Windows Analysis Report SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe

Overview

General Information

Sample Name: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe
Analysis ID: 450598
MD5: 597eff6540780213008d384ca831852a
SHA1: 74fcaa7b00efdfc2056eb4651aea03c529d9bf8d
SHA256: 464e32b273ff94e18247402fec1445dceb07fe8ea16490038fa64b9a23672cf0
Tags: exe
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score: 84
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Detected potential crypto function
PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection:

barindex
Found malware configuration
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Malware Configuration Extractor: GuLoader {"Payload URL": "https://andreameixueiro.com/karin_entmCGmZw1b;z"}
Multi AV Scanner detection for submitted file
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Virustotal: Detection: 20% Perma Link

Compliance:

barindex
Uses 32bit PE files
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: https://andreameixueiro.com/karin_entmCGmZw1b;z

System Summary:

barindex
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Process Stats: CPU usage > 98%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211812F NtAllocateVirtualMemory, 1_2_0211812F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02118299 NtAllocateVirtualMemory, 1_2_02118299
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211834D NtAllocateVirtualMemory, 1_2_0211834D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02118365 NtAllocateVirtualMemory, 1_2_02118365
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021181FD NtAllocateVirtualMemory, 1_2_021181FD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021181E5 NtAllocateVirtualMemory, 1_2_021181E5
Detected potential crypto function
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211812F 1_2_0211812F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02113214 1_2_02113214
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211620D 1_2_0211620D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116231 1_2_02116231
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116225 1_2_02116225
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211427F 1_2_0211427F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02114295 1_2_02114295
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02114289 1_2_02114289
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C2AB 1_2_0211C2AB
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021142AD 1_2_021142AD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021162D5 1_2_021162D5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021162C9 1_2_021162C9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021162E1 1_2_021162E1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02114351 1_2_02114351
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116379 1_2_02116379
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211B361 1_2_0211B361
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211636D 1_2_0211636D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116385 1_2_02116385
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211B3BD 1_2_0211B3BD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021143D5 1_2_021143D5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211B3F9 1_2_0211B3F9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021143E1 1_2_021143E1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021163E3 1_2_021163E3
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02117010 1_2_02117010
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211401B 1_2_0211401B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211600D 1_2_0211600D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211B022 1_2_0211B022
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116025 1_2_02116025
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211702B 1_2_0211702B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02114061 1_2_02114061
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116095 1_2_02116095
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02114085 1_2_02114085
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021160B9 1_2_021160B9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116111 1_2_02116111
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02114111 1_2_02114111
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211411D 1_2_0211411D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02114109 1_2_02114109
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02117109 1_2_02117109
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02114135 1_2_02114135
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211E156 1_2_0211E156
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116175 1_2_02116175
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116161 1_2_02116161
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116169 1_2_02116169
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021171B1 1_2_021171B1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021141D1 1_2_021141D1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021171C9 1_2_021171C9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021141F5 1_2_021141F5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C631 1_2_0211C631
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C625 1_2_0211C625
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C649 1_2_0211C649
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116695 1_2_02116695
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211568B 1_2_0211568B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021166B9 1_2_021166B9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C6BD 1_2_0211C6BD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C6C9 1_2_0211C6C9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116735 1_2_02116735
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C735 1_2_0211C735
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116729 1_2_02116729
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C759 1_2_0211C759
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C741 1_2_0211C741
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C7BD 1_2_0211C7BD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021177A8 1_2_021177A8
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021137D4 1_2_021137D4
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C7E1 1_2_0211C7E1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02110407 1_2_02110407
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116431 1_2_02116431
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211643D 1_2_0211643D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116455 1_2_02116455
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02110459 1_2_02110459
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02114475 1_2_02114475
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02113476 1_2_02113476
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116479 1_2_02116479
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211047D 1_2_0211047D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211447D 1_2_0211447D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02110465 1_2_02110465
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021154B5 1_2_021154B5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021164DD 1_2_021164DD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021164F1 1_2_021164F1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021164E5 1_2_021164E5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021144E5 1_2_021144E5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116536 1_2_02116536
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211452D 1_2_0211452D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C598 1_2_0211C598
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021165C2 1_2_021165C2
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021165CD 1_2_021165CD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021165F1 1_2_021165F1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CA19 1_2_0211CA19
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02113A1F 1_2_02113A1F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CA0D 1_2_0211CA0D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02113A31 1_2_02113A31
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CA25 1_2_0211CA25
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112A5B 1_2_02112A5B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02113A5D 1_2_02113A5D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112A40 1_2_02112A40
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DA43 1_2_0211DA43
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02113A45 1_2_02113A45
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112A79 1_2_02112A79
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116A7D 1_2_02116A7D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DA61 1_2_0211DA61
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02113A9C 1_2_02113A9C
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112A81 1_2_02112A81
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116A89 1_2_02116A89
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DA89 1_2_0211DA89
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112A8D 1_2_02112A8D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02113AB2 1_2_02113AB2
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CAA1 1_2_0211CAA1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CAAD 1_2_0211CAAD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211BAD3 1_2_0211BAD3
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CAC5 1_2_0211CAC5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DAC7 1_2_0211DAC7
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DAF5 1_2_0211DAF5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02110AE8 1_2_02110AE8
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211BB1D 1_2_0211BB1D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211BB05 1_2_0211BB05
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02113B0D 1_2_02113B0D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112B0C 1_2_02112B0C
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02110B33 1_2_02110B33
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02110B3D 1_2_02110B3D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DB3D 1_2_0211DB3D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02115B3F 1_2_02115B3F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116B21 1_2_02116B21
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116B2D 1_2_02116B2D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CB2D 1_2_0211CB2D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112B51 1_2_02112B51
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112B5D 1_2_02112B5D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DB5D 1_2_0211DB5D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DB47 1_2_0211DB47
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02110B49 1_2_02110B49
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02115B75 1_2_02115B75
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DB75 1_2_0211DB75
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02110B61 1_2_02110B61
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112B69 1_2_02112B69
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02115B69 1_2_02115B69
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211BB99 1_2_0211BB99
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DB9D 1_2_0211DB9D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02115B8D 1_2_02115B8D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02113BB1 1_2_02113BB1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DBB5 1_2_0211DBB5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02113BBD 1_2_02113BBD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02113BA6 1_2_02113BA6
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DBA9 1_2_0211DBA9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02113BD5 1_2_02113BD5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02110BD5 1_2_02110BD5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DBD5 1_2_0211DBD5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116BC9 1_2_02116BC9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DBCD 1_2_0211DBCD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DBF9 1_2_0211DBF9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116BFD 1_2_02116BFD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DBED 1_2_0211DBED
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C816 1_2_0211C816
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C85D 1_2_0211C85D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116875 1_2_02116875
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211A877 1_2_0211A877
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116869 1_2_02116869
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211688D 1_2_0211688D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C8FD 1_2_0211C8FD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116919 1_2_02116919
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211090F 1_2_0211090F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116931 1_2_02116931
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02115920 1_2_02115920
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116925 1_2_02116925
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02115959 1_2_02115959
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211594D 1_2_0211594D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C995 1_2_0211C995
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C989 1_2_0211C989
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021169B9 1_2_021169B9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C9A1 1_2_0211C9A1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021169F3 1_2_021169F3
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116E25 1_2_02116E25
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CE41 1_2_0211CE41
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CEBD 1_2_0211CEBD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CED5 1_2_0211CED5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112ED9 1_2_02112ED9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CEC9 1_2_0211CEC9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116EF5 1_2_02116EF5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112EF9 1_2_02112EF9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CEED 1_2_0211CEED
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116F19 1_2_02116F19
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112F1D 1_2_02112F1D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116F01 1_2_02116F01
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116F0D 1_2_02116F0D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CF61 1_2_0211CF61
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211AF6A 1_2_0211AF6A
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116F8D 1_2_02116F8D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02115C15 1_2_02115C15
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116C15 1_2_02116C15
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DC19 1_2_0211DC19
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116C09 1_2_02116C09
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02115C09 1_2_02115C09
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DC0D 1_2_0211DC0D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116C21 1_2_02116C21
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DC25 1_2_0211DC25
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02115C2D 1_2_02115C2D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02117C57 1_2_02117C57
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DC59 1_2_0211DC59
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DC71 1_2_0211DC71
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116CB5 1_2_02116CB5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211ACAC 1_2_0211ACAC
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116CCD 1_2_02116CCD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02115CE5 1_2_02115CE5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DCE5 1_2_0211DCE5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DCED 1_2_0211DCED
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116D11 1_2_02116D11
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DD11 1_2_0211DD11
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116D75 1_2_02116D75
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DD9D 1_2_0211DD9D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DDB1 1_2_0211DDB1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DDA5 1_2_0211DDA5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211DDC9 1_2_0211DDC9
PE file contains strange resources
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version info
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe, 00000001.00000002.1280612420.00000000020C0000.00000002.00000001.sdmp Binary or memory string: OriginalFilenameuser32j% vs SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe, 00000001.00000002.1279546764.0000000000435000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameReamusekbman.exe vs SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Binary or memory string: OriginalFilenameReamusekbman.exe vs SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe
Uses 32bit PE files
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: classification engine Classification label: mal84.troj.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe File created: C:\Users\user\AppData\Local\Temp\~DF0927D9F65CCD4BB7.TMP Jump to behavior
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Virustotal: Detection: 20%

Data Obfuscation:

barindex
Yara detected GuLoader
Source: Yara match File source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe, type: SAMPLE
Source: Yara match File source: 1.0.SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000001.00000000.199329516.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.1279452529.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0040662E push ebp; iretd 1_2_00406638
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02110753 push edi; retf 1_2_0211076B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211076C push edi; retf 1_2_0211076B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211076C push edi; retf 1_2_02110790
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02110791 push edi; retf 1_2_02110790
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02113214 1_2_02113214
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211620D 1_2_0211620D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116231 1_2_02116231
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116225 1_2_02116225
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021162D5 1_2_021162D5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021162C9 1_2_021162C9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021162E1 1_2_021162E1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116379 1_2_02116379
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211636D 1_2_0211636D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116385 1_2_02116385
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021163E3 1_2_021163E3
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211600D 1_2_0211600D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116025 1_2_02116025
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116095 1_2_02116095
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021160B9 1_2_021160B9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116111 1_2_02116111
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116175 1_2_02116175
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116161 1_2_02116161
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116169 1_2_02116169
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211568B 1_2_0211568B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021177A8 1_2_021177A8
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021137D4 1_2_021137D4
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02110407 1_2_02110407
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116431 1_2_02116431
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211643D 1_2_0211643D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116455 1_2_02116455
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116479 1_2_02116479
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021164DD 1_2_021164DD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021164F1 1_2_021164F1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021164E5 1_2_021164E5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02116536 1_2_02116536
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C598 1_2_0211C598
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021165C2 1_2_021165C2
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021165CD 1_2_021165CD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_021165F1 1_2_021165F1
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02113A1F 1_2_02113A1F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112A5B 1_2_02112A5B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112A40 1_2_02112A40
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112A79 1_2_02112A79
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112A81 1_2_02112A81
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112A8D 1_2_02112A8D
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211BAD3 1_2_0211BAD3
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02112B0C 1_2_02112B0C
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02115B3F 1_2_02115B3F
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211A877 1_2_0211A877
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02117878 1_2_02117878
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CE41 1_2_0211CE41
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CEBD 1_2_0211CEBD
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CED5 1_2_0211CED5
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CEC9 1_2_0211CEC9
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CEED 1_2_0211CEED
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CF79 1_2_0211CF79
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211CF61 1_2_0211CF61
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe RDTSC instruction interceptor: First address: 000000000211BB89 second address: 000000000211BB89 instructions:
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe RDTSC instruction interceptor: First address: 000000000211BB89 second address: 000000000211BB89 instructions:
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe RDTSC instruction interceptor: First address: 000000000211B7D7 second address: 000000000211B73A instructions: 0x00000000 rdtsc 0x00000002 mov eax, E2C96E1Dh 0x00000007 add eax, F5135739h 0x0000000c add eax, 4CB33013h 0x00000011 xor eax, 248FF568h 0x00000016 cpuid 0x00000018 popad 0x00000019 cmp al, bl 0x0000001b call 00007F67F8BAD9A0h 0x00000020 lfence 0x00000023 mov edx, CF8A4B87h 0x00000028 xor edx, 92055ED3h 0x0000002e sub edx, 11EA7C92h 0x00000034 xor edx, 345A98D6h 0x0000003a mov edx, dword ptr [edx] 0x0000003c lfence 0x0000003f test eax, edx 0x00000041 cmp ebx, eax 0x00000043 cmp ch, ch 0x00000045 cmp dh, dh 0x00000047 jmp 00007F67F8BAD982h 0x00000049 test ecx, eax 0x0000004b test dx, cx 0x0000004e test ecx, 5A8CACB8h 0x00000054 cmp bh, 0000006Fh 0x00000057 ret 0x00000058 test ecx, edx 0x0000005a sub edx, esi 0x0000005c ret 0x0000005d test cx, cx 0x00000060 test dh, ch 0x00000062 test eax, ecx 0x00000064 add edi, edx 0x00000066 cmp cx, cx 0x00000069 dec dword ptr [ebp+000000F8h] 0x0000006f pushad 0x00000070 lfence 0x00000073 rdtsc
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe RDTSC instruction interceptor: First address: 000000000211B73A second address: 000000000211B7D7 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b cmp dword ptr [ebp+000000F8h], 00000000h 0x00000012 jne 00007F67F8CB656Eh 0x00000014 cmp dx, cx 0x00000017 cmp dl, bl 0x00000019 call 00007F67F8CB6650h 0x0000001e call 00007F67F8CB6613h 0x00000023 lfence 0x00000026 mov edx, CF8A4B87h 0x0000002b xor edx, 92055ED3h 0x00000031 sub edx, 11EA7C92h 0x00000037 xor edx, 345A98D6h 0x0000003d mov edx, dword ptr [edx] 0x0000003f lfence 0x00000042 test eax, edx 0x00000044 cmp ebx, eax 0x00000046 cmp ch, ch 0x00000048 cmp dh, dh 0x0000004a jmp 00007F67F8CB65D2h 0x0000004c test ecx, eax 0x0000004e test dx, cx 0x00000051 test ecx, 5A8CACB8h 0x00000057 cmp bh, 0000006Fh 0x0000005a ret 0x0000005b mov esi, edx 0x0000005d pushad 0x0000005e rdtsc
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211812F rdtsc 1_2_0211812F
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

barindex
Found potential dummy code loops (likely to delay analysis)
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Process Stats: CPU usage > 90% for more than 60s
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211812F rdtsc 1_2_0211812F
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211401B mov eax, dword ptr fs:[00000030h] 1_2_0211401B
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211B199 mov eax, dword ptr fs:[00000030h] 1_2_0211B199
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211C598 mov eax, dword ptr fs:[00000030h] 1_2_0211C598
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02117A5C mov eax, dword ptr fs:[00000030h] 1_2_02117A5C
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_02114B10 mov eax, dword ptr fs:[00000030h] 1_2_02114B10
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211A910 mov eax, dword ptr fs:[00000030h] 1_2_0211A910
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe, 00000001.00000002.1280321907.0000000000C70000.00000002.00000001.sdmp Binary or memory string: Program Manager
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe, 00000001.00000002.1280321907.0000000000C70000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe, 00000001.00000002.1280321907.0000000000C70000.00000002.00000001.sdmp Binary or memory string: Progman
Source: SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe, 00000001.00000002.1280321907.0000000000C70000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe Code function: 1_2_0211D094 cpuid 1_2_0211D094
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 450598 Sample: SOCAR Petroleum S.A Romania... Startdate: 19/07/2021 Architecture: WINDOWS Score: 84 7 Found malware configuration 2->7 9 Multi AV Scanner detection for submitted file 2->9 11 Yara detected GuLoader 2->11 13 5 other signatures 2->13 5 SOCAR Petroleum S.A Romania ordin urgent nr. 21199.exe 1 2->5         started        process3
No contacted IP infos

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://andreameixueiro.com/karin_entmCGmZw1b;z true
  • Avira URL Cloud: safe
 unknown