Analysis Report eCooEFZfZJ.exe

Overview

General Information

Sample Name: eCooEFZfZJ.exe
Analysis ID: 433075
MD5: 2db978e7cd2512c358518b1981fee079
SHA1: 22736d8d3ffe0e79cfdc0c08187bdae652d3a23c
SHA256: 9ec05fd611c2df63c12cc15df8e87e411f358b7a6747a44d4a320c01e3367ca8
Tags: exeGuLoader
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score: 88
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Potential malicious icon found
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found potential dummy code loops (likely to delay analysis)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to read the PEB
Detected potential crypto function
PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection:

barindex
Found malware configuration
Source: 00000000.00000002.755211123.00000000021B0000.00000040.00000001.sdmp Malware Configuration Extractor: GuLoader {"Payload URL": "https://bara-seck.com/bin_sLFaSDyCig163.bin, http://benvenuti.rs/wp-content/bin_s"}
Multi AV Scanner detection for submitted file
Source: eCooEFZfZJ.exe Virustotal: Detection: 15% Perma Link

Compliance:

barindex
Uses 32bit PE files
Source: eCooEFZfZJ.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: https://bara-seck.com/bin_sLFaSDyCig163.bin, http://benvenuti.rs/wp-content/bin_s

System Summary:

barindex
Potential malicious icon found
Source: initial sample Icon embedded in PE file: bad icon match: 20047c7c70f0e004
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Process Stats: CPU usage > 98%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6C42 NtAllocateVirtualMemory, 0_2_021B6C42
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6E1D NtAllocateVirtualMemory, 0_2_021B6E1D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6E0A NtAllocateVirtualMemory, 0_2_021B6E0A
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6E35 NtAllocateVirtualMemory, 0_2_021B6E35
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6E29 NtAllocateVirtualMemory, 0_2_021B6E29
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6E2D NtAllocateVirtualMemory, 0_2_021B6E2D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6E21 NtAllocateVirtualMemory, 0_2_021B6E21
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6E41 NtAllocateVirtualMemory, 0_2_021B6E41
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6E7D NtAllocateVirtualMemory, 0_2_021B6E7D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6E75 NtAllocateVirtualMemory, 0_2_021B6E75
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6E99 NtAllocateVirtualMemory, 0_2_021B6E99
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6E95 NtAllocateVirtualMemory, 0_2_021B6E95
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6E81 NtAllocateVirtualMemory, 0_2_021B6E81
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6EA1 NtAllocateVirtualMemory, 0_2_021B6EA1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6EA5 NtAllocateVirtualMemory, 0_2_021B6EA5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6F19 NtAllocateVirtualMemory, 0_2_021B6F19
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6F1D NtAllocateVirtualMemory, 0_2_021B6F1D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6F11 NtAllocateVirtualMemory, 0_2_021B6F11
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6F0D NtAllocateVirtualMemory, 0_2_021B6F0D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6F31 NtAllocateVirtualMemory, 0_2_021B6F31
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6F29 NtAllocateVirtualMemory, 0_2_021B6F29
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6F25 NtAllocateVirtualMemory, 0_2_021B6F25
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6F7F NtAllocateVirtualMemory, 0_2_021B6F7F
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6F99 NtAllocateVirtualMemory, 0_2_021B6F99
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6F9D NtAllocateVirtualMemory, 0_2_021B6F9D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6F91 NtAllocateVirtualMemory, 0_2_021B6F91
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6F8D NtAllocateVirtualMemory, 0_2_021B6F8D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6F85 NtAllocateVirtualMemory, 0_2_021B6F85
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6FB1 NtAllocateVirtualMemory, 0_2_021B6FB1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6FB5 NtAllocateVirtualMemory, 0_2_021B6FB5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6FA9 NtAllocateVirtualMemory, 0_2_021B6FA9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6FA5 NtAllocateVirtualMemory, 0_2_021B6FA5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6C49 NtAllocateVirtualMemory, 0_2_021B6C49
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6C77 NtAllocateVirtualMemory, 0_2_021B6C77
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6CBA NtAllocateVirtualMemory, 0_2_021B6CBA
Detected potential crypto function
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_004063AF 0_2_004063AF
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6C42 0_2_021B6C42
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5211 0_2_021B5211
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5215 0_2_021B5215
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1209 0_2_021B1209
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B520D 0_2_021B520D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B120D 0_2_021B120D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1201 0_2_021B1201
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5239 0_2_021B5239
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B522D 0_2_021B522D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5221 0_2_021B5221
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1225 0_2_021B1225
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1279 0_2_021B1279
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B527D 0_2_021B527D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5273 0_2_021B5273
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5275 0_2_021B5275
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5299 0_2_021B5299
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5295 0_2_021B5295
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5289 0_2_021B5289
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B528D 0_2_021B528D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5281 0_2_021B5281
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1281 0_2_021B1281
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1285 0_2_021B1285
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B52B1 0_2_021B52B1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B12A9 0_2_021B12A9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B52AD 0_2_021B52AD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B52A1 0_2_021B52A1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B12A5 0_2_021B12A5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B52A5 0_2_021B52A5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B12F9 0_2_021B12F9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B52FD 0_2_021B52FD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B12F5 0_2_021B12F5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B12ED 0_2_021B12ED
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B131D 0_2_021B131D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5315 0_2_021B5315
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5309 0_2_021B5309
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B532D 0_2_021B532D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5321 0_2_021B5321
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1325 0_2_021B1325
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B4379 0_2_021B4379
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B4375 0_2_021B4375
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1368 0_2_021B1368
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B136D 0_2_021B136D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1399 0_2_021B1399
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B139D 0_2_021B139D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3388 0_2_021B3388
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B33B9 0_2_021B33B9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B33BD 0_2_021B33BD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B53BD 0_2_021B53BD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B33B1 0_2_021B33B1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B53B5 0_2_021B53B5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B33AE 0_2_021B33AE
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B73D9 0_2_021B73D9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B53DE 0_2_021B53DE
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B73D2 0_2_021B73D2
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B33D5 0_2_021B33D5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B33C9 0_2_021B33C9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B53C9 0_2_021B53C9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B73C8 0_2_021B73C8
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B53CD 0_2_021B53CD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B33C5 0_2_021B33C5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B73F1 0_2_021B73F1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B73ED 0_2_021B73ED
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B73E1 0_2_021B73E1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B73E5 0_2_021B73E5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B105D 0_2_021B105D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1069 0_2_021B1069
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5069 0_2_021B5069
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B506D 0_2_021B506D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1065 0_2_021B1065
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5099 0_2_021B5099
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1099 0_2_021B1099
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B509D 0_2_021B509D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5091 0_2_021B5091
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1095 0_2_021B1095
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1089 0_2_021B1089
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B508D 0_2_021B508D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B108D 0_2_021B108D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B50B1 0_2_021B50B1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B50A9 0_2_021B50A9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B50A5 0_2_021B50A5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B10C5 0_2_021B10C5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B50F9 0_2_021B50F9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B50FD 0_2_021B50FD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B50E0 0_2_021B50E0
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5119 0_2_021B5119
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B510D 0_2_021B510D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5101 0_2_021B5101
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B113D 0_2_021B113D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1136 0_2_021B1136
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B115D 0_2_021B115D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1151 0_2_021B1151
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1155 0_2_021B1155
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1149 0_2_021B1149
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1145 0_2_021B1145
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1169 0_2_021B1169
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B116D 0_2_021B116D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1199 0_2_021B1199
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1195 0_2_021B1195
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1188 0_2_021B1188
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B118D 0_2_021B118D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B51B9 0_2_021B51B9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B11B9 0_2_021B11B9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B11BD 0_2_021B11BD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B51BD 0_2_021B51BD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B11B1 0_2_021B11B1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B51B1 0_2_021B51B1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B51AD 0_2_021B51AD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B11AD 0_2_021B11AD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B51A2 0_2_021B51A2
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B51A5 0_2_021B51A5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B51D1 0_2_021B51D1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B51C9 0_2_021B51C9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B51C5 0_2_021B51C5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B11FD 0_2_021B11FD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B11F1 0_2_021B11F1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B11F5 0_2_021B11F5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B11EF 0_2_021B11EF
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B761D 0_2_021B761D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5611 0_2_021B5611
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7616 0_2_021B7616
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B760D 0_2_021B760D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B4601 0_2_021B4601
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7601 0_2_021B7601
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5605 0_2_021B5605
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7605 0_2_021B7605
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7629 0_2_021B7629
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5625 0_2_021B5625
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3659 0_2_021B3659
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B4651 0_2_021B4651
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7651 0_2_021B7651
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B364D 0_2_021B364D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B4645 0_2_021B4645
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0679 0_2_021B0679
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5679 0_2_021B5679
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B567D 0_2_021B567D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5671 0_2_021B5671
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0675 0_2_021B0675
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7675 0_2_021B7675
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B566E 0_2_021B566E
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3661 0_2_021B3661
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3665 0_2_021B3665
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B569D 0_2_021B569D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5689 0_2_021B5689
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5685 0_2_021B5685
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B36D9 0_2_021B36D9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B36DD 0_2_021B36DD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B36D1 0_2_021B36D1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B36CD 0_2_021B36CD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B46C1 0_2_021B46C1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B36C1 0_2_021B36C1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B46C5 0_2_021B46C5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B36C5 0_2_021B36C5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B56F9 0_2_021B56F9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B06F5 0_2_021B06F5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B56ED 0_2_021B56ED
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B26E1 0_2_021B26E1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B56E4 0_2_021B56E4
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5705 0_2_021B5705
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3751 0_2_021B3751
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5755 0_2_021B5755
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B374D 0_2_021B374D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3741 0_2_021B3741
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3745 0_2_021B3745
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0779 0_2_021B0779
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0775 0_2_021B0775
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0769 0_2_021B0769
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B076D 0_2_021B076D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B476D 0_2_021B476D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5791 0_2_021B5791
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5795 0_2_021B5795
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5789 0_2_021B5789
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B57B9 0_2_021B57B9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B37B5 0_2_021B37B5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B57B5 0_2_021B57B5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B37A9 0_2_021B37A9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B57AD 0_2_021B57AD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B57A6 0_2_021B57A6
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B37C1 0_2_021B37C1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B57F9 0_2_021B57F9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B07F9 0_2_021B07F9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B57FD 0_2_021B57FD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B07FD 0_2_021B07FD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B57F1 0_2_021B57F1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B07F1 0_2_021B07F1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B07ED 0_2_021B07ED
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B07E1 0_2_021B07E1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B47E5 0_2_021B47E5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B07E5 0_2_021B07E5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1419 0_2_021B1419
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B141D 0_2_021B141D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B541D 0_2_021B541D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5413 0_2_021B5413
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1411 0_2_021B1411
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5415 0_2_021B5415
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B140D 0_2_021B140D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5439 0_2_021B5439
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B343F 0_2_021B343F
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5435 0_2_021B5435
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5429 0_2_021B5429
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B542D 0_2_021B542D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5421 0_2_021B5421
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7425 0_2_021B7425
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7459 0_2_021B7459
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7455 0_2_021B7455
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B344D 0_2_021B344D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3441 0_2_021B3441
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5441 0_2_021B5441
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3479 0_2_021B3479
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B747D 0_2_021B747D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3471 0_2_021B3471
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B4471 0_2_021B4471
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7476 0_2_021B7476
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B446E 0_2_021B446E
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B346D 0_2_021B346D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7461 0_2_021B7461
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7465 0_2_021B7465
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B549D 0_2_021B549D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5491 0_2_021B5491
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B748E 0_2_021B748E
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B148D 0_2_021B148D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5480 0_2_021B5480
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5485 0_2_021B5485
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7485 0_2_021B7485
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B54B5 0_2_021B54B5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B54A9 0_2_021B54A9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B44D9 0_2_021B44D9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B44D5 0_2_021B44D5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B44CE 0_2_021B44CE
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B34FD 0_2_021B34FD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B74FD 0_2_021B74FD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B74F5 0_2_021B74F5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B74EE 0_2_021B74EE
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B34ED 0_2_021B34ED
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B34E1 0_2_021B34E1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B44E1 0_2_021B44E1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B44E5 0_2_021B44E5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B34E5 0_2_021B34E5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B551D 0_2_021B551D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5511 0_2_021B5511
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5515 0_2_021B5515
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5509 0_2_021B5509
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7509 0_2_021B7509
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B750D 0_2_021B750D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1501 0_2_021B1501
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7501 0_2_021B7501
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5500 0_2_021B5500
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5505 0_2_021B5505
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B453C 0_2_021B453C
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5535 0_2_021B5535
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5529 0_2_021B5529
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B552D 0_2_021B552D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5521 0_2_021B5521
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3559 0_2_021B3559
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B4559 0_2_021B4559
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B355D 0_2_021B355D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B4555 0_2_021B4555
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B4549 0_2_021B4549
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B454D 0_2_021B454D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B4541 0_2_021B4541
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B557D 0_2_021B557D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B757D 0_2_021B757D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B1571 0_2_021B1571
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7571 0_2_021B7571
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5576 0_2_021B5576
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7575 0_2_021B7575
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7569 0_2_021B7569
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7562 0_2_021B7562
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3565 0_2_021B3565
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B2591 0_2_021B2591
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5591 0_2_021B5591
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5595 0_2_021B5595
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7595 0_2_021B7595
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5589 0_2_021B5589
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7589 0_2_021B7589
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7581 0_2_021B7581
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5585 0_2_021B5585
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B45A5 0_2_021B45A5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B35D9 0_2_021B35D9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B35DD 0_2_021B35DD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B35D1 0_2_021B35D1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B45D5 0_2_021B45D5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B45C9 0_2_021B45C9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B35CD 0_2_021B35CD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B25C7 0_2_021B25C7
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B45C6 0_2_021B45C6
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B55FA 0_2_021B55FA
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B45F9 0_2_021B45F9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B75F9 0_2_021B75F9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B45F2 0_2_021B45F2
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B75F7 0_2_021B75F7
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5A11 0_2_021B5A11
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3A09 0_2_021B3A09
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5A09 0_2_021B5A09
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3A0D 0_2_021B3A0D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3A01 0_2_021B3A01
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5A05 0_2_021B5A05
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3A25 0_2_021B3A25
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0A51 0_2_021B0A51
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0A55 0_2_021B0A55
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0A49 0_2_021B0A49
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5A40 0_2_021B5A40
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7A7A 0_2_021B7A7A
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5A70 0_2_021B5A70
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0A75 0_2_021B0A75
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0A69 0_2_021B0A69
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0A6D 0_2_021B0A6D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0A99 0_2_021B0A99
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0A9D 0_2_021B0A9D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0A93 0_2_021B0A93
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5AD9 0_2_021B5AD9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5AD5 0_2_021B5AD5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3ACD 0_2_021B3ACD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5ACD 0_2_021B5ACD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0AC1 0_2_021B0AC1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5AED 0_2_021B5AED
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5AE1 0_2_021B5AE1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5AE5 0_2_021B5AE5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0B11 0_2_021B0B11
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3B0B 0_2_021B3B0B
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0B0D 0_2_021B0B0D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5B41 0_2_021B5B41
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5B79 0_2_021B5B79
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5B75 0_2_021B5B75
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5B99 0_2_021B5B99
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5B91 0_2_021B5B91
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5B8D 0_2_021B5B8D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5B81 0_2_021B5B81
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5B85 0_2_021B5B85
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5BF5 0_2_021B5BF5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B581A 0_2_021B581A
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B381E 0_2_021B381E
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5811 0_2_021B5811
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5809 0_2_021B5809
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5805 0_2_021B5805
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3839 0_2_021B3839
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3835 0_2_021B3835
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3829 0_2_021B3829
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B382D 0_2_021B382D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3821 0_2_021B3821
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5821 0_2_021B5821
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0859 0_2_021B0859
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B085D 0_2_021B085D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3841 0_2_021B3841
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5844 0_2_021B5844
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B387C 0_2_021B387C
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0871 0_2_021B0871
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5870 0_2_021B5870
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0869 0_2_021B0869
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0865 0_2_021B0865
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B389D 0_2_021B389D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3895 0_2_021B3895
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B388E 0_2_021B388E
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B38B9 0_2_021B38B9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B38B5 0_2_021B38B5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B38A9 0_2_021B38A9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B38AD 0_2_021B38AD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B38A1 0_2_021B38A1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B58D9 0_2_021B58D9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B08DD 0_2_021B08DD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B08D1 0_2_021B08D1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B58D5 0_2_021B58D5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B08D5 0_2_021B08D5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B58C9 0_2_021B58C9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B38CD 0_2_021B38CD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B58CD 0_2_021B58CD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B38C1 0_2_021B38C1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B58C1 0_2_021B58C1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B38C5 0_2_021B38C5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B38F9 0_2_021B38F9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B38FD 0_2_021B38FD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B08F5 0_2_021B08F5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B38F4 0_2_021B38F4
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B08E9 0_2_021B08E9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B08ED 0_2_021B08ED
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B58E1 0_2_021B58E1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B08E1 0_2_021B08E1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B58E5 0_2_021B58E5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3911 0_2_021B3911
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0916 0_2_021B0916
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3915 0_2_021B3915
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3909 0_2_021B3909
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3905 0_2_021B3905
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B095D 0_2_021B095D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021BA953 0_2_021BA953
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5979 0_2_021B5979
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3979 0_2_021B3979
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B397D 0_2_021B397D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5972 0_2_021B5972
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3971 0_2_021B3971
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5969 0_2_021B5969
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0969 0_2_021B0969
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B396D 0_2_021B396D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B096D 0_2_021B096D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5961 0_2_021B5961
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0961 0_2_021B0961
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3991 0_2_021B3991
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5991 0_2_021B5991
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3995 0_2_021B3995
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3989 0_2_021B3989
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B598D 0_2_021B598D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5981 0_2_021B5981
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5985 0_2_021B5985
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B3985 0_2_021B3985
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B69B9 0_2_021B69B9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B69B5 0_2_021B69B5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B69AD 0_2_021B69AD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B69A6 0_2_021B69A6
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B09DD 0_2_021B09DD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B69DC 0_2_021B69DC
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B09D1 0_2_021B09D1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B09D5 0_2_021B09D5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B09C9 0_2_021B09C9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B69C1 0_2_021B69C1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B69C5 0_2_021B69C5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B39FB 0_2_021B39FB
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B59F9 0_2_021B59F9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B59FD 0_2_021B59FD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B59F1 0_2_021B59F1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B09E1 0_2_021B09E1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5E2D 0_2_021B5E2D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6E2D 0_2_021B6E2D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5E27 0_2_021B5E27
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5E51 0_2_021B5E51
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B2E4F 0_2_021B2E4F
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6E41 0_2_021B6E41
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5E45 0_2_021B5E45
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5E9E 0_2_021B5E9E
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5EB9 0_2_021B5EB9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5EB5 0_2_021B5EB5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5EA9 0_2_021B5EA9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5EA1 0_2_021B5EA1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6EA5 0_2_021B6EA5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5ED9 0_2_021B5ED9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0EF9 0_2_021B0EF9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0EF5 0_2_021B0EF5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0EE9 0_2_021B0EE9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0EED 0_2_021B0EED
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0EE1 0_2_021B0EE1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0F1B 0_2_021B0F1B
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0F01 0_2_021B0F01
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0F39 0_2_021B0F39
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0F35 0_2_021B0F35
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0F5D 0_2_021B0F5D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0F51 0_2_021B0F51
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0F55 0_2_021B0F55
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0F61 0_2_021B0F61
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0FDD 0_2_021B0FDD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0FD1 0_2_021B0FD1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5FFD 0_2_021B5FFD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0FF1 0_2_021B0FF1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0FF5 0_2_021B0FF5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0FE9 0_2_021B0FE9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B0FE5 0_2_021B0FE5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5C19 0_2_021B5C19
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5C0D 0_2_021B5C0D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5C01 0_2_021B5C01
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5C21 0_2_021B5C21
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5C25 0_2_021B5C25
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5C46 0_2_021B5C46
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6C77 0_2_021B6C77
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B5C6F 0_2_021B5C6F
PE file contains strange resources
Source: eCooEFZfZJ.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version info
Source: eCooEFZfZJ.exe, 00000000.00000000.227779697.0000000000430000.00000002.00020000.sdmp Binary or memory string: OriginalFilenamePerspektivls4.exe vs eCooEFZfZJ.exe
Source: eCooEFZfZJ.exe, 00000000.00000002.755015651.00000000020C0000.00000002.00000001.sdmp Binary or memory string: OriginalFilenameuser32j% vs eCooEFZfZJ.exe
Source: eCooEFZfZJ.exe Binary or memory string: OriginalFilenamePerspektivls4.exe vs eCooEFZfZJ.exe
Uses 32bit PE files
Source: eCooEFZfZJ.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: classification engine Classification label: mal88.rans.troj.evad.winEXE@1/0@0/0
Source: eCooEFZfZJ.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: eCooEFZfZJ.exe Virustotal: Detection: 15%

Data Obfuscation:

barindex
Yara detected GuLoader
Source: Yara match File source: 00000000.00000002.755211123.00000000021B0000.00000040.00000001.sdmp, type: MEMORY
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_0040CC6F push es; ret 0_2_0040CC79
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_0040CD0D push es; ret 0_2_0040CD89
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_00409133 push es; ret 0_2_0040923D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_0040CD36 push es; ret 0_2_0040CD89
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_004071C4 push es; ret 0_2_004071C5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_0040ADE0 push es; ret 0_2_0040AE65
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_00402DE4 push dword ptr [ebp-1Ch]; ret 0_2_004275E4
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_0040C1E7 push es; ret 0_2_0040C1ED
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_0040C1F2 push es; retf 0_2_0040C202
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_00409199 push es; ret 0_2_0040923D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_00408A53 push es; ret 0_2_00408A69
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_0040AE61 push es; ret 0_2_0040AE65
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6C42 push esi; iretd 0_2_021B7EBF
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B723A push esi; iretd 0_2_021B7EBF
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7259 push esi; iretd 0_2_021B7EBF
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7252 push esi; iretd 0_2_021B7EBF
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7249 push esi; iretd 0_2_021B7EBF
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7241 push esi; iretd 0_2_021B7EBF
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B827F push esi; iretd 0_2_021B82C5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7261 push esi; iretd 0_2_021B7EBF
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B8299 push esi; iretd 0_2_021B8316
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B8292 push esi; iretd 0_2_021B8316
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B72B3 push esi; iretd 0_2_021B7EBF
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B82AD push esi; iretd 0_2_021B8327
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B82A5 push esi; iretd 0_2_021B8327
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B72D9 push esi; iretd 0_2_021B7EBF
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B72D5 push esi; iretd 0_2_021B7EBF
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B82D4 push esi; iretd 0_2_021B82D5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B733A push esi; iretd 0_2_021B7EBF
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7349 push esi; iretd 0_2_021B7EBF
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B734D push esi; iretd 0_2_021B7EBF
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B73D9 0_2_021B73D9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B73D2 0_2_021B73D2
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B73C8 0_2_021B73C8
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B73F1 0_2_021B73F1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B73ED 0_2_021B73ED
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B73E1 0_2_021B73E1
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B73E5 0_2_021B73E5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B761D 0_2_021B761D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7616 0_2_021B7616
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B760D 0_2_021B760D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7601 0_2_021B7601
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7605 0_2_021B7605
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7629 0_2_021B7629
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7675 0_2_021B7675
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7425 0_2_021B7425
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7459 0_2_021B7459
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7455 0_2_021B7455
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B747D 0_2_021B747D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7476 0_2_021B7476
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7461 0_2_021B7461
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7465 0_2_021B7465
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B748E 0_2_021B748E
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7485 0_2_021B7485
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B74FD 0_2_021B74FD
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B74F5 0_2_021B74F5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B74EE 0_2_021B74EE
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B750D 0_2_021B750D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7501 0_2_021B7501
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7571 0_2_021B7571
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7575 0_2_021B7575
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7569 0_2_021B7569
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7562 0_2_021B7562
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7595 0_2_021B7595
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B7589 0_2_021B7589
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021BA953 0_2_021BA953
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe RDTSC instruction interceptor: First address: 00000000021B9ADF second address: 00000000021B9ADF instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b add edx, ebx 0x0000000d xor edx, E6D43193h 0x00000013 add esi, 02h 0x00000016 cmp word ptr [esi], 0000h 0x0000001a jne 00007FA8A0F1C80Ah 0x0000001c mov ebx, edx 0x0000001e shl edx, 05h 0x00000021 add edx, ebx 0x00000023 movzx ebx, byte ptr [esi] 0x00000026 jmp 00007FA8A0F1C8AEh 0x00000028 pushad 0x00000029 lfence 0x0000002c rdtsc
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_00407096 rdtsc 0_2_00407096
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

barindex
Found potential dummy code loops (likely to delay analysis)
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Process Stats: CPU usage > 90% for more than 60s
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_00407096 rdtsc 0_2_00407096
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B9059 mov eax, dword ptr fs:[00000030h] 0_2_021B9059
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B44D9 mov eax, dword ptr fs:[00000030h] 0_2_021B44D9
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B44D5 mov eax, dword ptr fs:[00000030h] 0_2_021B44D5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B44CE mov eax, dword ptr fs:[00000030h] 0_2_021B44CE
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B453C mov eax, dword ptr fs:[00000030h] 0_2_021B453C
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B4549 mov eax, dword ptr fs:[00000030h] 0_2_021B4549
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B454D mov eax, dword ptr fs:[00000030h] 0_2_021B454D
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B4541 mov eax, dword ptr fs:[00000030h] 0_2_021B4541
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B45A5 mov eax, dword ptr fs:[00000030h] 0_2_021B45A5
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B387C mov eax, dword ptr fs:[00000030h] 0_2_021B387C
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B6862 mov eax, dword ptr fs:[00000030h] 0_2_021B6862
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021B9916 mov eax, dword ptr fs:[00000030h] 0_2_021B9916
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_021BA953 mov eax, dword ptr fs:[00000030h] 0_2_021BA953
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: eCooEFZfZJ.exe, 00000000.00000002.754732099.0000000000CA0000.00000002.00000001.sdmp Binary or memory string: uProgram Manager
Source: eCooEFZfZJ.exe, 00000000.00000002.754732099.0000000000CA0000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: eCooEFZfZJ.exe, 00000000.00000002.754732099.0000000000CA0000.00000002.00000001.sdmp Binary or memory string: Progman
Source: eCooEFZfZJ.exe, 00000000.00000002.754732099.0000000000CA0000.00000002.00000001.sdmp Binary or memory string: Progmanlock
Source: C:\Users\user\Desktop\eCooEFZfZJ.exe Code function: 0_2_00403FEC GetSystemTime, 0_2_00403FEC
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 433075 Sample: eCooEFZfZJ.exe Startdate: 11/06/2021 Architecture: WINDOWS Score: 88 8 Potential malicious icon found 2->8 10 Found malware configuration 2->10 12 Multi AV Scanner detection for submitted file 2->12 14 2 other signatures 2->14 5 eCooEFZfZJ.exe 2->5         started        process3 signatures4 16 Contains functionality to detect hardware virtualization (CPUID execution measurement) 5->16 18 Found potential dummy code loops (likely to delay analysis) 5->18 20 Tries to detect virtualization through RDTSC time measurements 5->20
No contacted IP infos

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://bara-seck.com/bin_sLFaSDyCig163.bin, http://benvenuti.rs/wp-content/bin_s true
  • Avira URL Cloud: safe
 unknown