_0040414F push ebp; iretd |
1_2_004041A3 |
Source: C:\Users\user\Desktop\udmugning.exe |
Code function: 1_2_0040C126 push 7600FFCEh; iretd |
1_2_0040C12B |
Source: C:\Users\user\Desktop\udmugning.exe |
Code function: 1_2_00409138 push eax; iretd |
1_2_00409139 |
Source: C:\Users\user\Desktop\udmugning.exe |
Code function: 1_2_004011CA push 02A3CF73h; iretd |
1_2_0040141C |
Source: C:\Users\user\Desktop\udmugning.exe |
Code function: 1_2_004039D5 push esp; iretd |
1_2_004039DB |
Source: C:\Users\user\Desktop\udmugning.exe |
Code function: 1_2_0040877A push ebx; ret |
1_2_00408782 |
Source: C:\Users\user\Desktop\udmugning.exe |
Code function: 1_2_0040C7DE pushad ; ret |
1_2_0040C813 |
Source: C:\Users\user\Desktop\udmugning.exe |
Code function: 1_2_004067F8 push es; iretd |
1_2_00406802 |
Source: initial sample |
Icon embedded in binary file: icon matches a legit application icon: download (71).png |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Window / User API: threadDelayed 4610 |
Jump to behavior |
Source: C:\Users\user\Desktop\udmugning.exe |
Window / User API: threadDelayed 5389 |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\udmugning.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\udmugning.exe |
Process Stats: CPU usage > 90% for more than 60s |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: udmugning.exe, 00000001.00000002.474603838.0000000000DA0000.00000002.00000001.sdmp |
Binary or memory string: Program Manager |
Source: udmugning.exe, 00000001.00000002.474603838.0000000000DA0000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: udmugning.exe, 00000001.00000002.474603838.0000000000DA0000.00000002.00000001.sdmp |
Binary or memory string: Progman |
Source: udmugning.exe, 00000001.00000002.474603838.0000000000DA0000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |