Windows Analysis Report Documentos de env#U00edo.exe

Overview

General Information

Sample Name: Documentos de env#U00edo.exe
Analysis ID: 457991
MD5: a60166d50572eedc2e44b327e4928324
SHA1: 0b5c5afd46ab950959dc1e5fda5520ddae0c51a4
SHA256: 8a714868cf6bea9d1a01154cc98fa33abbe75350f06cf26d31538ed0aba6a808
Tags: exe
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score: 92
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Executable has a suspicious name (potential lure to open the executable)
Found potential dummy code loops (likely to delay analysis)
Initial sample is a PE file and has a suspicious name
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Detected potential crypto function
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection:

barindex
Found malware configuration
Source: 00000001.00000002.748823935.0000000002B60000.00000040.00000001.sdmp Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?exportC"}
Multi AV Scanner detection for submitted file
Source: Documentos de env#U00edo.exe Virustotal: Detection: 20% Perma Link

Compliance:

barindex
Uses 32bit PE files
Source: Documentos de env#U00edo.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: https://drive.google.com/uc?exportC

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_004028B4 GetAsyncKeyState, 1_2_004028B4

System Summary:

barindex
Executable has a suspicious name (potential lure to open the executable)
Source: Documentos de env#U00edo.exe Static file information: Suspicious name
Initial sample is a PE file and has a suspicious name
Source: initial sample Static PE information: Filename: Documentos de env#U00edo.exe
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Process Stats: CPU usage > 98%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B66544 NtAllocateVirtualMemory, 1_2_02B66544
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6668B NtAllocateVirtualMemory, 1_2_02B6668B
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B66232 NtAllocateVirtualMemory, 1_2_02B66232
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6624A NtAllocateVirtualMemory, 1_2_02B6624A
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6676B NtAllocateVirtualMemory, 1_2_02B6676B
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B665C3 NtAllocateVirtualMemory, 1_2_02B665C3
Detected potential crypto function
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B66544 1_2_02B66544
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B61EB2 1_2_02B61EB2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6AAB8 1_2_02B6AAB8
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B60AA3 1_2_02B60AA3
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B646AC 1_2_02B646AC
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6AE95 1_2_02B6AE95
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B69A86 1_2_02B69A86
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6668B 1_2_02B6668B
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B63EFF 1_2_02B63EFF
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B64EE8 1_2_02B64EE8
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B652E9 1_2_02B652E9
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B612C7 1_2_02B612C7
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6AACB 1_2_02B6AACB
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B66232 1_2_02B66232
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6523E 1_2_02B6523E
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B60A1B 1_2_02B60A1B
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B62A00 1_2_02B62A00
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B62A59 1_2_02B62A59
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6624A 1_2_02B6624A
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B68FB1 1_2_02B68FB1
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B663A7 1_2_02B663A7
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6ABA9 1_2_02B6ABA9
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B68F91 1_2_02B68F91
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B62F9B 1_2_02B62F9B
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6ABFE 1_2_02B6ABFE
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B607FF 1_2_02B607FF
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B647FF 1_2_02B647FF
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B60FFD 1_2_02B60FFD
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B607FA 1_2_02B607FA
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B613E3 1_2_02B613E3
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6333F 1_2_02B6333F
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B69B3D 1_2_02B69B3D
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6AB39 1_2_02B6AB39
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B63B25 1_2_02B63B25
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B63B16 1_2_02B63B16
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B62F02 1_2_02B62F02
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B62B6F 1_2_02B62B6F
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B64B5B 1_2_02B64B5B
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B60344 1_2_02B60344
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B64C83 1_2_02B64C83
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B64483 1_2_02B64483
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B63C8F 1_2_02B63C8F
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B608FD 1_2_02B608FD
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B614FD 1_2_02B614FD
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B69CFA 1_2_02B69CFA
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B610D7 1_2_02B610D7
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B698D4 1_2_02B698D4
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B634DF 1_2_02B634DF
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B640DB 1_2_02B640DB
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B630D9 1_2_02B630D9
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B690C7 1_2_02B690C7
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6B0C4 1_2_02B6B0C4
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6502D 1_2_02B6502D
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B69C15 1_2_02B69C15
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B64402 1_2_02B64402
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B64063 1_2_02B64063
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B62C61 1_2_02B62C61
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B69052 1_2_02B69052
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6AC5C 1_2_02B6AC5C
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B69DA9 1_2_02B69DA9
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B65195 1_2_02B65195
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B64587 1_2_02B64587
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6B1EF 1_2_02B6B1EF
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B631E9 1_2_02B631E9
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B64DC5 1_2_02B64DC5
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B665C3 1_2_02B665C3
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B621C0 1_2_02B621C0
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B611CE 1_2_02B611CE
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B695CE 1_2_02B695CE
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6A12E 1_2_02B6A12E
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B65D7B 1_2_02B65D7B
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6AD6D 1_2_02B6AD6D
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B64954 1_2_02B64954
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6255F 1_2_02B6255F
Sample file is different than original file name gathered from version info
Source: Documentos de env#U00edo.exe, 00000001.00000002.744472089.0000000000423000.00000002.00020000.sdmp Binary or memory string: OriginalFilenamePROSODETICDEF.exe vs Documentos de env#U00edo.exe
Source: Documentos de env#U00edo.exe, 00000001.00000002.745396573.00000000021E0000.00000002.00000001.sdmp Binary or memory string: OriginalFilenameuser32j% vs Documentos de env#U00edo.exe
Source: Documentos de env#U00edo.exe Binary or memory string: OriginalFilenamePROSODETICDEF.exe vs Documentos de env#U00edo.exe
Uses 32bit PE files
Source: Documentos de env#U00edo.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: classification engine Classification label: mal92.troj.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe File created: C:\Users\user\AppData\Local\Temp\~DFC591D959ED29C104.TMP Jump to behavior
Source: Documentos de env#U00edo.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe File read: C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: Documentos de env#U00edo.exe Virustotal: Detection: 20%
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4a04656d-52aa-49de-8a09-cb178760e748}\InProcServer32 Jump to behavior

Data Obfuscation:

barindex
Yara detected GuLoader
Source: Yara match File source: 00000001.00000002.748823935.0000000002B60000.00000040.00000001.sdmp, type: MEMORY
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_00407E4C push ss; iretd 1_2_00407F03
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_00409055 push ss; ret 1_2_0040907F
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_004090A4 push ss; ret 1_2_004090B7
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_00406151 push ss; iretd 1_2_00406163
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_00407566 push edi; ret 1_2_00407567
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_00408D20 push ss; iretd 1_2_00408D2F
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_00409184 push ss; ret 1_2_00409193
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B66544 push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B60AA3 push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B60E8B push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B67AD1 push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B60A1B push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6739C push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B67398 push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B607FF push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B607FA push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B60B75 push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B60B72 push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B60344 push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B60CAA push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B60497 push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B608FD push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6B424 push edx; ret 1_2_02B6B42B
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B605AD push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B67984 push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6B1EF push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B60D6F push eax; retf 1_2_02B67AF2
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B646AC 1_2_02B646AC
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B63EFF 1_2_02B63EFF
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B647FF 1_2_02B647FF
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B62F02 1_2_02B62F02
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B64B5B 1_2_02B64B5B
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B64C83 1_2_02B64C83
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B64483 1_2_02B64483
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6B0C4 1_2_02B6B0C4
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B64587 1_2_02B64587
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B64DC5 1_2_02B64DC5
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B64954 1_2_02B64954
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe RDTSC instruction interceptor: First address: 0000000002B6916B second address: 0000000002B6916B instructions:
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe RDTSC instruction interceptor: First address: 0000000002B6AD54 second address: 0000000002B6AD54 instructions:
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe RDTSC instruction interceptor: First address: 0000000002B6916B second address: 0000000002B6916B instructions:
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe RDTSC instruction interceptor: First address: 0000000002B6AD54 second address: 0000000002B6AD54 instructions:
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B646AC rdtsc 1_2_02B646AC
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

barindex
Found potential dummy code loops (likely to delay analysis)
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Process Stats: CPU usage > 90% for more than 60s
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B646AC rdtsc 1_2_02B646AC
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B69A86 mov eax, dword ptr fs:[00000030h] 1_2_02B69A86
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B68E55 mov eax, dword ptr fs:[00000030h] 1_2_02B68E55
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B63B25 mov eax, dword ptr fs:[00000030h] 1_2_02B63B25
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B63B16 mov eax, dword ptr fs:[00000030h] 1_2_02B63B16
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B62F02 mov eax, dword ptr fs:[00000030h] 1_2_02B62F02
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B65CA0 mov eax, dword ptr fs:[00000030h] 1_2_02B65CA0
Source: C:\Users\user\Desktop\Documentos de env#U00edo.exe Code function: 1_2_02B6898D mov eax, dword ptr fs:[00000030h] 1_2_02B6898D
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: Documentos de env#U00edo.exe, 00000001.00000002.745011893.0000000000D80000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: Documentos de env#U00edo.exe, 00000001.00000002.745011893.0000000000D80000.00000002.00000001.sdmp Binary or memory string: Progman
Source: Documentos de env#U00edo.exe, 00000001.00000002.745011893.0000000000D80000.00000002.00000001.sdmp Binary or memory string: SProgram Managerl
Source: Documentos de env#U00edo.exe, 00000001.00000002.745011893.0000000000D80000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd,
Source: Documentos de env#U00edo.exe, 00000001.00000002.745011893.0000000000D80000.00000002.00000001.sdmp Binary or memory string: Progmanlock
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 457991 Sample: Documentos de env#U00edo.exe Startdate: 02/08/2021 Architecture: WINDOWS Score: 92 7 Found malware configuration 2->7 9 Multi AV Scanner detection for submitted file 2->9 11 Yara detected GuLoader 2->11 13 7 other signatures 2->13 5 Documentos de env#U00edo.exe 2 2->5         started        process3
No contacted IP infos