Source: 00000000.00000002.756540382.0000000002250000.00000040.00000001.sdmp |
Malware Configuration Extractor: GuLoader {"Payload URL": "https://bamontarquitectura.com.mx/IRANSAT_kowbB4.bi}"} |
Source: VZghv7yI7g.exe |
Virustotal: Detection: 29% |
Perma Link |
Source: VZghv7yI7g.exe |
ReversingLabs: Detection: 13% |
Source: VZghv7yI7g.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: Malware configuration extractor |
URLs: https://bamontarquitectura.com.mx/IRANSAT_kowbB4.bi} |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Process Stats: CPU usage > 98% |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_004092BC |
0_2_004092BC |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225662B |
0_2_0225662B |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256E00 |
0_2_02256E00 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02251664 |
0_2_02251664 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02251276 |
0_2_02251276 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02251A43 |
0_2_02251A43 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022562A3 |
0_2_022562A3 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256AAB |
0_2_02256AAB |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225E280 |
0_2_0225E280 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256692 |
0_2_02256692 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022516E3 |
0_2_022516E3 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022512E8 |
0_2_022512E8 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022536FA |
0_2_022536FA |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022566C7 |
0_2_022566C7 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256EC7 |
0_2_02256EC7 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225C329 |
0_2_0225C329 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256B6B |
0_2_02256B6B |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256778 |
0_2_02256778 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225634E |
0_2_0225634E |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225DB55 |
0_2_0225DB55 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02251783 |
0_2_02251783 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256F9B |
0_2_02256F9B |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256BEB |
0_2_02256BEB |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022563F7 |
0_2_022563F7 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02255FF1 |
0_2_02255FF1 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225AFD7 |
0_2_0225AFD7 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02257025 |
0_2_02257025 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02257022 |
0_2_02257022 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225681F |
0_2_0225681F |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225684F |
0_2_0225684F |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225A455 |
0_2_0225A455 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02257CAB |
0_2_02257CAB |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256C93 |
0_2_02256C93 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225709F |
0_2_0225709F |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022518FB |
0_2_022518FB |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225AFD7 |
0_2_0225AFD7 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225692D |
0_2_0225692D |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256D2C |
0_2_02256D2C |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256138 |
0_2_02256138 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225156F |
0_2_0225156F |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225A969 |
0_2_0225A969 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02251175 |
0_2_02251175 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02253971 |
0_2_02253971 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256955 |
0_2_02256955 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256554 |
0_2_02256554 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022555A6 |
0_2_022555A6 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022561DC |
0_2_022561DC |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225C5D9 |
0_2_0225C5D9 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022569D8 |
0_2_022569D8 |
Source: VZghv7yI7g.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: VZghv7yI7g.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: VZghv7yI7g.exe, 00000000.00000002.756145297.00000000021F0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameuser32j% vs VZghv7yI7g.exe |
Source: VZghv7yI7g.exe, 00000000.00000000.226808596.0000000000435000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameIndtr8.exe vs VZghv7yI7g.exe |
Source: VZghv7yI7g.exe |
Binary or memory string: OriginalFilenameIndtr8.exe vs VZghv7yI7g.exe |
Source: VZghv7yI7g.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: classification engine |
Classification label: mal84.troj.evad.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
File created: C:\Users\user~1\AppData\Local\Temp\~DF815418FFB8C45D82.TMP |
Jump to behavior |
Source: VZghv7yI7g.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: VZghv7yI7g.exe |
Virustotal: Detection: 29% |
Source: VZghv7yI7g.exe |
ReversingLabs: Detection: 13% |
Source: Yara match |
File source: 00000000.00000002.756540382.0000000002250000.00000040.00000001.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0040C06E push 00000000h; retf |
0_2_0040C0B0 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_00406625 push ebp; iretd |
0_2_0040662F |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02253429 push 84000002h; retf |
0_2_0225342F |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02250095 pushad ; retf |
0_2_02250097 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225010B pushad ; retf |
0_2_0225010D |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225662B |
0_2_0225662B |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02251664 |
0_2_02251664 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02251276 |
0_2_02251276 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022562A3 |
0_2_022562A3 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256AAB |
0_2_02256AAB |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225E280 |
0_2_0225E280 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256692 |
0_2_02256692 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022516E3 |
0_2_022516E3 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022512E8 |
0_2_022512E8 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022536FA |
0_2_022536FA |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022566C7 |
0_2_022566C7 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256778 |
0_2_02256778 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225634E |
0_2_0225634E |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02251783 |
0_2_02251783 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022563F7 |
0_2_022563F7 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02255FF1 |
0_2_02255FF1 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225681F |
0_2_0225681F |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225684F |
0_2_0225684F |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225A455 |
0_2_0225A455 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022518FB |
0_2_022518FB |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225692D |
0_2_0225692D |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256138 |
0_2_02256138 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225156F |
0_2_0225156F |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225A969 |
0_2_0225A969 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02251175 |
0_2_02251175 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02253971 |
0_2_02253971 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256955 |
0_2_02256955 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02256554 |
0_2_02256554 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022561DC |
0_2_022561DC |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225C5D9 |
0_2_0225C5D9 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_022569D8 |
0_2_022569D8 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
RDTSC instruction interceptor: First address: 000000000225E352 second address: 000000000225E352 instructions: |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
RDTSC instruction interceptor: First address: 000000000225E352 second address: 000000000225E352 instructions: |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
API coverage: 9.9 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Process Stats: CPU usage > 90% for more than 60s |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02257AB1 mov eax, dword ptr fs:[00000030h] |
0_2_02257AB1 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225A900 mov eax, dword ptr fs:[00000030h] |
0_2_0225A900 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225B1FE mov eax, dword ptr fs:[00000030h] |
0_2_0225B1FE |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0225C5D9 mov eax, dword ptr fs:[00000030h] |
0_2_0225C5D9 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: VZghv7yI7g.exe, 00000000.00000002.755749327.0000000000DA0000.00000002.00000001.sdmp |
Binary or memory string: uProgram Manager |
Source: VZghv7yI7g.exe, 00000000.00000002.755749327.0000000000DA0000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: VZghv7yI7g.exe, 00000000.00000002.755749327.0000000000DA0000.00000002.00000001.sdmp |
Binary or memory string: Progman |
Source: VZghv7yI7g.exe, 00000000.00000002.755749327.0000000000DA0000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |