Source: VZghv7yI7g.exe |
Virustotal: Detection: 29% |
Perma Link |
Source: VZghv7yI7g.exe |
ReversingLabs: Detection: 13% |
Source: VZghv7yI7g.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Process Stats: CPU usage > 98% |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_004092BC |
0_2_004092BC |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8C329 |
0_2_02A8C329 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8CEAA |
0_2_02A8CEAA |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8C6B4 |
0_2_02A8C6B4 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8CEE6 |
0_2_02A8CEE6 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8CAD7 |
0_2_02A8CAD7 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8DE3B |
0_2_02A8DE3B |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8C665 |
0_2_02A8C665 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8C7B8 |
0_2_02A8C7B8 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8DBBF |
0_2_02A8DBBF |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8DB8F |
0_2_02A8DB8F |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8CF87 |
0_2_02A8CF87 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8DF14 |
0_2_02A8DF14 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8CB63 |
0_2_02A8CB63 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8CB72 |
0_2_02A8CB72 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8DB55 |
0_2_02A8DB55 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8C8CA |
0_2_02A8C8CA |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8DCC7 |
0_2_02A8DCC7 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8E033 |
0_2_02A8E033 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8C816 |
0_2_02A8C816 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8C9C1 |
0_2_02A8C9C1 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8C5DB |
0_2_02A8C5DB |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8DD3B |
0_2_02A8DD3B |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8C90C |
0_2_02A8C90C |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8DD07 |
0_2_02A8DD07 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8C563 |
0_2_02A8C563 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8C567 |
0_2_02A8C567 |
Source: VZghv7yI7g.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: VZghv7yI7g.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: VZghv7yI7g.exe, 00000000.00000002.824891384.0000000000435000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameIndtr8.exe vs VZghv7yI7g.exe |
Source: VZghv7yI7g.exe, 00000000.00000002.826092877.0000000002920000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameuser32j% vs VZghv7yI7g.exe |
Source: VZghv7yI7g.exe |
Binary or memory string: OriginalFilenameIndtr8.exe vs VZghv7yI7g.exe |
Source: VZghv7yI7g.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: classification engine |
Classification label: mal60.evad.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
File created: C:\Users\user\AppData\Local\Temp\~DFEB0EEF351A7A5910.TMP |
Jump to behavior |
Source: VZghv7yI7g.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Section loaded: C:\Windows\SysWOW64\msvbvm60.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: VZghv7yI7g.exe |
Virustotal: Detection: 29% |
Source: VZghv7yI7g.exe |
ReversingLabs: Detection: 13% |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_0040C06E push 00000000h; retf |
0_2_0040C0B0 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_00406625 push ebp; iretd |
0_2_0040662F |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8E73F push edi; ret |
0_2_02A8E741 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8D1F3 push FFFFFFB9h; retf |
0_2_02A8D1F5 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8D1CB push FFFFFFB9h; retf |
0_2_02A8D1CD |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
RDTSC instruction interceptor: First address: 0000000002A8E352 second address: 0000000002A8E352 instructions: |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
RDTSC instruction interceptor: First address: 0000000002A8E352 second address: 0000000002A8E352 instructions: |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8CEAA rdtsc |
0_2_02A8CEAA |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Process Stats: CPU usage > 90% for more than 60s |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8CEAA rdtsc |
0_2_02A8CEAA |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8C5DB mov eax, dword ptr fs:[00000030h] |
0_2_02A8C5DB |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8C563 mov eax, dword ptr fs:[00000030h] |
0_2_02A8C563 |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8C567 mov eax, dword ptr fs:[00000030h] |
0_2_02A8C567 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\VZghv7yI7g.exe |
Code function: 0_2_02A8CD39 cpuid |
0_2_02A8CD39 |