Source: c63f1121_by_Libranalysis.dll | Virustotal: Detection: 21% | Perma Link |
Source: c63f1121_by_Libranalysis.dll | ReversingLabs: Detection: 10% |
Source: c63f1121_by_Libranalysis.dll | Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
Source: c63f1121_by_Libranalysis.dll | Static PE information: DYNAMIC_BASE, NX_COMPAT |
Source: | Binary string: c:\start\populate-Been\early\Cell.pdb source: loaddll32.exe, 00000001.00000002.967487955.000000006D55E000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.979819270.000000006D55E000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.973298703.000000006D55E000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.934749733.000000006D55E000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.945802512.000000006D55E000.00000002.00020000.sdmp, c63f1121_by_Libranalysis.dll |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D546773 FindFirstFileExW,FindNextFileW,FindClose, | 1_2_6D546773 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D5463B7 FindFirstFileExW, | 1_2_6D5463B7 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D546773 FindFirstFileExW,FindNextFileW,FindClose, | 3_2_6D546773 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D5463B7 FindFirstFileExW, | 3_2_6D5463B7 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D546773 FindFirstFileExW,FindNextFileW,FindClose, | 4_2_6D546773 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D5463B7 FindFirstFileExW, | 4_2_6D5463B7 |
Source: Yara match | File source: 3.2.rundll32.exe.6d500000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.6d500000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.6d500000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.6d500000.1.unpack, type: UNPACKEDPE |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D502485 NtQueryVirtualMemory, | 3_2_6D502485 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D502485 NtQueryVirtualMemory, | 4_2_6D502485 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D53DDE0 | 1_2_6D53DDE0 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D553CA0 | 1_2_6D553CA0 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D551FD3 | 1_2_6D551FD3 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D53D96D | 1_2_6D53D96D |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D53E991 | 1_2_6D53E991 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D553870 | 1_2_6D553870 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D53DB9F | 1_2_6D53DB9F |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D5594E3 | 1_2_6D5594E3 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D54E490 | 1_2_6D54E490 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D53E4B8 | 1_2_6D53E4B8 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D53E72C | 1_2_6D53E72C |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D5307FD | 1_2_6D5307FD |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D53E012 | 1_2_6D53E012 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D5593C3 | 1_2_6D5593C3 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D53E253 | 1_2_6D53E253 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D502264 | 3_2_6D502264 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D53DDE0 | 3_2_6D53DDE0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D5594E3 | 3_2_6D5594E3 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D53E4B8 | 3_2_6D53E4B8 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D53E72C | 3_2_6D53E72C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D5307FD | 3_2_6D5307FD |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D55B94E | 3_2_6D55B94E |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D53D96D | 3_2_6D53D96D |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D53E991 | 3_2_6D53E991 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D53E012 | 3_2_6D53E012 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D553350 | 3_2_6D553350 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D5593C3 | 3_2_6D5593C3 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D53DB9F | 3_2_6D53DB9F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D53E253 | 3_2_6D53E253 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D502264 | 4_2_6D502264 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D53DDE0 | 4_2_6D53DDE0 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D5594E3 | 4_2_6D5594E3 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D53E4B8 | 4_2_6D53E4B8 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D53E72C | 4_2_6D53E72C |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D5307FD | 4_2_6D5307FD |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D55B94E | 4_2_6D55B94E |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D53D96D | 4_2_6D53D96D |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D53E991 | 4_2_6D53E991 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D53E012 | 4_2_6D53E012 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D553350 | 4_2_6D553350 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D5593C3 | 4_2_6D5593C3 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D53DB9F | 4_2_6D53DB9F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D53E253 | 4_2_6D53E253 |
Source: C:\Windows\System32\loaddll32.exe | Code function: String function: 6D548CA9 appears 32 times | |
Source: C:\Windows\System32\loaddll32.exe | Code function: String function: 6D52AEA0 appears 50 times | |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: String function: 6D545A57 appears 44 times | |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: String function: 6D52AEA0 appears 82 times | |
Source: c63f1121_by_Libranalysis.dll | Binary or memory string: OriginalFilenameCell.dll8 vs c63f1121_by_Libranalysis.dll |
Source: c63f1121_by_Libranalysis.dll | Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
Source: classification engine | Classification label: mal56.troj.winDLL@11/0@0/0 |
Source: c63f1121_by_Libranalysis.dll | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Windows\System32\loaddll32.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c63f1121_by_Libranalysis.dll,Dark@@4 |
Source: c63f1121_by_Libranalysis.dll | Virustotal: Detection: 21% |
Source: c63f1121_by_Libranalysis.dll | ReversingLabs: Detection: 10% |
Source: unknown | Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\c63f1121_by_Libranalysis.dll' | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\c63f1121_by_Libranalysis.dll',#1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c63f1121_by_Libranalysis.dll,Dark@@4 | |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\c63f1121_by_Libranalysis.dll',#1 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c63f1121_by_Libranalysis.dll,Schoolpress@@8 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c63f1121_by_Libranalysis.dll,Triangleart@@8 | |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\c63f1121_by_Libranalysis.dll',#1 | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c63f1121_by_Libranalysis.dll,Dark@@4 | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c63f1121_by_Libranalysis.dll,Schoolpress@@8 | Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\c63f1121_by_Libranalysis.dll,Triangleart@@8 | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\c63f1121_by_Libranalysis.dll',#1 | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Automated click: OK |
Source: C:\Windows\SysWOW64\rundll32.exe | Automated click: OK |
Source: C:\Windows\SysWOW64\rundll32.exe | Automated click: OK |
Source: c63f1121_by_Libranalysis.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: c63f1121_by_Libranalysis.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: c63f1121_by_Libranalysis.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: c63f1121_by_Libranalysis.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: c63f1121_by_Libranalysis.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: c63f1121_by_Libranalysis.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: c63f1121_by_Libranalysis.dll | Static PE information: DYNAMIC_BASE, NX_COMPAT |
Source: c63f1121_by_Libranalysis.dll | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: | Binary string: c:\start\populate-Been\early\Cell.pdb source: loaddll32.exe, 00000001.00000002.967487955.000000006D55E000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.979819270.000000006D55E000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000002.973298703.000000006D55E000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.934749733.000000006D55E000.00000002.00020000.sdmp, rundll32.exe, 00000006.00000002.945802512.000000006D55E000.00000002.00020000.sdmp, c63f1121_by_Libranalysis.dll |
Source: c63f1121_by_Libranalysis.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: c63f1121_by_Libranalysis.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: c63f1121_by_Libranalysis.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: c63f1121_by_Libranalysis.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: c63f1121_by_Libranalysis.dll | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D501F31 LoadLibraryA,GetProcAddress, | 3_2_6D501F31 |
Source: c63f1121_by_Libranalysis.dll | Static PE information: real checksum: 0x792ff should be: 0x83549 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D504FE6 push ds; iretd | 1_2_6D504FF6 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D509EF3 push esp; retf | 1_2_6D509EF4 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D50887D push ss; retf | 1_2_6D508881 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D50AAC5 push FFFF7185h; iretd | 1_2_6D50AACA |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D52A5CF push ecx; ret | 1_2_6D52A5E2 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D50532C push edi; iretd | 1_2_6D50532D |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D502253 push ecx; ret | 3_2_6D502263 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D502200 push ecx; ret | 3_2_6D502209 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D52A5CF push ecx; ret | 3_2_6D52A5E2 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D502253 push ecx; ret | 4_2_6D502263 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D502200 push ecx; ret | 4_2_6D502209 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D52A5CF push ecx; ret | 4_2_6D52A5E2 |
Source: Yara match | File source: 3.2.rundll32.exe.6d500000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.6d500000.1.unpack, type: UNPACKEDPE |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D546773 FindFirstFileExW,FindNextFileW,FindClose, | 1_2_6D546773 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D5463B7 FindFirstFileExW, | 1_2_6D5463B7 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D546773 FindFirstFileExW,FindNextFileW,FindClose, | 3_2_6D546773 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D5463B7 FindFirstFileExW, | 3_2_6D5463B7 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D546773 FindFirstFileExW,FindNextFileW,FindClose, | 4_2_6D546773 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D5463B7 FindFirstFileExW, | 4_2_6D5463B7 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D52AC9F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 1_2_6D52AC9F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D501F31 LoadLibraryA,GetProcAddress, | 3_2_6D501F31 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D545C5F mov eax, dword ptr fs:[00000030h] | 1_2_6D545C5F |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D545C1B mov eax, dword ptr fs:[00000030h] | 1_2_6D545C1B |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D545CD4 mov eax, dword ptr fs:[00000030h] | 1_2_6D545CD4 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D545CA3 mov eax, dword ptr fs:[00000030h] | 1_2_6D545CA3 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D545B66 mov eax, dword ptr fs:[00000030h] | 1_2_6D545B66 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D545B0B mov eax, dword ptr fs:[00000030h] | 1_2_6D545B0B |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D545AC8 mov eax, dword ptr fs:[00000030h] | 1_2_6D545AC8 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D545A85 mov eax, dword ptr fs:[00000030h] | 1_2_6D545A85 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D537381 mov eax, dword ptr fs:[00000030h] | 1_2_6D537381 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D545C5F mov eax, dword ptr fs:[00000030h] | 3_2_6D545C5F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D545C1B mov eax, dword ptr fs:[00000030h] | 3_2_6D545C1B |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D545CD4 mov eax, dword ptr fs:[00000030h] | 3_2_6D545CD4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D545CA3 mov eax, dword ptr fs:[00000030h] | 3_2_6D545CA3 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D545B66 mov eax, dword ptr fs:[00000030h] | 3_2_6D545B66 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D545B0B mov eax, dword ptr fs:[00000030h] | 3_2_6D545B0B |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D537381 mov eax, dword ptr fs:[00000030h] | 3_2_6D537381 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D545AC8 mov eax, dword ptr fs:[00000030h] | 3_2_6D545AC8 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D545A85 mov eax, dword ptr fs:[00000030h] | 3_2_6D545A85 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D545C5F mov eax, dword ptr fs:[00000030h] | 4_2_6D545C5F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D545C1B mov eax, dword ptr fs:[00000030h] | 4_2_6D545C1B |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D545CD4 mov eax, dword ptr fs:[00000030h] | 4_2_6D545CD4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D545CA3 mov eax, dword ptr fs:[00000030h] | 4_2_6D545CA3 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D545B66 mov eax, dword ptr fs:[00000030h] | 4_2_6D545B66 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D545B0B mov eax, dword ptr fs:[00000030h] | 4_2_6D545B0B |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D537381 mov eax, dword ptr fs:[00000030h] | 4_2_6D537381 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D545AC8 mov eax, dword ptr fs:[00000030h] | 4_2_6D545AC8 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D545A85 mov eax, dword ptr fs:[00000030h] | 4_2_6D545A85 |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D52AC9F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 1_2_6D52AC9F |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D5369B4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 1_2_6D5369B4 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D52B066 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 1_2_6D52B066 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D52AC9F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 3_2_6D52AC9F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D5369B4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 3_2_6D5369B4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D52B066 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 3_2_6D52B066 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D52AC9F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 4_2_6D52AC9F |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D5369B4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 4_2_6D5369B4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 4_2_6D52B066 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 4_2_6D52B066 |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\c63f1121_by_Libranalysis.dll',#1 | Jump to behavior |
Source: rundll32.exe, 00000003.00000002.946005518.0000000003190000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.965930684.0000000003770000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.920545655.0000000003190000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.920545948.0000000003190000.00000002.00000001.sdmp | Binary or memory string: Program Manager |
Source: rundll32.exe, 00000003.00000002.946005518.0000000003190000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.965930684.0000000003770000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.920545655.0000000003190000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.920545948.0000000003190000.00000002.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: rundll32.exe, 00000003.00000002.946005518.0000000003190000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.965930684.0000000003770000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.920545655.0000000003190000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.920545948.0000000003190000.00000002.00000001.sdmp | Binary or memory string: Progman |
Source: rundll32.exe, 00000003.00000002.946005518.0000000003190000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.965930684.0000000003770000.00000002.00000001.sdmp, rundll32.exe, 00000005.00000002.920545655.0000000003190000.00000002.00000001.sdmp, rundll32.exe, 00000006.00000002.920545948.0000000003190000.00000002.00000001.sdmp | Binary or memory string: Progmanlock |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D52AABF cpuid | 1_2_6D52AABF |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, | 1_2_6D54ED30 |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, | 1_2_6D54EDCB |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, | 1_2_6D54ECC7 |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, | 1_2_6D54EE56 |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, | 1_2_6D548840 |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, | 1_2_6D54EA25 |
Source: C:\Windows\System32\loaddll32.exe | Code function: EnumSystemLocalesW, | 1_2_6D548740 |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW, | 1_2_6D549163 |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 1_2_6D54F1CF |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW, | 1_2_6D54F0A9 |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, | 1_2_6D54F3A4 |
Source: C:\Windows\System32\loaddll32.exe | Code function: GetLocaleInfoW, | 1_2_6D54F2D5 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoA,GetSystemDefaultUILanguage,VerLanguageNameA, | 3_2_6D501566 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, | 3_2_6D54ED30 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, | 3_2_6D54EDCB |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, | 3_2_6D54ECC7 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, | 3_2_6D548740 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, | 3_2_6D549163 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 3_2_6D54F1CF |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, | 3_2_6D54F3A4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, | 3_2_6D54EA25 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoA,GetSystemDefaultUILanguage,VerLanguageNameA, | 4_2_6D501566 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, | 4_2_6D54ED30 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, | 4_2_6D54EDCB |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, | 4_2_6D54ECC7 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: EnumSystemLocalesW, | 4_2_6D548740 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW, | 4_2_6D549163 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 4_2_6D54F1CF |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, | 4_2_6D54F3A4 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, | 4_2_6D54EA25 |
Source: C:\Windows\System32\loaddll32.exe | Code function: 1_2_6D5491A2 GetSystemTimeAsFileTime, | 1_2_6D5491A2 |
Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_6D50146C CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError, | 3_2_6D50146C |
Source: Yara match | File source: 3.2.rundll32.exe.6d500000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.6d500000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.6d500000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.6d500000.1.unpack, type: UNPACKEDPE |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.