Windows Analysis Report OrdineFornitore_Nr_2021_OV_445..exe

Overview

General Information

Sample Name:	OrdineFornitore_Nr_2021_OV_445..exe
Analysis ID:	434868
MD5:	ca5dbe288ef27fd1a4bb491a3119285f
SHA1:	2de17b7906332db8828e87afd8f24aea93a9db25
SHA256:	582ef41b5d92451e2ca69cba6f821731d077fae38931556f2e2e3e09c577311d
Infos:
Most interesting Screenshot:

Detection

GuLoader

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected GuLoader

C2 URLs / IPs found in malware configuration

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Found potential dummy code loops (likely to delay analysis)

Machine Learning detection for sample

Tries to detect virtualization through RDTSC time measurements

Abnormal high CPU Usage

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Detected potential crypto function

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

PE file contains strange resources

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection:

Found malware configuration

Source: OrdineFornitore_Nr_2021_OV_445..exe

Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1xUEBGrPlI038P_OFJ8CjCR9Fp-zTgH1u"}

Multi AV Scanner detection for submitted file

Source: OrdineFornitore_Nr_2021_OV_445..exe

Virustotal: Detection: 16%

Perma Link

Machine Learning detection for sample

Source: OrdineFornitore_Nr_2021_OV_445..exe

Joe Sandbox ML: detected

Compliance:

Uses 32bit PE files

Source: OrdineFornitore_Nr_2021_OV_445..exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://drive.google.com/uc?export=download&id=1xUEBGrPlI038P_OFJ8CjCR9Fp-zTgH1u

System Summary:

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

Process Stats: CPU usage > 98%

Contains functionality to call native functions

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246B23 NtAllocateVirtualMemory,	0_2_02246B23
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246B52 NtAllocateVirtualMemory,	0_2_02246B52
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246BA6 NtAllocateVirtualMemory,	0_2_02246BA6
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246BEF NtAllocateVirtualMemory,	0_2_02246BEF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246C5D NtAllocateVirtualMemory,	0_2_02246C5D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246CD3 NtAllocateVirtualMemory,	0_2_02246CD3

Detected potential crypto function

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_004045B0	0_2_004045B0
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_00404614	0_2_00404614
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246B23	0_2_02246B23
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244236	0_2_02244236
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A237	0_2_0224A237
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243607	0_2_02243607
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242E12	0_2_02242E12
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02240A1D	0_2_02240A1D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243676	0_2_02243676
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A27D	0_2_0224A27D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224527A	0_2_0224527A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244A41	0_2_02244A41
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243658	0_2_02243658
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244E5A	0_2_02244E5A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244EA2	0_2_02244EA2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224AEAA	0_2_0224AEAA
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022436B3	0_2_022436B3
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02240A85	0_2_02240A85
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242E85	0_2_02242E85
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022452F5	0_2_022452F5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244AD7	0_2_02244AD7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02241EDA	0_2_02241EDA
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A2DA	0_2_0224A2DA
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02240B23	0_2_02240B23
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242F01	0_2_02242F01
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244F0B	0_2_02244F0B
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243715	0_2_02243715
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224AF1E	0_2_0224AF1E
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242B19	0_2_02242B19
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224331A	0_2_0224331A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02240363	0_2_02240363
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224AF75	0_2_0224AF75
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244F73	0_2_02244F73
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244B41	0_2_02244B41
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224AF42	0_2_0224AF42
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02245352	0_2_02245352
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246B52	0_2_02246B52
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224AF53	0_2_0224AF53
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243359	0_2_02243359
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246BA6	0_2_02246BA6
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224AFAF	0_2_0224AFAF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A38D	0_2_0224A38D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224379A	0_2_0224379A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022433E1	0_2_022433E1
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224AFF6	0_2_0224AFF6
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022437CF	0_2_022437CF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022433D5	0_2_022433D5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244FD7	0_2_02244FD7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022453DB	0_2_022453DB
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02245C26	0_2_02245C26
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02245435	0_2_02245435
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02245036	0_2_02245036
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02240837	0_2_02240837
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224383A	0_2_0224383A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224B015	0_2_0224B015
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246865	0_2_02246865
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244C69	0_2_02244C69
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224687D	0_2_0224687D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224B079	0_2_0224B079
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224B046	0_2_0224B046
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224344F	0_2_0224344F
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A054	0_2_0224A054
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243851	0_2_02243851
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224B053	0_2_0224B053
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02241C5A	0_2_02241C5A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022434AF	0_2_022434AF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022454AF	0_2_022454AF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022438B2	0_2_022438B2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022448B9	0_2_022448B9
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244887	0_2_02244887
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224688A	0_2_0224688A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A099	0_2_0224A099
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022440EA	0_2_022440EA
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244CF2	0_2_02244CF2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224B0FD	0_2_0224B0FD
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022450C2	0_2_022450C2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022450D0	0_2_022450D0
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022440DD	0_2_022440DD
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02248CD9	0_2_02248CD9
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244D26	0_2_02244D26
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A126	0_2_0224A126
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224492B	0_2_0224492B
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243530	0_2_02243530
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224353B	0_2_0224353B
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224511F	0_2_0224511F
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A11B	0_2_0224A11B
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244146	0_2_02244146
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A153	0_2_0224A153
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242DA5	0_2_02242DA5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242DA7	0_2_02242DA7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022449AF	0_2_022449AF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A1AA	0_2_0224A1AA
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022455B6	0_2_022455B6
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022435BE	0_2_022435BE
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022441BA	0_2_022441BA
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244192	0_2_02244192
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224519D	0_2_0224519D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A1E7	0_2_0224A1E7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022409E9	0_2_022409E9
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022449F5	0_2_022449F5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022435F3	0_2_022435F3
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022425FE	0_2_022425FE
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022441F8	0_2_022441F8
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022435D5	0_2_022435D5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244DD7	0_2_02244DD7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A9D2	0_2_0224A9D2

PE / OLE file has an invalid certificate

Source: OrdineFornitore_Nr_2021_OV_445..exe

Static PE information: invalid certificate

PE file contains strange resources

Source: OrdineFornitore_Nr_2021_OV_445..exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: OrdineFornitore_Nr_2021_OV_445..exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Sample file is different than original file name gathered from version info

Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1010993148.00000000021F0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs OrdineFornitore_Nr_2021_OV_445..exe
Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000000.663081077.0000000000422000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameLATRIA.exe vs OrdineFornitore_Nr_2021_OV_445..exe
Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1011075185.00000000022B0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameLATRIA.exeFE2XTriTech International~ vs OrdineFornitore_Nr_2021_OV_445..exe
Source: OrdineFornitore_Nr_2021_OV_445..exe	Binary or memory string: OriginalFilenameLATRIA.exe vs OrdineFornitore_Nr_2021_OV_445..exe

Uses 32bit PE files

Source: OrdineFornitore_Nr_2021_OV_445..exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal84.troj.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

File created: C:\Users\user\AppData\Local\Temp\~DF0CC27355BE37F9C0.TMP

Jump to behavior

Source: OrdineFornitore_Nr_2021_OV_445..exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: OrdineFornitore_Nr_2021_OV_445..exe

Virustotal: Detection: 16%

Data Obfuscation:

Yara detected GuLoader

Source: Yara match

File source: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, type: MEMORY

PE file contains an invalid checksum

Source: OrdineFornitore_Nr_2021_OV_445..exe

Static PE information: real checksum: 0x35092 should be: 0x2a962

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_00407C7D push ecx; retf	0_2_00407C7E
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_00406008 push es; ret	0_2_0040600D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_00406E2B push FEBF90C3h; retf	0_2_00406E56
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_004080FD push edx; iretd	0_2_00408103
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_00407A81 push ds; retf	0_2_00407A82
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0040755B pushad ; retf	0_2_0040755D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_00406D60 push esp; retf	0_2_00406DAE
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_00405D85 push edi; iretd	0_2_00405D91
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224004D push ebp; ret	0_2_0224004E
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224004F push edx; retf	0_2_0224005D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022400D0 push ebp; ret	0_2_022400D1
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022400D2 push edx; retf	0_2_022400E0

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224527A	0_2_0224527A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244A41	0_2_02244A41
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244E5A	0_2_02244E5A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244EA2	0_2_02244EA2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022426E6	0_2_022426E6
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022452F5	0_2_022452F5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022426C2	0_2_022426C2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244AD7	0_2_02244AD7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242700	0_2_02242700
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244F0B	0_2_02244F0B
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242B19	0_2_02242B19
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224331A	0_2_0224331A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242B71	0_2_02242B71
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244F73	0_2_02244F73
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242745	0_2_02242745
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244B41	0_2_02244B41
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02245352	0_2_02245352
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242792	0_2_02242792
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244FD7	0_2_02244FD7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02245036	0_2_02245036
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242867	0_2_02242867
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244C69	0_2_02244C69
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242846	0_2_02242846
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A054	0_2_0224A054
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022448B9	0_2_022448B9
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244887	0_2_02244887
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244CF2	0_2_02244CF2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022450C2	0_2_022450C2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022450D0	0_2_022450D0
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02248CD9	0_2_02248CD9
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244D26	0_2_02244D26
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224492B	0_2_0224492B
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224290A	0_2_0224290A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224511F	0_2_0224511F
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242DA5	0_2_02242DA5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242DA7	0_2_02242DA7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022449AF	0_2_022449AF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224519D	0_2_0224519D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022449F5	0_2_022449F5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244DD7	0_2_02244DD7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A9D2	0_2_0224A9D2

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

RDTSC instruction interceptor: First address: 00000000004045C0 second address: 00000000004045C0 instructions: 0x00000000 rdtsc 0x00000002 cmp ecx, 51h 0x00000005 cmp ecx, 35h 0x00000008 cmp edi, 0000AFF4h 0x0000000e movd mm1, ebx 0x00000011 movd mm1, ebx 0x00000014 movd mm1, ebx 0x00000017 movd mm1, ebx 0x0000001a jne 00007F92CC38F29Fh 0x0000001c inc edi 0x0000001d cmp esi, 18h 0x00000020 cmp ebx, 15h 0x00000023 rdtsc

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

Code function: 0_2_004045B0 rdtsc

0_2_004045B0

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

Found potential dummy code loops (likely to delay analysis)

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

Process Stats: CPU usage > 90% for more than 60s

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

Code function: 0_2_004045B0 rdtsc

0_2_004045B0

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022462D6 mov eax, dword ptr fs:[00000030h]	0_2_022462D6
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224331A mov eax, dword ptr fs:[00000030h]	0_2_0224331A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02249030 mov eax, dword ptr fs:[00000030h]	0_2_02249030
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02249032 mov eax, dword ptr fs:[00000030h]	0_2_02249032
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02249441 mov eax, dword ptr fs:[00000030h]	0_2_02249441
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A054 mov eax, dword ptr fs:[00000030h]	0_2_0224A054
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243CEF mov eax, dword ptr fs:[00000030h]	0_2_02243CEF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022440EA mov eax, dword ptr fs:[00000030h]	0_2_022440EA
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022440DD mov eax, dword ptr fs:[00000030h]	0_2_022440DD

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1010932020.0000000000DB0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1010932020.0000000000DB0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1010932020.0000000000DB0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1010932020.0000000000DB0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

Code function: 0_2_02242B19 cpuid

0_2_02242B19

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No contacted IP infos

AV Detection:

Found malware configuration

Source: OrdineFornitore_Nr_2021_OV_445..exe

Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1xUEBGrPlI038P_OFJ8CjCR9Fp-zTgH1u"}

Multi AV Scanner detection for submitted file

Source: OrdineFornitore_Nr_2021_OV_445..exe

Virustotal: Detection: 16%

Perma Link

Machine Learning detection for sample

Source: OrdineFornitore_Nr_2021_OV_445..exe

Joe Sandbox ML: detected

Compliance:

Uses 32bit PE files

Source: OrdineFornitore_Nr_2021_OV_445..exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://drive.google.com/uc?export=download&id=1xUEBGrPlI038P_OFJ8CjCR9Fp-zTgH1u

System Summary:

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

Process Stats: CPU usage > 98%

Contains functionality to call native functions

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246B23 NtAllocateVirtualMemory,	0_2_02246B23
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246B52 NtAllocateVirtualMemory,	0_2_02246B52
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246BA6 NtAllocateVirtualMemory,	0_2_02246BA6
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246BEF NtAllocateVirtualMemory,	0_2_02246BEF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246C5D NtAllocateVirtualMemory,	0_2_02246C5D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246CD3 NtAllocateVirtualMemory,	0_2_02246CD3

Detected potential crypto function

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_004045B0	0_2_004045B0
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_00404614	0_2_00404614
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246B23	0_2_02246B23
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244236	0_2_02244236
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A237	0_2_0224A237
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243607	0_2_02243607
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242E12	0_2_02242E12
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02240A1D	0_2_02240A1D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243676	0_2_02243676
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A27D	0_2_0224A27D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224527A	0_2_0224527A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244A41	0_2_02244A41
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243658	0_2_02243658
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244E5A	0_2_02244E5A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244EA2	0_2_02244EA2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224AEAA	0_2_0224AEAA
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022436B3	0_2_022436B3
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02240A85	0_2_02240A85
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242E85	0_2_02242E85
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022452F5	0_2_022452F5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244AD7	0_2_02244AD7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02241EDA	0_2_02241EDA
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A2DA	0_2_0224A2DA
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02240B23	0_2_02240B23
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242F01	0_2_02242F01
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244F0B	0_2_02244F0B
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243715	0_2_02243715
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224AF1E	0_2_0224AF1E
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242B19	0_2_02242B19
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224331A	0_2_0224331A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02240363	0_2_02240363
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224AF75	0_2_0224AF75
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244F73	0_2_02244F73
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244B41	0_2_02244B41
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224AF42	0_2_0224AF42
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02245352	0_2_02245352
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246B52	0_2_02246B52
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224AF53	0_2_0224AF53
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243359	0_2_02243359
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246BA6	0_2_02246BA6
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224AFAF	0_2_0224AFAF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A38D	0_2_0224A38D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224379A	0_2_0224379A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022433E1	0_2_022433E1
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224AFF6	0_2_0224AFF6
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022437CF	0_2_022437CF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022433D5	0_2_022433D5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244FD7	0_2_02244FD7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022453DB	0_2_022453DB
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02245C26	0_2_02245C26
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02245435	0_2_02245435
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02245036	0_2_02245036
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02240837	0_2_02240837
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224383A	0_2_0224383A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224B015	0_2_0224B015
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02246865	0_2_02246865
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244C69	0_2_02244C69
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224687D	0_2_0224687D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224B079	0_2_0224B079
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224B046	0_2_0224B046
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224344F	0_2_0224344F
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A054	0_2_0224A054
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243851	0_2_02243851
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224B053	0_2_0224B053
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02241C5A	0_2_02241C5A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022434AF	0_2_022434AF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022454AF	0_2_022454AF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022438B2	0_2_022438B2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022448B9	0_2_022448B9
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244887	0_2_02244887
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224688A	0_2_0224688A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A099	0_2_0224A099
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022440EA	0_2_022440EA
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244CF2	0_2_02244CF2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224B0FD	0_2_0224B0FD
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022450C2	0_2_022450C2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022450D0	0_2_022450D0
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022440DD	0_2_022440DD
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02248CD9	0_2_02248CD9
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244D26	0_2_02244D26
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A126	0_2_0224A126
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224492B	0_2_0224492B
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243530	0_2_02243530
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224353B	0_2_0224353B
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224511F	0_2_0224511F
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A11B	0_2_0224A11B
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244146	0_2_02244146
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A153	0_2_0224A153
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242DA5	0_2_02242DA5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242DA7	0_2_02242DA7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022449AF	0_2_022449AF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A1AA	0_2_0224A1AA
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022455B6	0_2_022455B6
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022435BE	0_2_022435BE
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022441BA	0_2_022441BA
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244192	0_2_02244192
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224519D	0_2_0224519D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A1E7	0_2_0224A1E7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022409E9	0_2_022409E9
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022449F5	0_2_022449F5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022435F3	0_2_022435F3
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022425FE	0_2_022425FE
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022441F8	0_2_022441F8
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022435D5	0_2_022435D5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244DD7	0_2_02244DD7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A9D2	0_2_0224A9D2

PE / OLE file has an invalid certificate

Source: OrdineFornitore_Nr_2021_OV_445..exe

Static PE information: invalid certificate

PE file contains strange resources

Source: OrdineFornitore_Nr_2021_OV_445..exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: OrdineFornitore_Nr_2021_OV_445..exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Sample file is different than original file name gathered from version info

Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1010993148.00000000021F0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs OrdineFornitore_Nr_2021_OV_445..exe
Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000000.663081077.0000000000422000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameLATRIA.exe vs OrdineFornitore_Nr_2021_OV_445..exe
Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1011075185.00000000022B0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameLATRIA.exeFE2XTriTech International~ vs OrdineFornitore_Nr_2021_OV_445..exe
Source: OrdineFornitore_Nr_2021_OV_445..exe	Binary or memory string: OriginalFilenameLATRIA.exe vs OrdineFornitore_Nr_2021_OV_445..exe

Uses 32bit PE files

Source: OrdineFornitore_Nr_2021_OV_445..exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal84.troj.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

File created: C:\Users\user\AppData\Local\Temp\~DF0CC27355BE37F9C0.TMP

Jump to behavior

Source: OrdineFornitore_Nr_2021_OV_445..exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: OrdineFornitore_Nr_2021_OV_445..exe

Virustotal: Detection: 16%

Data Obfuscation:

Yara detected GuLoader

Source: Yara match

File source: 00000000.00000002.1011030674.0000000002240000.00000040.00000001.sdmp, type: MEMORY

PE file contains an invalid checksum

Source: OrdineFornitore_Nr_2021_OV_445..exe

Static PE information: real checksum: 0x35092 should be: 0x2a962

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_00407C7D push ecx; retf	0_2_00407C7E
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_00406008 push es; ret	0_2_0040600D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_00406E2B push FEBF90C3h; retf	0_2_00406E56
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_004080FD push edx; iretd	0_2_00408103
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_00407A81 push ds; retf	0_2_00407A82
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0040755B pushad ; retf	0_2_0040755D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_00406D60 push esp; retf	0_2_00406DAE
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_00405D85 push edi; iretd	0_2_00405D91
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224004D push ebp; ret	0_2_0224004E
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224004F push edx; retf	0_2_0224005D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022400D0 push ebp; ret	0_2_022400D1
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022400D2 push edx; retf	0_2_022400E0

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224527A	0_2_0224527A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244A41	0_2_02244A41
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244E5A	0_2_02244E5A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244EA2	0_2_02244EA2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022426E6	0_2_022426E6
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022452F5	0_2_022452F5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022426C2	0_2_022426C2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244AD7	0_2_02244AD7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242700	0_2_02242700
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244F0B	0_2_02244F0B
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242B19	0_2_02242B19
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224331A	0_2_0224331A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242B71	0_2_02242B71
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244F73	0_2_02244F73
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242745	0_2_02242745
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244B41	0_2_02244B41
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02245352	0_2_02245352
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242792	0_2_02242792
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244FD7	0_2_02244FD7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02245036	0_2_02245036
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242867	0_2_02242867
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244C69	0_2_02244C69
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242846	0_2_02242846
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A054	0_2_0224A054
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022448B9	0_2_022448B9
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244887	0_2_02244887
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244CF2	0_2_02244CF2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022450C2	0_2_022450C2
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022450D0	0_2_022450D0
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02248CD9	0_2_02248CD9
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244D26	0_2_02244D26
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224492B	0_2_0224492B
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224290A	0_2_0224290A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224511F	0_2_0224511F
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242DA5	0_2_02242DA5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02242DA7	0_2_02242DA7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022449AF	0_2_022449AF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224519D	0_2_0224519D
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022449F5	0_2_022449F5
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02244DD7	0_2_02244DD7
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A9D2	0_2_0224A9D2

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

Code function: 0_2_004045B0 rdtsc

0_2_004045B0

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

Found potential dummy code loops (likely to delay analysis)

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

Process Stats: CPU usage > 90% for more than 60s

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

Code function: 0_2_004045B0 rdtsc

0_2_004045B0

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022462D6 mov eax, dword ptr fs:[00000030h]	0_2_022462D6
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224331A mov eax, dword ptr fs:[00000030h]	0_2_0224331A
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02249030 mov eax, dword ptr fs:[00000030h]	0_2_02249030
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02249032 mov eax, dword ptr fs:[00000030h]	0_2_02249032
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02249441 mov eax, dword ptr fs:[00000030h]	0_2_02249441
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_0224A054 mov eax, dword ptr fs:[00000030h]	0_2_0224A054
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_02243CEF mov eax, dword ptr fs:[00000030h]	0_2_02243CEF
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022440EA mov eax, dword ptr fs:[00000030h]	0_2_022440EA
Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe	Code function: 0_2_022440DD mov eax, dword ptr fs:[00000030h]	0_2_022440DD

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1010932020.0000000000DB0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1010932020.0000000000DB0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1010932020.0000000000DB0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: OrdineFornitore_Nr_2021_OV_445..exe, 00000000.00000002.1010932020.0000000000DB0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\OrdineFornitore_Nr_2021_OV_445..exe

Code function: 0_2_02242B19 cpuid

0_2_02242B19

ID:	434868
Product:	CloudBasic
Start time:	15:58:28
Start date:	15.06.2021
Sample:	OrdineFornitore_Nr_2021_OV_445..exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	ca5dbe288ef27fd1a4bb491a3119285f
SHA1:	2de17b7906332db8828e87afd8f24aea93a9db25
SHA256:	582ef41b5d92451e2ca69cba6f821731d077fae38931556f2e2e3e09c577311d
Filetype:	Win32 Executable (generic) a (10002005/4) 99.15%

Windows Analysis Report OrdineFornitore_Nr_2021_OV_445..exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Compliance:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Screenshots

Behavior Graph

Network Map