Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Malware Configuration Extractor: GuLoader {"Payload URL": "https://kinmirai.org/wp-content/bin_lOulvHP91.bip"} |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Virustotal: Detection: 14% | Perma Link |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | ReversingLabs: Detection: 19% |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | String found in binary or memory: http://ocsp.digicert.com0C |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | String found in binary or memory: http://ocsp.digicert.com0O |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000002.00000002.850725852.000000000073A000.00000004.00000020.sdmp | Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/> |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A953FF NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A953FB NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A95541 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A953FF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A93EB2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A97EB4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A97AEF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A906E2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A97AF5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A926CA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A93EC0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A906D2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A97229 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A90626 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A98605 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A91207 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A9824D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A93FA8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A937A5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A93FE9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A93BE2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A953FB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A947FF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A93FC2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A91B2E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A91B24 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A91706 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A96F73 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A94345 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A98B5E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A98B51 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A938B4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A97CB7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A98C81 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A940EF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A904C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A958D6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A92407 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A9207C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A9444B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A95844 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A951A4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A901E9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A905D8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A921DB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A901DA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A92567 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A96D5C |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000002.00000000.325551670.0000000000435000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenametypo.exe vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Binary or memory string: OriginalFilenametypo.exe vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Virustotal: Detection: 14% |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe | ReversingLabs: Detection: 19% |
Source: Yara match | File source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, type: SAMPLE |
Source: Yara match | File source: 2.2.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.0.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000002.00000000.325526342.0000000000401000.00000020.00020000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.850474872.0000000000401000.00000020.00020000.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A99662 push esp; iretd |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A99672 push esp; iretd |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A99676 push esp; iretd |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A93FA8 push ebp; retf |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A9634A push 00000020h; retf |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A91589 push ebp; retf |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A935DC push ebp; ret |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A93EB2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A97EB4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A906E2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A906D2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A90626 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A98605 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A93FA8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A937A5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A93FE9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A93FC2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A94345 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A98B51 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A97CB7 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A940EF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A904C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A92407 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A9207C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A905D8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A921DB |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A92567 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A96D5C |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A96B34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A970BE mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A97CB7 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe | Code function: 2_2_02A95022 mov eax, dword ptr fs:[00000030h] |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000002.00000002.850792525.0000000000CC0000.00000002.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000002.00000002.850792525.0000000000CC0000.00000002.00000001.sdmp | Binary or memory string: Progman |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000002.00000002.850792525.0000000000CC0000.00000002.00000001.sdmp | Binary or memory string: &Program Manager |
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000002.00000002.850792525.0000000000CC0000.00000002.00000001.sdmp | Binary or memory string: Progmanlock |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.