Source: cotizacion.exe |
Virustotal: Detection: 62% |
Perma Link |
Source: cotizacion.exe |
Metadefender: Detection: 32% |
Perma Link |
Source: cotizacion.exe |
ReversingLabs: Detection: 70% |
Source: cotizacion.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: cotizacion.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: cotizacion.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: cotizacion.exe, 00000000.00000002.493866250.00000000020A0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameuser32j% vs cotizacion.exe |
Source: cotizacion.exe, 00000000.00000002.493157991.000000000041A000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameForkvakledes.exe vs cotizacion.exe |
Source: cotizacion.exe, 00000000.00000002.502916759.0000000004FA0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameSHELL32.DLL.MUIj% vs cotizacion.exe |
Source: cotizacion.exe, 00000000.00000002.494036894.0000000002200000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameForkvakledes.exeFE2XCluster-CCluster-C vs cotizacion.exe |
Source: cotizacion.exe |
Binary or memory string: OriginalFilenameForkvakledes.exe vs cotizacion.exe |
Source: cotizacion.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: classification engine |
Classification label: mal68.troj.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\cotizacion.exe |
File created: C:\Users\user~1\AppData\Local\Temp\~DF8BE9C0E48D19B38F.TMP |
Jump to behavior |
Source: cotizacion.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\cotizacion.exe |
Section loaded: C:\Windows\SysWOW64\msvbvm60.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: cotizacion.exe |
Virustotal: Detection: 62% |
Source: cotizacion.exe |
Metadefender: Detection: 32% |
Source: cotizacion.exe |
ReversingLabs: Detection: 70% |
Source: Yara match |
File source: cotizacion.exe, type: SAMPLE |
Source: Yara match |
File source: 00000000.00000002.493125170.0000000000401000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000000.229099820.0000000000401000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.0.cotizacion.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.cotizacion.exe.400000.0.unpack, type: UNPACKEDPE |
Source: cotizacion.exe |
Static PE information: real checksum: 0x279ca should be: 0x1d63d |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_00407C52 push es; ret |
0_2_00407CB9 |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_00401275 push 02A3CF73h; iretd |
0_2_0040141C |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_00406E16 pushad ; ret |
0_2_00406E19 |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_0040261A push es; retf |
0_2_0040265D |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_004078E3 pushad ; ret |
0_2_004078E5 |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_004092E9 push es; ret |
0_2_004092F1 |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_00409C8F push esi; iretd |
0_2_00409C93 |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_00406C97 push cs; ret |
0_2_00406CD9 |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_00405140 push ss; retf |
0_2_00405141 |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_00407D73 pushad ; retf |
0_2_00407D75 |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_00404D04 push es; ret |
0_2_00404D05 |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_00405310 push ecx; ret |
0_2_00405311 |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_00403D1F push eax; ret |
0_2_00403D21 |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_00404BD3 push es; retf |
0_2_00404BD5 |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_0040298C push ecx; retf |
0_2_0040298D |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_00403792 push eax; ret |
0_2_00403795 |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_004037AE push eax; ret |
0_2_004037B1 |
Source: C:\Users\user\Desktop\cotizacion.exe |
Code function: 0_2_004029B7 push es; retf |
0_2_004029B9 |
Source: initial sample |
Icon embedded in binary file: icon matches a legit application icon: download (71).png |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Window / User API: threadDelayed 8041 |
Jump to behavior |
Source: C:\Users\user\Desktop\cotizacion.exe |
Window / User API: threadDelayed 1959 |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\cotizacion.exe |
Last function: Thread delayed |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: cotizacion.exe, 00000000.00000002.493462189.0000000000C20000.00000002.00000001.sdmp |
Binary or memory string: uProgram Manager |
Source: cotizacion.exe, 00000000.00000002.493462189.0000000000C20000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: cotizacion.exe, 00000000.00000002.493462189.0000000000C20000.00000002.00000001.sdmp |
Binary or memory string: Progman |
Source: cotizacion.exe, 00000000.00000002.493462189.0000000000C20000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |