Windows Analysis Report sVNHE4jjOw.exe

Overview

General Information

Sample Name: sVNHE4jjOw.exe
Analysis ID: 449805
MD5: 72fe87cb4fd41cf172a9caecbdc6887f
SHA1: 2c8c745378f4a80e96dbabf574d1ac2d6408df69
SHA256: 6d26df7a7163053aa756f62ee4504af93020696cee98a1fc891c600ac76acc1c
Tags: exe
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score: 84
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Detected potential crypto function
PE / OLE file has an invalid certificate
PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection:

barindex
Found malware configuration
Source: sVNHE4jjOw.exe Malware Configuration Extractor: GuLoader {"Payload URL": "http://ceattire.com/bin_BDePikHU25.bin"}
Multi AV Scanner detection for submitted file
Source: sVNHE4jjOw.exe Virustotal: Detection: 34% Perma Link
Source: sVNHE4jjOw.exe ReversingLabs: Detection: 23%

Compliance:

barindex
Uses 32bit PE files
Source: sVNHE4jjOw.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\Dragt1.pdb source: sVNHE4jjOw.exe
Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\Dragt1.pdb@ source: sVNHE4jjOw.exe

Networking:

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: http://ceattire.com/bin_BDePikHU25.bin
Source: sVNHE4jjOw.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: sVNHE4jjOw.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: sVNHE4jjOw.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: sVNHE4jjOw.exe String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: sVNHE4jjOw.exe String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: sVNHE4jjOw.exe String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: sVNHE4jjOw.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: sVNHE4jjOw.exe String found in binary or memory: http://ocsp.digicert.com0O
Source: sVNHE4jjOw.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: sVNHE4jjOw.exe String found in binary or memory: https://www.digicert.com/CPS0

System Summary:

barindex
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Process Stats: CPU usage > 98%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_0249561F NtAllocateVirtualMemory, 0_2_0249561F
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02495608 NtAllocateVirtualMemory, 0_2_02495608
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02495761 NtAllocateVirtualMemory, 0_2_02495761
Detected potential crypto function
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_00401470 0_2_00401470
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_0249561F 0_2_0249561F
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02495A62 0_2_02495A62
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02492A7D 0_2_02492A7D
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02492A1E 0_2_02492A1E
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02495AE6 0_2_02495AE6
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024982F3 0_2_024982F3
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02491282 0_2_02491282
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02498299 0_2_02498299
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024922A2 0_2_024922A2
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02495AB8 0_2_02495AB8
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02493B61 0_2_02493B61
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_0249830C 0_2_0249830C
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02496B29 0_2_02496B29
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02492B26 0_2_02492B26
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02492BDA 0_2_02492BDA
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_0249738E 0_2_0249738E
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02493860 0_2_02493860
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02490000 0_2_02490000
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024980B4 0_2_024980B4
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_0249214C 0_2_0249214C
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024901CD 0_2_024901CD
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024979F8 0_2_024979F8
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024941FC 0_2_024941FC
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02495985 0_2_02495985
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_0249399F 0_2_0249399F
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024949A8 0_2_024949A8
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024979AB 0_2_024979AB
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02490644 0_2_02490644
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_0249065D 0_2_0249065D
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02494653 0_2_02494653
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02494668 0_2_02494668
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02492662 0_2_02492662
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02493E65 0_2_02493E65
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02495608 0_2_02495608
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_0249363C 0_2_0249363C
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024986DD 0_2_024986DD
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02492EE8 0_2_02492EE8
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024926F6 0_2_024926F6
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02491F7E 0_2_02491F7E
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02498F74 0_2_02498F74
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_0249470F 0_2_0249470F
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024979AB 0_2_024979AB
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024977D5 0_2_024977D5
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02491F82 0_2_02491F82
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02494787 0_2_02494787
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02498FAD 0_2_02498FAD
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024927BE 0_2_024927BE
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02494C1D 0_2_02494C1D
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02493CC0 0_2_02493CC0
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024904C2 0_2_024904C2
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024924DC 0_2_024924DC
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02496CE4 0_2_02496CE4
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024934F9 0_2_024934F9
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02491C99 0_2_02491C99
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02491CAE 0_2_02491CAE
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02493506 0_2_02493506
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_0249351C 0_2_0249351C
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02494511 0_2_02494511
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024945CF 0_2_024945CF
PE / OLE file has an invalid certificate
Source: sVNHE4jjOw.exe Static PE information: invalid certificate
PE file contains strange resources
Source: sVNHE4jjOw.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: sVNHE4jjOw.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: sVNHE4jjOw.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version info
Source: sVNHE4jjOw.exe, 00000000.00000000.208241006.0000000000438000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameDragt1.exe vs sVNHE4jjOw.exe
Source: sVNHE4jjOw.exe Binary or memory string: OriginalFilenameDragt1.exe vs sVNHE4jjOw.exe
Uses 32bit PE files
Source: sVNHE4jjOw.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: classification engine Classification label: mal84.troj.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe File created: C:\Users\user\AppData\Local\Temp\~DFCFF2D9BF10EAD27A.TMP Jump to behavior
Source: sVNHE4jjOw.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: sVNHE4jjOw.exe Virustotal: Detection: 34%
Source: sVNHE4jjOw.exe ReversingLabs: Detection: 23%
Source: sVNHE4jjOw.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\Dragt1.pdb source: sVNHE4jjOw.exe
Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\Dragt1.pdb@ source: sVNHE4jjOw.exe

Data Obfuscation:

barindex
Yara detected GuLoader
Source: Yara match File source: 00000000.00000002.1293352201.0000000002490000.00000040.00000001.sdmp, type: MEMORY
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_00404960 push es; ret 0_2_00404965
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B1774 push edx; ret 0_2_021B17A1
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B0218 push edx; ret 0_2_021B0241
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B4A13 push edx; ret 0_2_021B4A41
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B3213 push edx; ret 0_2_021B3241
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B1A13 push edx; ret 0_2_021B1A41
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B6214 push edx; ret 0_2_021B6241
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B5A03 push edx; ret 0_2_021B5A31
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B4205 push edx; ret 0_2_021B4231
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B2A05 push edx; ret 0_2_021B2A31
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B1205 push edx; ret 0_2_021B1231
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B4233 push edx; ret 0_2_021B4261
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B2A33 push edx; ret 0_2_021B2A61
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B1233 push edx; ret 0_2_021B1261
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B5A33 push edx; ret 0_2_021B5A61
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B5225 push edx; ret 0_2_021B5251
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B3A24 push edx; ret 0_2_021B3A51
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B2224 push edx; ret 0_2_021B2251
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B0A24 push edx; ret 0_2_021B0A51
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B6A24 push edx; ret 0_2_021B6A51
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B0A58 push edx; ret 0_2_021B0A81
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B5253 push edx; ret 0_2_021B5281
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B3A54 push edx; ret 0_2_021B3A81
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B2254 push edx; ret 0_2_021B2281
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B6A54 push edx; ret 0_2_021B6A81
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B0248 push edx; ret 0_2_021B0271
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B4A44 push edx; ret 0_2_021B4A71
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B3244 push edx; ret 0_2_021B3271
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B1A44 push edx; ret 0_2_021B1A71
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B6244 push edx; ret 0_2_021B6271
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_021B0278 push edx; ret 0_2_021B02A1
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02495A62 0_2_02495A62
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02492A7D 0_2_02492A7D
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02492A1E 0_2_02492A1E
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02493B61 0_2_02493B61
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02492B26 0_2_02492B26
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02492BDA 0_2_02492BDA
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_0249385C 0_2_0249385C
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02493860 0_2_02493860
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024980B4 0_2_024980B4
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02492EE8 0_2_02492EE8
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024924DC 0_2_024924DC
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02493506 0_2_02493506
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_0249351C 0_2_0249351C
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe RDTSC instruction interceptor: First address: 0000000002497129 second address: 0000000002497129 instructions:
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe RDTSC instruction interceptor: First address: 0000000002497129 second address: 0000000002497129 instructions:
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe RDTSC instruction interceptor: First address: 00000000024992E8 second address: 00000000024992E8 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b cmp edx, dword ptr [ebp+44h] 0x0000000e jne 00007F638CBCE529h 0x00000010 sub edx, 04h 0x00000013 xor dword ptr [edx], ecx 0x00000015 pushad 0x00000016 lfence 0x00000019 rdtsc
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02493A60 rdtsc 0_2_02493A60
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

barindex
Found potential dummy code loops (likely to delay analysis)
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Process Stats: CPU usage > 90% for more than 60s
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02493A60 rdtsc 0_2_02493A60
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_0249320F mov eax, dword ptr fs:[00000030h] 0_2_0249320F
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02492A1E mov eax, dword ptr fs:[00000030h] 0_2_02492A1E
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02495283 mov eax, dword ptr fs:[00000030h] 0_2_02495283
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024980B4 mov eax, dword ptr fs:[00000030h] 0_2_024980B4
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02496F30 mov eax, dword ptr fs:[00000030h] 0_2_02496F30
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_024974A3 mov eax, dword ptr fs:[00000030h] 0_2_024974A3
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02493506 mov eax, dword ptr fs:[00000030h] 0_2_02493506
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_0249351C mov eax, dword ptr fs:[00000030h] 0_2_0249351C
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: sVNHE4jjOw.exe, 00000000.00000002.1292457219.0000000000D80000.00000002.00000001.sdmp Binary or memory string: Program Manager
Source: sVNHE4jjOw.exe, 00000000.00000002.1292457219.0000000000D80000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: sVNHE4jjOw.exe, 00000000.00000002.1292457219.0000000000D80000.00000002.00000001.sdmp Binary or memory string: Progman
Source: sVNHE4jjOw.exe, 00000000.00000002.1292457219.0000000000D80000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\sVNHE4jjOw.exe Code function: 0_2_02490644 cpuid 0_2_02490644
No contacted IP infos