Windows Analysis Report SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe

Overview

General Information

Sample Name: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe
Analysis ID: 450598
MD5: 597eff6540780213008d384ca831852a
SHA1: 74fcaa7b00efdfc2056eb4651aea03c529d9bf8d
SHA256: 464e32b273ff94e18247402fec1445dceb07fe8ea16490038fa64b9a23672cf0
Tags: exe
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score: 84
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Detected potential crypto function
PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection:

barindex
Found malware configuration
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Malware Configuration Extractor: GuLoader {"Payload URL": "https://andreameixueiro.com/karin_entmCGmZw1b;z"}
Multi AV Scanner detection for submitted file
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Virustotal: Detection: 20% Perma Link

Compliance:

barindex
Uses 32bit PE files
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: https://andreameixueiro.com/karin_entmCGmZw1b;z

System Summary:

barindex
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Process Stats: CPU usage > 98%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8812F NtAllocateVirtualMemory, 0_2_02C8812F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C88299 NtAllocateVirtualMemory, 0_2_02C88299
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8834D NtAllocateVirtualMemory, 0_2_02C8834D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C88365 NtAllocateVirtualMemory, 0_2_02C88365
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C881E5 NtAllocateVirtualMemory, 0_2_02C881E5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C881FD NtAllocateVirtualMemory, 0_2_02C881FD
Detected potential crypto function
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8812F 0_2_02C8812F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C862C9 0_2_02C862C9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C862D5 0_2_02C862D5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C862E1 0_2_02C862E1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C84289 0_2_02C84289
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C84295 0_2_02C84295
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C2AB 0_2_02C8C2AB
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C842AD 0_2_02C842AD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8427F 0_2_02C8427F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8620D 0_2_02C8620D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C83214 0_2_02C83214
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86225 0_2_02C86225
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86231 0_2_02C86231
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C843D5 0_2_02C843D5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C843E1 0_2_02C843E1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C863E3 0_2_02C863E3
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8B3F9 0_2_02C8B3F9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86385 0_2_02C86385
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8B3BD 0_2_02C8B3BD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C84351 0_2_02C84351
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8636D 0_2_02C8636D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8B361 0_2_02C8B361
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86379 0_2_02C86379
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C84085 0_2_02C84085
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86095 0_2_02C86095
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C860B9 0_2_02C860B9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C84061 0_2_02C84061
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8600D 0_2_02C8600D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8401B 0_2_02C8401B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C87010 0_2_02C87010
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8702B 0_2_02C8702B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8B022 0_2_02C8B022
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86025 0_2_02C86025
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C871C9 0_2_02C871C9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C841D1 0_2_02C841D1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C841F5 0_2_02C841F5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C871B1 0_2_02C871B1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8E156 0_2_02C8E156
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86169 0_2_02C86169
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86161 0_2_02C86161
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86175 0_2_02C86175
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C84109 0_2_02C84109
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C87109 0_2_02C87109
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8411D 0_2_02C8411D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86111 0_2_02C86111
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C84111 0_2_02C84111
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C84135 0_2_02C84135
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C6C9 0_2_02C8C6C9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8568B 0_2_02C8568B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86695 0_2_02C86695
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C866B9 0_2_02C866B9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C6BD 0_2_02C8C6BD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C649 0_2_02C8C649
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C625 0_2_02C8C625
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C631 0_2_02C8C631
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C837D4 0_2_02C837D4
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C7E1 0_2_02C8C7E1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C877A8 0_2_02C877A8
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C7BD 0_2_02C8C7BD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C741 0_2_02C8C741
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C759 0_2_02C8C759
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86729 0_2_02C86729
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86735 0_2_02C86735
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C735 0_2_02C8C735
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C864DD 0_2_02C864DD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C864E5 0_2_02C864E5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C844E5 0_2_02C844E5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C864F1 0_2_02C864F1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C854B5 0_2_02C854B5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C80459 0_2_02C80459
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86455 0_2_02C86455
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C80465 0_2_02C80465
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86479 0_2_02C86479
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8047D 0_2_02C8047D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8447D 0_2_02C8447D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C84475 0_2_02C84475
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C83476 0_2_02C83476
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C80407 0_2_02C80407
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8643D 0_2_02C8643D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86431 0_2_02C86431
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C865CD 0_2_02C865CD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C865C2 0_2_02C865C2
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C865F1 0_2_02C865F1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C598 0_2_02C8C598
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8452D 0_2_02C8452D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86536 0_2_02C86536
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CAC5 0_2_02C8CAC5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DAC7 0_2_02C8DAC7
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8BAD3 0_2_02C8BAD3
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C80AE8 0_2_02C80AE8
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DAF5 0_2_02C8DAF5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86A89 0_2_02C86A89
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DA89 0_2_02C8DA89
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82A8D 0_2_02C82A8D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82A81 0_2_02C82A81
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C83A9C 0_2_02C83A9C
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CAAD 0_2_02C8CAAD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CAA1 0_2_02C8CAA1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C83AB2 0_2_02C83AB2
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82A40 0_2_02C82A40
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DA43 0_2_02C8DA43
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C83A45 0_2_02C83A45
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82A5B 0_2_02C82A5B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C83A5D 0_2_02C83A5D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DA61 0_2_02C8DA61
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82A79 0_2_02C82A79
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86A7D 0_2_02C86A7D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CA0D 0_2_02C8CA0D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CA19 0_2_02C8CA19
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C83A1F 0_2_02C83A1F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CA25 0_2_02C8CA25
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C83A31 0_2_02C83A31
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86BC9 0_2_02C86BC9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DBCD 0_2_02C8DBCD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C83BD5 0_2_02C83BD5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C80BD5 0_2_02C80BD5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DBD5 0_2_02C8DBD5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DBED 0_2_02C8DBED
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DBF9 0_2_02C8DBF9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86BFD 0_2_02C86BFD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C85B8D 0_2_02C85B8D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8BB99 0_2_02C8BB99
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DB9D 0_2_02C8DB9D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DBA9 0_2_02C8DBA9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C83BA6 0_2_02C83BA6
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C83BBD 0_2_02C83BBD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C83BB1 0_2_02C83BB1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DBB5 0_2_02C8DBB5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C80B49 0_2_02C80B49
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DB47 0_2_02C8DB47
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82B5D 0_2_02C82B5D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DB5D 0_2_02C8DB5D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82B51 0_2_02C82B51
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82B69 0_2_02C82B69
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C85B69 0_2_02C85B69
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C80B61 0_2_02C80B61
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C85B75 0_2_02C85B75
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DB75 0_2_02C8DB75
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82B0C 0_2_02C82B0C
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C83B0D 0_2_02C83B0D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8BB05 0_2_02C8BB05
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8BB1D 0_2_02C8BB1D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86B2D 0_2_02C86B2D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CB2D 0_2_02C8CB2D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86B21 0_2_02C86B21
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C80B3D 0_2_02C80B3D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DB3D 0_2_02C8DB3D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C85B3F 0_2_02C85B3F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C80B33 0_2_02C80B33
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C8FD 0_2_02C8C8FD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8688D 0_2_02C8688D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C85D 0_2_02C8C85D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86869 0_2_02C86869
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86875 0_2_02C86875
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8A877 0_2_02C8A877
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C816 0_2_02C8C816
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C869F3 0_2_02C869F3
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C989 0_2_02C8C989
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C995 0_2_02C8C995
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C9A1 0_2_02C8C9A1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C869B9 0_2_02C869B9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8594D 0_2_02C8594D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C85959 0_2_02C85959
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8090F 0_2_02C8090F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86919 0_2_02C86919
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C85920 0_2_02C85920
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86925 0_2_02C86925
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86931 0_2_02C86931
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CEC9 0_2_02C8CEC9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82ED9 0_2_02C82ED9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CED5 0_2_02C8CED5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CEED 0_2_02C8CEED
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82EF9 0_2_02C82EF9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86EF5 0_2_02C86EF5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CEBD 0_2_02C8CEBD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CE41 0_2_02C8CE41
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86E25 0_2_02C86E25
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86F8D 0_2_02C86F8D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8AF6A 0_2_02C8AF6A
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CF61 0_2_02C8CF61
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86F0D 0_2_02C86F0D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86F01 0_2_02C86F01
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86F19 0_2_02C86F19
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82F1D 0_2_02C82F1D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86CCD 0_2_02C86CCD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DCED 0_2_02C8DCED
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C85CE5 0_2_02C85CE5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DCE5 0_2_02C8DCE5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8ACAC 0_2_02C8ACAC
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86CB5 0_2_02C86CB5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DC59 0_2_02C8DC59
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C87C57 0_2_02C87C57
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DC71 0_2_02C8DC71
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86C09 0_2_02C86C09
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C85C09 0_2_02C85C09
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DC0D 0_2_02C8DC0D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DC19 0_2_02C8DC19
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C85C15 0_2_02C85C15
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86C15 0_2_02C86C15
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C85C2D 0_2_02C85C2D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86C21 0_2_02C86C21
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DC25 0_2_02C8DC25
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DDC9 0_2_02C8DDC9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DD9D 0_2_02C8DD9D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DDA5 0_2_02C8DDA5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DDB1 0_2_02C8DDB1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86D75 0_2_02C86D75
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86D11 0_2_02C86D11
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8DD11 0_2_02C8DD11
PE file contains strange resources
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version info
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe, 00000000.00000000.647693248.0000000000435000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameReamusekbman.exe vs SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe, 00000000.00000002.1170103596.0000000002280000.00000002.00000001.sdmp Binary or memory string: OriginalFilenameuser32j% vs SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Binary or memory string: OriginalFilenameReamusekbman.exe vs SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe
Uses 32bit PE files
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: classification engine Classification label: mal84.troj.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe File created: C:\Users\user\AppData\Local\Temp\~DF6BDFD07AB53422A8.TMP Jump to behavior
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Virustotal: Detection: 20%

Data Obfuscation:

barindex
Yara detected GuLoader
Source: Yara match File source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe, type: SAMPLE
Source: Yara match File source: 0.0.SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1169731276.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000000.647663159.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_0040662E push ebp; iretd 0_2_00406638
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C80791 push edi; retf 0_2_02C80790
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C80753 push edi; retf 0_2_02C8076B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8076C push edi; retf 0_2_02C8076B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8076C push edi; retf 0_2_02C80790
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C862C9 0_2_02C862C9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C862D5 0_2_02C862D5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C862E1 0_2_02C862E1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8620D 0_2_02C8620D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C83214 0_2_02C83214
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86225 0_2_02C86225
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86231 0_2_02C86231
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C863E3 0_2_02C863E3
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86385 0_2_02C86385
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8636D 0_2_02C8636D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86379 0_2_02C86379
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86095 0_2_02C86095
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C860B9 0_2_02C860B9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8600D 0_2_02C8600D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86025 0_2_02C86025
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86169 0_2_02C86169
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86161 0_2_02C86161
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86175 0_2_02C86175
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86111 0_2_02C86111
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8568B 0_2_02C8568B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C837D4 0_2_02C837D4
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C877A8 0_2_02C877A8
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C864DD 0_2_02C864DD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C864E5 0_2_02C864E5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C864F1 0_2_02C864F1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86455 0_2_02C86455
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86479 0_2_02C86479
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C80407 0_2_02C80407
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8643D 0_2_02C8643D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86431 0_2_02C86431
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C865CD 0_2_02C865CD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C865C2 0_2_02C865C2
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C865F1 0_2_02C865F1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C598 0_2_02C8C598
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C86536 0_2_02C86536
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8BAD3 0_2_02C8BAD3
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82A8D 0_2_02C82A8D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82A81 0_2_02C82A81
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82A40 0_2_02C82A40
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82A5B 0_2_02C82A5B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82A79 0_2_02C82A79
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C83A1F 0_2_02C83A1F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C82B0C 0_2_02C82B0C
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C85B3F 0_2_02C85B3F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C87878 0_2_02C87878
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8A877 0_2_02C8A877
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CEC9 0_2_02C8CEC9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CED5 0_2_02C8CED5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CEED 0_2_02C8CEED
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CEBD 0_2_02C8CEBD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CE41 0_2_02C8CE41
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CF61 0_2_02C8CF61
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8CF79 0_2_02C8CF79
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe RDTSC instruction interceptor: First address: 0000000002C8BB89 second address: 0000000002C8BB89 instructions:
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe RDTSC instruction interceptor: First address: 0000000002C8BB89 second address: 0000000002C8BB89 instructions:
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe RDTSC instruction interceptor: First address: 0000000002C8B7D7 second address: 0000000002C8B73A instructions: 0x00000000 rdtsc 0x00000002 mov eax, E2C96E1Dh 0x00000007 add eax, F5135739h 0x0000000c add eax, 4CB33013h 0x00000011 xor eax, 248FF568h 0x00000016 cpuid 0x00000018 popad 0x00000019 cmp al, bl 0x0000001b call 00007FC1149B7DB0h 0x00000020 lfence 0x00000023 mov edx, CF8A4B87h 0x00000028 xor edx, 92055ED3h 0x0000002e sub edx, 11EA7C92h 0x00000034 xor edx, 345A98D6h 0x0000003a mov edx, dword ptr [edx] 0x0000003c lfence 0x0000003f test eax, edx 0x00000041 cmp ebx, eax 0x00000043 cmp ch, ch 0x00000045 cmp dh, dh 0x00000047 jmp 00007FC1149B7D92h 0x00000049 test ecx, eax 0x0000004b test dx, cx 0x0000004e test ecx, 5A8CACB8h 0x00000054 cmp bh, 0000006Fh 0x00000057 ret 0x00000058 test ecx, edx 0x0000005a sub edx, esi 0x0000005c ret 0x0000005d test cx, cx 0x00000060 test dh, ch 0x00000062 test eax, ecx 0x00000064 add edi, edx 0x00000066 cmp cx, cx 0x00000069 dec dword ptr [ebp+000000F8h] 0x0000006f pushad 0x00000070 lfence 0x00000073 rdtsc
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe RDTSC instruction interceptor: First address: 0000000002C8B73A second address: 0000000002C8B7D7 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b cmp dword ptr [ebp+000000F8h], 00000000h 0x00000012 jne 00007FC1149B6FFEh 0x00000014 cmp dx, cx 0x00000017 cmp dl, bl 0x00000019 call 00007FC1149B70E0h 0x0000001e call 00007FC1149B70A3h 0x00000023 lfence 0x00000026 mov edx, CF8A4B87h 0x0000002b xor edx, 92055ED3h 0x00000031 sub edx, 11EA7C92h 0x00000037 xor edx, 345A98D6h 0x0000003d mov edx, dword ptr [edx] 0x0000003f lfence 0x00000042 test eax, edx 0x00000044 cmp ebx, eax 0x00000046 cmp ch, ch 0x00000048 cmp dh, dh 0x0000004a jmp 00007FC1149B7062h 0x0000004c test ecx, eax 0x0000004e test dx, cx 0x00000051 test ecx, 5A8CACB8h 0x00000057 cmp bh, 0000006Fh 0x0000005a ret 0x0000005b mov esi, edx 0x0000005d pushad 0x0000005e rdtsc
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8812F rdtsc 0_2_02C8812F
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

barindex
Found potential dummy code loops (likely to delay analysis)
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Process Stats: CPU usage > 90% for more than 60s
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8812F rdtsc 0_2_02C8812F
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8401B mov eax, dword ptr fs:[00000030h] 0_2_02C8401B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8B199 mov eax, dword ptr fs:[00000030h] 0_2_02C8B199
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8C598 mov eax, dword ptr fs:[00000030h] 0_2_02C8C598
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C87A5C mov eax, dword ptr fs:[00000030h] 0_2_02C87A5C
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C84B10 mov eax, dword ptr fs:[00000030h] 0_2_02C84B10
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8A910 mov eax, dword ptr fs:[00000030h] 0_2_02C8A910
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe, 00000000.00000002.1169996437.0000000000D80000.00000002.00000001.sdmp Binary or memory string: Program Manager
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe, 00000000.00000002.1169996437.0000000000D80000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe, 00000000.00000002.1169996437.0000000000D80000.00000002.00000001.sdmp Binary or memory string: Progman
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe, 00000000.00000002.1169996437.0000000000D80000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 0_2_02C8D094 cpuid 0_2_02C8D094
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 450598 Sample: SOCAR Petroleum S.A Romania... Startdate: 19/07/2021 Architecture: WINDOWS Score: 84 7 Found malware configuration 2->7 9 Multi AV Scanner detection for submitted file 2->9 11 Yara detected GuLoader 2->11 13 5 other signatures 2->13 5 SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe 1 2->5         started        process3
No contacted IP infos

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://andreameixueiro.com/karin_entmCGmZw1b;z true
  • Avira URL Cloud: safe
 unknown