Windows Analysis Report SecuriteInfo.com.Variant.Graftor.981190.24096.12674

Overview

General Information

Sample Name: SecuriteInfo.com.Variant.Graftor.981190.24096.12674 (renamed file extension from 12674 to exe)
Analysis ID: 451828
MD5: 19cac1ee3a6e5e9f83054616f5d5ce6f
SHA1: 5b7f16098760f887b0bdc5fee9223d022e0597fb
SHA256: 3709110cc04e0eaffe10bec5e8a5c82b858bee4195975e7bcd30c50b246f56c3
Tags: exe
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score: 84
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found potential dummy code loops (likely to delay analysis)
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Creates a DirectInput object (often for capturing keystrokes)
Detected potential crypto function
PE / OLE file has an invalid certificate
PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection:

barindex
Found malware configuration
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Malware Configuration Extractor: GuLoader {"Payload URL": "https://kinmirai.org/wp-content/bin_lOulvHP91.bip"}
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Virustotal: Detection: 14% Perma Link
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe ReversingLabs: Detection: 19%

Compliance:

barindex
Uses 32bit PE files
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\typo.pdb source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe

Networking:

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: https://kinmirai.org/wp-content/bin_lOulvHP91.bip
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: https://www.digicert.com/CPS0

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Creates a DirectInput object (often for capturing keystrokes)
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000002.00000002.850725852.000000000073A000.00000004.00000020.sdmp Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

barindex
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process Stats: CPU usage > 98%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A953FF NtAllocateVirtualMemory, 2_2_02A953FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A953FB NtAllocateVirtualMemory, 2_2_02A953FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A95541 NtAllocateVirtualMemory, 2_2_02A95541
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A953FF 2_2_02A953FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A93EB2 2_2_02A93EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A97EB4 2_2_02A97EB4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A97AEF 2_2_02A97AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A906E2 2_2_02A906E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A97AF5 2_2_02A97AF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A926CA 2_2_02A926CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A93EC0 2_2_02A93EC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A906D2 2_2_02A906D2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A97229 2_2_02A97229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A90626 2_2_02A90626
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A98605 2_2_02A98605
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A91207 2_2_02A91207
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A9824D 2_2_02A9824D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A93FA8 2_2_02A93FA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A937A5 2_2_02A937A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A93FE9 2_2_02A93FE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A93BE2 2_2_02A93BE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A953FB 2_2_02A953FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A947FF 2_2_02A947FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A93FC2 2_2_02A93FC2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A91B2E 2_2_02A91B2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A91B24 2_2_02A91B24
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A91706 2_2_02A91706
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A96F73 2_2_02A96F73
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A94345 2_2_02A94345
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A98B5E 2_2_02A98B5E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A98B51 2_2_02A98B51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A938B4 2_2_02A938B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A97CB7 2_2_02A97CB7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A98C81 2_2_02A98C81
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A940EF 2_2_02A940EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A904C0 2_2_02A904C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A958D6 2_2_02A958D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A92407 2_2_02A92407
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A9207C 2_2_02A9207C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A9444B 2_2_02A9444B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A95844 2_2_02A95844
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A951A4 2_2_02A951A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A901E9 2_2_02A901E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A905D8 2_2_02A905D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A921DB 2_2_02A921DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A901DA 2_2_02A901DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A92567 2_2_02A92567
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A96D5C 2_2_02A96D5C
PE / OLE file has an invalid certificate
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: invalid certificate
PE file contains strange resources
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000002.00000000.325551670.0000000000435000.00000002.00020000.sdmp Binary or memory string: OriginalFilenametypo.exe vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Binary or memory string: OriginalFilenametypo.exe vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: classification engine Classification label: mal84.troj.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe File created: C:\Users\user\AppData\Local\Temp\~DF84A7F2EA291541CF.TMP Jump to behavior
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Virustotal: Detection: 14%
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe ReversingLabs: Detection: 19%
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\typo.pdb source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe

Data Obfuscation:

barindex
Yara detected GuLoader
Source: Yara match File source: 00000002.00000002.852029233.0000000002A90000.00000040.00000001.sdmp, type: MEMORY
Yara detected GuLoader
Source: Yara match File source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, type: SAMPLE
Source: Yara match File source: 2.2.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.0.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000002.00000000.325526342.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.850474872.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A99662 push esp; iretd 2_2_02A99671
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A99672 push esp; iretd 2_2_02A99675
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A99676 push esp; iretd 2_2_02A99679
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A93FA8 push ebp; retf 2_2_02A93FC5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A9634A push 00000020h; retf 2_2_02A9634C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A91589 push ebp; retf 2_2_02A9158F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A935DC push ebp; ret 2_2_02A935FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A93EB2 2_2_02A93EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A97EB4 2_2_02A97EB4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A906E2 2_2_02A906E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A906D2 2_2_02A906D2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A90626 2_2_02A90626
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A98605 2_2_02A98605
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A93FA8 2_2_02A93FA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A937A5 2_2_02A937A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A93FE9 2_2_02A93FE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A93FC2 2_2_02A93FC2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A94345 2_2_02A94345
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A98B51 2_2_02A98B51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A97CB7 2_2_02A97CB7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A940EF 2_2_02A940EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A904C0 2_2_02A904C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A92407 2_2_02A92407
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A9207C 2_2_02A9207C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A905D8 2_2_02A905D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A921DB 2_2_02A921DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A92567 2_2_02A92567
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A96D5C 2_2_02A96D5C
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A93EB2 rdtsc 2_2_02A93EB2
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

barindex
Found potential dummy code loops (likely to delay analysis)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process Stats: CPU usage > 90% for more than 60s
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A93EB2 rdtsc 2_2_02A93EB2
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A96B34 mov eax, dword ptr fs:[00000030h] 2_2_02A96B34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A970BE mov eax, dword ptr fs:[00000030h] 2_2_02A970BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A97CB7 mov eax, dword ptr fs:[00000030h] 2_2_02A97CB7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A95022 mov eax, dword ptr fs:[00000030h] 2_2_02A95022
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000002.00000002.850792525.0000000000CC0000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000002.00000002.850792525.0000000000CC0000.00000002.00000001.sdmp Binary or memory string: Progman
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000002.00000002.850792525.0000000000CC0000.00000002.00000001.sdmp Binary or memory string: &Program Manager
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000002.00000002.850792525.0000000000CC0000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 2_2_02A96E24 cpuid 2_2_02A96E24
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 451828 Sample: SecuriteInfo.com.Variant.Gr... Startdate: 21/07/2021 Architecture: WINDOWS Score: 84 8 Found malware configuration 2->8 10 Multi AV Scanner detection for submitted file 2->10 12 Yara detected GuLoader 2->12 14 2 other signatures 2->14 5 SecuriteInfo.com.Variant.Graftor.981190.24096.exe 1 2->5         started        process3 signatures4 16 Contains functionality to detect hardware virtualization (CPUID execution measurement) 5->16 18 Found potential dummy code loops (likely to delay analysis) 5->18
No contacted IP infos

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://kinmirai.org/wp-content/bin_lOulvHP91.bip true
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown