Source: PC21-270421.exe |
Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1IyeIvFG2j6rM8MkH-OGyKJbMY3m1XbJ6"} |
Source: PC21-270421.exe |
Virustotal: Detection: 33% |
Perma Link |
Source: PC21-270421.exe |
ReversingLabs: Detection: 17% |
Source: PC21-270421.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: Malware configuration extractor |
URLs: https://drive.google.com/uc?export=download&id=1IyeIvFG2j6rM8MkH-OGyKJbMY3m1XbJ6 |
Source: initial sample |
Icon embedded in PE file: bad icon match: 20047c7c70f0e004 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_004014B8 |
0_2_004014B8 |
Source: PC21-270421.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: PC21-270421.exe, 00000000.00000000.658336766.0000000000424000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameINDFRELSENS.exe vs PC21-270421.exe |
Source: PC21-270421.exe, 00000000.00000002.685380233.00000000021E0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameuser32j% vs PC21-270421.exe |
Source: PC21-270421.exe |
Binary or memory string: OriginalFilenameINDFRELSENS.exe vs PC21-270421.exe |
Source: PC21-270421.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: classification engine |
Classification label: mal57.rans.troj.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
File created: C:\Users\user\Desktop\Bortdsledes |
Jump to behavior |
Source: PC21-270421.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Section loaded: C:\Windows\SysWOW64\msvbvm60.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PC21-270421.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: PC21-270421.exe |
Virustotal: Detection: 33% |
Source: PC21-270421.exe |
ReversingLabs: Detection: 17% |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Automated click: OK |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: Yara match |
File source: PC21-270421.exe, type: SAMPLE |
Source: Yara match |
File source: 0.0.PC21-270421.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.PC21-270421.exe.400000.0.unpack, type: UNPACKEDPE |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_00410040 push edx; iretd |
0_2_0041004B |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0040D844 push edx; iretd |
0_2_0040D84F |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0040F844 push edx; iretd |
0_2_0040F84F |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0040B04B push ebx; iretd |
0_2_0040B00F |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0041004C push ebx; iretd |
0_2_004100BF |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0040E050 push edx; iretd |
0_2_0040E0EB |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_00415051 push edx; iretd |
0_2_0041506B |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0041105B push edx; iretd |
0_2_0041106B |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0040785C push edx; iretd |
0_2_00407863 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_00410861 push edx; iretd |
0_2_004108D7 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0040F862 push edx; iretd |
0_2_0040F86F |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0040C066 push ebx; iretd |
0_2_0040C073 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0040D870 push edx; iretd |
0_2_0040D887 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0040B874 push ebx; iretd |
0_2_0040B87F |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_00408078 push ebx; iretd |
0_2_00408093 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0040A008 push edx; iretd |
0_2_00409FFF |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0040B809 push ebx; iretd |
0_2_0040B873 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0040900F push edx; iretd |
0_2_00409027 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0041601A push edx; iretd |
0_2_0041603B |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_00406021 push edx; iretd |
0_2_00406023 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0040F025 push edx; iretd |
0_2_0040F027 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_00414028 push edi; iretd |
0_2_00414029 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_0041402A push edx; iretd |
0_2_0041402B |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_00407034 push edx; iretd |
0_2_0040703F |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_00410038 push ebx; iretd |
0_2_004100BF |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_004078D4 push edx; iretd |
0_2_004078DB |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_004068D4 push edx; iretd |
0_2_0040692B |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_004090DC push edx; iretd |
0_2_004090E3 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_004090E4 push ebx; iretd |
0_2_00409147 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_004080E9 push edx; iretd |
0_2_004080F7 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Code function: 0_2_004108ED push edx; iretd |
0_2_004108D7 |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PC21-270421.exe |
File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Jump to behavior |
Source: C:\Users\user\Desktop\PC21-270421.exe |
API coverage: 0.6 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\PC21-270421.exe |
Queries volume information: unknown VolumeInformation |
Jump to behavior |