{"Payload URL": "https://drive.google.com/uc?export=download&id=1IyeIvFG2j6rM8MkH-OGyKJbMY3m1XbJ6"}
Source: PC21-270421.exe | Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1IyeIvFG2j6rM8MkH-OGyKJbMY3m1XbJ6"} |
Source: PC21-270421.exe | Virustotal: Detection: 33% | Perma Link |
Source: PC21-270421.exe | ReversingLabs: Detection: 17% |
Source: PC21-270421.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: Malware configuration extractor | URLs: https://drive.google.com/uc?export=download&id=1IyeIvFG2j6rM8MkH-OGyKJbMY3m1XbJ6 |
Source: initial sample | Icon embedded in PE file: bad icon match: 20047c7c70f0e004 |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_004014B8 |
Source: PC21-270421.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: PC21-270421.exe, 00000000.00000000.658336766.0000000000424000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameINDFRELSENS.exe vs PC21-270421.exe |
Source: PC21-270421.exe, 00000000.00000002.685380233.00000000021E0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameuser32j% vs PC21-270421.exe |
Source: PC21-270421.exe | Binary or memory string: OriginalFilenameINDFRELSENS.exe vs PC21-270421.exe |
Source: PC21-270421.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: classification engine | Classification label: mal57.rans.troj.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\PC21-270421.exe | File created: C:\Users\user\Desktop\Bortdsledes | Jump to behavior |
Source: PC21-270421.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\PC21-270421.exe | Section loaded: C:\Windows\SysWOW64\msvbvm60.dll |
Source: C:\Users\user\Desktop\PC21-270421.exe | File read: C:\Users\desktop.ini | Jump to behavior |
Source: C:\Users\user\Desktop\PC21-270421.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: PC21-270421.exe | Virustotal: Detection: 33% |
Source: PC21-270421.exe | ReversingLabs: Detection: 17% |
Source: C:\Users\user\Desktop\PC21-270421.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
Source: C:\Users\user\Desktop\PC21-270421.exe | Automated click: OK |
Source: C:\Users\user\Desktop\PC21-270421.exe | Automated click: OK |
Source: C:\Users\user\Desktop\PC21-270421.exe | Automated click: OK |
Source: Window Recorder | Window detected: More than 3 window changes detected |
Source: Yara match | File source: PC21-270421.exe, type: SAMPLE |
Source: Yara match | File source: 0.0.PC21-270421.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.PC21-270421.exe.400000.0.unpack, type: UNPACKEDPE |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_00410040 push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0040D844 push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0040F844 push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0040B04B push ebx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0041004C push ebx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0040E050 push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_00415051 push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0041105B push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0040785C push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_00410861 push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0040F862 push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0040C066 push ebx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0040D870 push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0040B874 push ebx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_00408078 push ebx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0040A008 push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0040B809 push ebx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0040900F push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0041601A push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_00406021 push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0040F025 push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_00414028 push edi; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_0041402A push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_00407034 push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_00410038 push ebx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_004078D4 push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_004068D4 push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_004090DC push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_004090E4 push ebx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_004080E9 push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Code function: 0_2_004108ED push edx; iretd |
Source: C:\Users\user\Desktop\PC21-270421.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PC21-270421.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PC21-270421.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PC21-270421.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PC21-270421.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PC21-270421.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PC21-270421.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PC21-270421.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PC21-270421.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PC21-270421.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PC21-270421.exe | File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: C:\Users\user\Desktop\PC21-270421.exe | API coverage: 0.6 % |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\PC21-270421.exe | Queries volume information: unknown VolumeInformation |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.