Windows Analysis Report Weemaes B.V.-PO74748392.exe

Overview

General Information

Sample Name: Weemaes B.V.-PO74748392.exe
Analysis ID: 458358
MD5: a08f23a15ef10b17370668cf5b9947ad
SHA1: 7cc53628714dd9d69881be1d186adf7b3e7af9cd
SHA256: cc8e7690934b9059a1613d246a6c933df5dd7b1e333038dc76f7839dcc5697cd
Tags: exe
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
GuLoader behavior detected
Multi AV Scanner detection for submitted file
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Hides threads from debuggers
Potentially malicious time measurement code found
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
PE / OLE file has an invalid certificate
PE file contains strange resources
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection:

barindex
Found malware configuration
Source: Weemaes B.V.-PO74748392.exe Malware Configuration Extractor: GuLoader {"Payload URL": "http://rossettlee.ddnsgeek.com/x/5bab0b1d864615bab0b1d864b3/2"}
Multi AV Scanner detection for submitted file
Source: Weemaes B.V.-PO74748392.exe Virustotal: Detection: 35% Perma Link

Compliance:

barindex
Uses 32bit PE files
Source: Weemaes B.V.-PO74748392.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: http://rossettlee.ddnsgeek.com/x/5bab0b1d864615bab0b1d864b3/2
Source: Weemaes B.V.-PO74748392.exe String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: Weemaes B.V.-PO74748392.exe String found in binary or memory: http://s.symcd.com06
Source: Weemaes B.V.-PO74748392.exe String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: Weemaes B.V.-PO74748392.exe String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: Weemaes B.V.-PO74748392.exe String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: Weemaes B.V.-PO74748392.exe String found in binary or memory: https://d.symcb.com/cps0%
Source: Weemaes B.V.-PO74748392.exe String found in binary or memory: https://d.symcb.com/rpa0
Source: Weemaes B.V.-PO74748392.exe String found in binary or memory: https://d.symcb.com/rpa0.

System Summary:

barindex
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Process Stats: CPU usage > 98%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214C733 NtProtectVirtualMemory, 0_2_0214C733
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214CD46 LoadLibraryA,NtResumeThread, 0_2_0214CD46
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02140D67 NtWriteVirtualMemory,LoadLibraryA, 0_2_02140D67
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141190 NtWriteVirtualMemory,TerminateProcess,LoadLibraryA, 0_2_02141190
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02147989 NtAllocateVirtualMemory, 0_2_02147989
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146214 NtWriteVirtualMemory, 0_2_02146214
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145E29 NtWriteVirtualMemory, 0_2_02145E29
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145E51 NtWriteVirtualMemory, 0_2_02145E51
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146644 NtWriteVirtualMemory, 0_2_02146644
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146270 NtWriteVirtualMemory, 0_2_02146270
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146672 NtWriteVirtualMemory, 0_2_02146672
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214567C NtWriteVirtualMemory,LoadLibraryA, 0_2_0214567C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146A84 NtWriteVirtualMemory, 0_2_02146A84
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145A86 NtWriteVirtualMemory, 0_2_02145A86
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02147A86 NtAllocateVirtualMemory, 0_2_02147A86
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02142682 NtWriteVirtualMemory, 0_2_02142682
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145EBE NtWriteVirtualMemory, 0_2_02145EBE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02147AB9 NtAllocateVirtualMemory, 0_2_02147AB9
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146ADE NtWriteVirtualMemory, 0_2_02146ADE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021466F6 NtWriteVirtualMemory, 0_2_021466F6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145AFA NtWriteVirtualMemory, 0_2_02145AFA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021462E2 NtWriteVirtualMemory, 0_2_021462E2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02147B15 NtAllocateVirtualMemory, 0_2_02147B15
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145F2E NtWriteVirtualMemory, 0_2_02145F2E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145B56 NtWriteVirtualMemory, 0_2_02145B56
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02147B5A NtAllocateVirtualMemory, 0_2_02147B5A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214634D NtWriteVirtualMemory, 0_2_0214634D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214674E NtWriteVirtualMemory, 0_2_0214674E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146363 NtWriteVirtualMemory, 0_2_02146363
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146B69 NtWriteVirtualMemory, 0_2_02146B69
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145F93 NtWriteVirtualMemory, 0_2_02145F93
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214679E NtWriteVirtualMemory, 0_2_0214679E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02147B9F NtAllocateVirtualMemory, 0_2_02147B9F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021453A1 NtWriteVirtualMemory, 0_2_021453A1
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145BD3 NtWriteVirtualMemory, 0_2_02145BD3
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021463D8 NtWriteVirtualMemory, 0_2_021463D8
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145FF6 NtWriteVirtualMemory, 0_2_02145FF6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021477FF NtAllocateVirtualMemory, 0_2_021477FF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146BE3 NtWriteVirtualMemory, 0_2_02146BE3
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A018 NtWriteVirtualMemory,LoadLibraryA, 0_2_0214A018
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214800E NtWriteVirtualMemory, 0_2_0214800E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A435 NtWriteVirtualMemory, 0_2_0214A435
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146C52 NtWriteVirtualMemory, 0_2_02146C52
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146442 NtWriteVirtualMemory, 0_2_02146442
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214604A NtWriteVirtualMemory, 0_2_0214604A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214687B NtWriteVirtualMemory, 0_2_0214687B
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145C62 NtWriteVirtualMemory, 0_2_02145C62
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214649B NtWriteVirtualMemory, 0_2_0214649B
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145C83 NtWriteVirtualMemory, 0_2_02145C83
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021460B7 NtWriteVirtualMemory, 0_2_021460B7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021460D0 NtWriteVirtualMemory, 0_2_021460D0
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145CDB NtWriteVirtualMemory, 0_2_02145CDB
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146CC3 NtWriteVirtualMemory, 0_2_02146CC3
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021460E7 NtWriteVirtualMemory, 0_2_021460E7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02147CE1 NtWriteVirtualMemory, 0_2_02147CE1
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146508 NtWriteVirtualMemory, 0_2_02146508
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214653E NtWriteVirtualMemory, 0_2_0214653E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146528 NtWriteVirtualMemory, 0_2_02146528
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214654C NtWriteVirtualMemory, 0_2_0214654C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A175 NtWriteVirtualMemory, 0_2_0214A175
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214597F NtWriteVirtualMemory, 0_2_0214597F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145D62 NtWriteVirtualMemory, 0_2_02145D62
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214796D NtAllocateVirtualMemory, 0_2_0214796D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146196 NtWriteVirtualMemory, 0_2_02146196
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214698D NtWriteVirtualMemory, 0_2_0214698D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021465AF NtWriteVirtualMemory, 0_2_021465AF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145DDF NtWriteVirtualMemory, 0_2_02145DDF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021465C6 NtWriteVirtualMemory, 0_2_021465C6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021469F8 NtWriteVirtualMemory, 0_2_021469F8
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A5EB NtWriteVirtualMemory, 0_2_0214A5EB
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00567989 NtAllocateVirtualMemory, 18_2_00567989
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056796D NtAllocateVirtualMemory, 18_2_0056796D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00567A86 NtAllocateVirtualMemory, 18_2_00567A86
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00567AB9 NtAllocateVirtualMemory, 18_2_00567AB9
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00567B5A NtAllocateVirtualMemory, 18_2_00567B5A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00567B15 NtAllocateVirtualMemory, 18_2_00567B15
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005677FF NtAllocateVirtualMemory, 18_2_005677FF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00567B9F NtAllocateVirtualMemory, 18_2_00567B9F
Detected potential crypto function
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02140827 0_2_02140827
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214B51C 0_2_0214B51C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214CD46 0_2_0214CD46
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02140D67 0_2_02140D67
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141190 0_2_02141190
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02147989 0_2_02147989
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146214 0_2_02146214
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214B212 0_2_0214B212
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214B604 0_2_0214B604
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141202 0_2_02141202
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214D609 0_2_0214D609
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02140A32 0_2_02140A32
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214822D 0_2_0214822D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145E29 0_2_02145E29
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143E51 0_2_02143E51
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145E51 0_2_02145E51
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143652 0_2_02143652
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146644 0_2_02146644
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146270 0_2_02146270
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146672 0_2_02146672
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214567C 0_2_0214567C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145A7D 0_2_02145A7D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214127F 0_2_0214127F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141A62 0_2_02141A62
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02140A93 0_2_02140A93
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146A84 0_2_02146A84
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214B284 0_2_0214B284
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145A86 0_2_02145A86
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02142682 0_2_02142682
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214AEB3 0_2_0214AEB3
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141ABE 0_2_02141ABE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145EBE 0_2_02145EBE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144AA2 0_2_02144AA2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021412D5 0_2_021412D5
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141ED2 0_2_02141ED2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146ADE 0_2_02146ADE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021416F4 0_2_021416F4
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021466F6 0_2_021466F6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021412F7 0_2_021412F7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145AFA 0_2_02145AFA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021462E2 0_2_021462E2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021482EA 0_2_021482EA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144B1F 0_2_02144B1F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143F1A 0_2_02143F1A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02140B07 0_2_02140B07
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02142302 0_2_02142302
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214370D 0_2_0214370D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214570E 0_2_0214570E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02148724 0_2_02148724
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145F2E 0_2_02145F2E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145B56 0_2_02145B56
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02148352 0_2_02148352
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214AF53 0_2_0214AF53
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02140B5F 0_2_02140B5F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141742 0_2_02141742
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214634D 0_2_0214634D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144B4E 0_2_02144B4E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214674E 0_2_0214674E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214134B 0_2_0214134B
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141B7E 0_2_02141B7E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214377E 0_2_0214377E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214577E 0_2_0214577E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214AF66 0_2_0214AF66
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02140363 0_2_02140363
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146363 0_2_02146363
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214136C 0_2_0214136C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146B69 0_2_02146B69
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141F96 0_2_02141F96
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145F93 0_2_02145F93
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214679E 0_2_0214679E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02140786 0_2_02140786
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021453A1 0_2_021453A1
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021417AE 0_2_021417AE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021437D7 0_2_021437D7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145BD3 0_2_02145BD3
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021463D8 0_2_021463D8
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021413DA 0_2_021413DA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144BC8 0_2_02144BC8
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145FF6 0_2_02145FF6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143FF7 0_2_02143FF7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141FF0 0_2_02141FF0
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021477FF 0_2_021477FF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214B01E 0_2_0214B01E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A018 0_2_0214A018
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02140000 0_2_02140000
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214800E 0_2_0214800E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A80F 0_2_0214A80F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A435 0_2_0214A435
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144C32 0_2_02144C32
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214043E 0_2_0214043E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214383A 0_2_0214383A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A850 0_2_0214A850
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146C52 0_2_02146C52
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146442 0_2_02146442
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214804F 0_2_0214804F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214204A 0_2_0214204A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214144A 0_2_0214144A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214404A 0_2_0214404A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214604A 0_2_0214604A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214147A 0_2_0214147A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214807A 0_2_0214807A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214687B 0_2_0214687B
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141867 0_2_02141867
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214AC60 0_2_0214AC60
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145C62 0_2_02145C62
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143C6C 0_2_02143C6C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A86A 0_2_0214A86A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02140492 0_2_02140492
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214649B 0_2_0214649B
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145C83 0_2_02145C83
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214B08A 0_2_0214B08A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021460B7 0_2_021460B7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021480AE 0_2_021480AE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021410AF 0_2_021410AF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02142CAA 0_2_02142CAA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021460D0 0_2_021460D0
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145CDB 0_2_02145CDB
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214B8C4 0_2_0214B8C4
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021418C5 0_2_021418C5
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143CC1 0_2_02143CC1
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021434CE 0_2_021434CE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141CF2 0_2_02141CF2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021414F2 0_2_021414F2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144CE4 0_2_02144CE4
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021460E7 0_2_021460E7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02147CE1 0_2_02147CE1
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02142CE9 0_2_02142CE9
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214811E 0_2_0214811E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214B10E 0_2_0214B10E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02142D0F 0_2_02142D0F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146508 0_2_02146508
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143D0A 0_2_02143D0A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214653E 0_2_0214653E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141D3F 0_2_02141D3F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214293A 0_2_0214293A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141926 0_2_02141926
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214412D 0_2_0214412D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02142928 0_2_02142928
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146528 0_2_02146528
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141D5C 0_2_02141D5C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214B15A 0_2_0214B15A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145145 0_2_02145145
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02148146 0_2_02148146
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214654C 0_2_0214654C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141548 0_2_02141548
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144D48 0_2_02144D48
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A175 0_2_0214A175
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214597F 0_2_0214597F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143167 0_2_02143167
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145D62 0_2_02145D62
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143D6C 0_2_02143D6C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214796D 0_2_0214796D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146196 0_2_02146196
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02148192 0_2_02148192
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214119A 0_2_0214119A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02149D85 0_2_02149D85
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141D86 0_2_02141D86
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214698D 0_2_0214698D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214098A 0_2_0214098A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214298A 0_2_0214298A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021419A7 0_2_021419A7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021465AF 0_2_021465AF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021409D6 0_2_021409D6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02142DDC 0_2_02142DDC
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145DDF 0_2_02145DDF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021465C6 0_2_021465C6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214B1C9 0_2_0214B1C9
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214ADCA 0_2_0214ADCA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021429F8 0_2_021429F8
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021469F8 0_2_021469F8
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021419FB 0_2_021419FB
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143DE2 0_2_02143DE2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A5EB 0_2_0214A5EB
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00567989 18_2_00567989
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566056 18_2_00566056
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056A850 18_2_0056A850
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056644E 18_2_0056644E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056804F 18_2_0056804F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056204A 18_2_0056204A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056404A 18_2_0056404A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056147A 18_2_0056147A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056807A 18_2_0056807A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056D07A 18_2_0056D07A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056AC60 18_2_0056AC60
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563C6C 18_2_00563C6C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056A86A 18_2_0056A86A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B01E 18_2_0056B01E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056A018 18_2_0056A018
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566002 18_2_00566002
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00560000 18_2_00560000
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056800E 18_2_0056800E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056A80F 18_2_0056A80F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056A435 18_2_0056A435
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564C32 18_2_00564C32
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056043E 18_2_0056043E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056383A 18_2_0056383A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BC3A 18_2_0056BC3A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00560827 18_2_00560827
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566822 18_2_00566822
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561828 18_2_00561828
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005618D6 18_2_005618D6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565CDB 18_2_00565CDB
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B8C4 18_2_0056B8C4
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563CC1 18_2_00563CC1
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005634CE 18_2_005634CE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005614FE 18_2_005614FE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BCFE 18_2_0056BCFE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005660E7 18_2_005660E7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564CE4 18_2_00564CE4
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00567CE1 18_2_00567CE1
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00562CE9 18_2_00562CE9
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00560492 18_2_00560492
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566892 18_2_00566892
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BC98 18_2_0056BC98
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565C83 18_2_00565C83
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B08A 18_2_0056B08A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005664A6 18_2_005664A6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005680AE 18_2_005680AE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005610AF 18_2_005610AF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00562CAA 18_2_00562CAA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561552 18_2_00561552
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561D5C 18_2_00561D5C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B15A 18_2_0056B15A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CD46 18_2_0056CD46
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00568146 18_2_00568146
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565145 18_2_00565145
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564D48 18_2_00564D48
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566548 18_2_00566548
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056A175 18_2_0056A175
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056597F 18_2_0056597F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563167 18_2_00563167
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00560D67 18_2_00560D67
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565D62 18_2_00565D62
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CD62 18_2_0056CD62
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563D6C 18_2_00563D6C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056796D 18_2_0056796D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056811E 18_2_0056811E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B51C 18_2_0056B51C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B10E 18_2_0056B10E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00562D0F 18_2_00562D0F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563D0A 18_2_00563D0A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056C50A 18_2_0056C50A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056293A 18_2_0056293A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056412D 18_2_0056412D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00562928 18_2_00562928
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00562DDC 18_2_00562DDC
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CDDA 18_2_0056CDDA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005665C6 18_2_005665C6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056C1C6 18_2_0056C1C6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CDC2 18_2_0056CDC2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056ADCA 18_2_0056ADCA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B1C9 18_2_0056B1C9
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005619FB 18_2_005619FB
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005629F8 18_2_005629F8
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565DE6 18_2_00565DE6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563DE2 18_2_00563DE2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056A5EB 18_2_0056A5EB
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00568192 18_2_00568192
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561190 18_2_00561190
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056699E 18_2_0056699E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056119A 18_2_0056119A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CD86 18_2_0056CD86
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00569D85 18_2_00569D85
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056298A 18_2_0056298A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B9B2 18_2_0056B9B2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005615BA 18_2_005615BA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005619A7 18_2_005619A7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CDAE 18_2_0056CDAE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005665AF 18_2_005665AF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005609AA 18_2_005609AA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BE57 18_2_0056BE57
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563652 18_2_00563652
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563E51 18_2_00563E51
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565E51 18_2_00565E51
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CE46 18_2_0056CE46
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566644 18_2_00566644
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566672 18_2_00566672
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BE7E 18_2_0056BE7E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056C27E 18_2_0056C27E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056567C 18_2_0056567C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565A7D 18_2_00565A7D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561A62 18_2_00561A62
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BA6E 18_2_0056BA6E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BE6E 18_2_0056BE6E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B212 18_2_0056B212
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BA1E 18_2_0056BA1E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B604 18_2_0056B604
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561202 18_2_00561202
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CE0E 18_2_0056CE0E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566A0A 18_2_00566A0A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056D609 18_2_0056D609
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566233 18_2_00566233
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565E3A 18_2_00565E3A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056C226 18_2_0056C226
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056822D 18_2_0056822D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CE2A 18_2_0056CE2A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BAD6 18_2_0056BAD6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005612D5 18_2_005612D5
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561ED2 18_2_00561ED2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BEDA 18_2_0056BEDA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005616F6 18_2_005616F6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005666F6 18_2_005666F6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CEF4 18_2_0056CEF4
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565AFA 18_2_00565AFA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056C2EE 18_2_0056C2EE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566AEA 18_2_00566AEA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005682EA 18_2_005682EA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CE96 18_2_0056CE96
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561292 18_2_00561292
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565A86 18_2_00565A86
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566286 18_2_00566286
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B284 18_2_0056B284
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00562682 18_2_00562682
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561682 18_2_00561682
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566A8E 18_2_00566A8E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056AEB3 18_2_0056AEB3
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561ABE 18_2_00561ABE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565EBE 18_2_00565EBE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00560AA6 18_2_00560AA6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564AA2 18_2_00564AA2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565B56 18_2_00565B56
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561355 18_2_00561355
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00568352 18_2_00568352
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056AF53 18_2_0056AF53
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056635A 18_2_0056635A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BF42 18_2_0056BF42
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056174E 18_2_0056174E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564B4E 18_2_00564B4E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BB4A 18_2_0056BB4A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CF4A 18_2_0056CF4A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561376 18_2_00561376
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561B7E 18_2_00561B7E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056377E 18_2_0056377E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056577E 18_2_0056577E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056AF66 18_2_0056AF66
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00560363 18_2_00560363
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056636E 18_2_0056636E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056036F 18_2_0056036F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00560B6A 18_2_00560B6A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CF10 18_2_0056CF10
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564B1F 18_2_00564B1F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563F1A 18_2_00563F1A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00560302 18_2_00560302
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00562302 18_2_00562302
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00560B0E 18_2_00560B0E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056570E 18_2_0056570E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056370D 18_2_0056370D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056130A 18_2_0056130A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056630B 18_2_0056630B
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056033F 18_2_0056033F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00568724 18_2_00568724
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565F2E 18_2_00565F2E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CF2A 18_2_0056CF2A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BB28 18_2_0056BB28
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005637D7 18_2_005637D7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BBD2 18_2_0056BBD2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005663DE 18_2_005663DE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564BC8 18_2_00564BC8
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563FF7 18_2_00563FF7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561FF0 18_2_00561FF0
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005677FF 18_2_005677FF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565BE6 18_2_00565BE6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CFE7 18_2_0056CFE7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005613E2 18_2_005613E2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BBEC 18_2_0056BBEC
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00560396 18_2_00560396
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561F96 18_2_00561F96
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056CF96 18_2_0056CF96
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565F9A 18_2_00565F9A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BB9B 18_2_0056BB9B
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005617BA 18_2_005617BA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005653A1 18_2_005653A1
PE / OLE file has an invalid certificate
Source: Weemaes B.V.-PO74748392.exe Static PE information: invalid certificate
PE file contains strange resources
Source: Weemaes B.V.-PO74748392.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Weemaes B.V.-PO74748392.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version info
Source: Weemaes B.V.-PO74748392.exe, 00000000.00000002.1005735854.000000000041D000.00000002.00020000.sdmp Binary or memory string: OriginalFilenamePROKURAERS.exe vs Weemaes B.V.-PO74748392.exe
Source: Weemaes B.V.-PO74748392.exe, 00000000.00000002.1006506197.00000000020A0000.00000002.00000001.sdmp Binary or memory string: OriginalFilenameuser32j% vs Weemaes B.V.-PO74748392.exe
Source: Weemaes B.V.-PO74748392.exe, 00000012.00000000.1004881128.000000000041D000.00000002.00020000.sdmp Binary or memory string: OriginalFilenamePROKURAERS.exe vs Weemaes B.V.-PO74748392.exe
Source: Weemaes B.V.-PO74748392.exe Binary or memory string: OriginalFilenamePROKURAERS.exe vs Weemaes B.V.-PO74748392.exe
Uses 32bit PE files
Source: Weemaes B.V.-PO74748392.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: classification engine Classification label: mal100.troj.evad.winEXE@3/0@0/0
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe File created: C:\Users\user\AppData\Local\Temp\~DF12BD0338C143CEBC.TMP Jump to behavior
Source: Weemaes B.V.-PO74748392.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: Weemaes B.V.-PO74748392.exe Virustotal: Detection: 35%
Source: unknown Process created: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe 'C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe'
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Process created: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe 'C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe'
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Process created: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe 'C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe' Jump to behavior

Data Obfuscation:

barindex
Yara detected GuLoader
Source: Yara match File source: 00000012.00000002.1740602938.0000000000560000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1006583828.0000000002140000.00000040.00000001.sdmp, type: MEMORY
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_004079B4 push edi; retf 0_2_004079C2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144442 push edx; ret 0_2_02144443
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144469 push edx; ret 0_2_0214446A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021424A2 push F7664D43h; ret 0_2_021424A7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021410AF pushad ; ret 0_2_0214B9DC
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564442 push edx; ret 18_2_00564443
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564469 push edx; ret 18_2_0056446A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00569CFD push esp; ret 18_2_00569D0A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005624A2 push F7664D43h; ret 18_2_005624A7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056C1BE push CA38C084h; retn 001Ch 18_2_0056C1C3
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214B51C 0_2_0214B51C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02140D67 NtWriteVirtualMemory,LoadLibraryA, 0_2_02140D67
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141190 NtWriteVirtualMemory,TerminateProcess,LoadLibraryA, 0_2_02141190
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146214 NtWriteVirtualMemory, 0_2_02146214
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214D609 0_2_0214D609
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214423A 0_2_0214423A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145E29 NtWriteVirtualMemory, 0_2_02145E29
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143E51 0_2_02143E51
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145E51 NtWriteVirtualMemory, 0_2_02145E51
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146270 NtWriteVirtualMemory, 0_2_02146270
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214567C NtWriteVirtualMemory,LoadLibraryA, 0_2_0214567C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145A86 NtWriteVirtualMemory, 0_2_02145A86
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02142682 NtWriteVirtualMemory, 0_2_02142682
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145EBE NtWriteVirtualMemory, 0_2_02145EBE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021442A2 0_2_021442A2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144AA2 0_2_02144AA2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145AFA NtWriteVirtualMemory, 0_2_02145AFA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021462E2 NtWriteVirtualMemory, 0_2_021462E2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214231C 0_2_0214231C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144B1F 0_2_02144B1F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143F1A 0_2_02143F1A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02142302 0_2_02142302
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214430E 0_2_0214430E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214473D 0_2_0214473D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02148724 0_2_02148724
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145F2E NtWriteVirtualMemory, 0_2_02145F2E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145B56 NtWriteVirtualMemory, 0_2_02145B56
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144B4E 0_2_02144B4E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214476E 0_2_0214476E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144396 0_2_02144396
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145F93 NtWriteVirtualMemory, 0_2_02145F93
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02140786 EnumWindows, 0_2_02140786
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021447BE 0_2_021447BE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021453A1 NtWriteVirtualMemory, 0_2_021453A1
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021447AD 0_2_021447AD
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145BD3 NtWriteVirtualMemory, 0_2_02145BD3
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145FF6 NtWriteVirtualMemory, 0_2_02145FF6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143FF7 0_2_02143FF7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144816 0_2_02144816
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A018 NtWriteVirtualMemory,LoadLibraryA, 0_2_0214A018
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214800E NtWriteVirtualMemory, 0_2_0214800E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A435 NtWriteVirtualMemory, 0_2_0214A435
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214804F 0_2_0214804F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214404A 0_2_0214404A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214604A NtWriteVirtualMemory, 0_2_0214604A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214487E 0_2_0214487E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214807A 0_2_0214807A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145C62 NtWriteVirtualMemory, 0_2_02145C62
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143C6C 0_2_02143C6C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144480 0_2_02144480
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145C83 NtWriteVirtualMemory, 0_2_02145C83
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021460B7 NtWriteVirtualMemory, 0_2_021460B7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021480AE 0_2_021480AE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021410AF TerminateProcess, 0_2_021410AF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021460D0 NtWriteVirtualMemory, 0_2_021460D0
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021444DD 0_2_021444DD
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021448DA 0_2_021448DA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145CDB NtWriteVirtualMemory, 0_2_02145CDB
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214B8C4 0_2_0214B8C4
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143CC1 0_2_02143CC1
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021444FA 0_2_021444FA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021460E7 NtWriteVirtualMemory, 0_2_021460E7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02147CE1 NtWriteVirtualMemory, 0_2_02147CE1
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02142CE9 0_2_02142CE9
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143D0A 0_2_02143D0A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214412D 0_2_0214412D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A175 NtWriteVirtualMemory, 0_2_0214A175
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214597F NtWriteVirtualMemory, 0_2_0214597F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145D62 NtWriteVirtualMemory, 0_2_02145D62
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143D6C 0_2_02143D6C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02146196 NtWriteVirtualMemory, 0_2_02146196
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145DDF NtWriteVirtualMemory, 0_2_02145DDF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021425D8 0_2_021425D8
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214ADCA 0_2_0214ADCA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143DE2 0_2_02143DE2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021441EA 0_2_021441EA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A5EB NtWriteVirtualMemory, 0_2_0214A5EB
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566056 18_2_00566056
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566C5E 18_2_00566C5E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056644E 18_2_0056644E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056804F 18_2_0056804F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056404A 18_2_0056404A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056487E 18_2_0056487E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056807A 18_2_0056807A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563C6C 18_2_00563C6C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564816 18_2_00564816
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056A018 18_2_0056A018
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566002 18_2_00566002
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056800E 18_2_0056800E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566C0E 18_2_00566C0E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056A435 18_2_0056A435
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566822 18_2_00566822
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566CD6 18_2_00566CD6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005644DD 18_2_005644DD
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005648DA 18_2_005648DA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565CDB 18_2_00565CDB
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B8C4 18_2_0056B8C4
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563CC1 18_2_00563CC1
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005644FA 18_2_005644FA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005660E7 18_2_005660E7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00567CE1 18_2_00567CE1
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00562CE9 18_2_00562CE9
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566892 18_2_00566892
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565C83 18_2_00565C83
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564480 18_2_00564480
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00567081 18_2_00567081
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005664A6 18_2_005664A6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005680AE 18_2_005680AE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005610AF 18_2_005610AF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566548 18_2_00566548
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056A175 18_2_0056A175
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056597F 18_2_0056597F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00560D67 18_2_00560D67
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565D62 18_2_00565D62
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563D6C 18_2_00563D6C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B51C 18_2_0056B51C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563D0A 18_2_00563D0A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056412D 18_2_0056412D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005625D8 18_2_005625D8
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005665C6 18_2_005665C6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056ADCA 18_2_0056ADCA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565DE6 18_2_00565DE6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563DE2 18_2_00563DE2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005641EA 18_2_005641EA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056A5EB 18_2_0056A5EB
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561190 18_2_00561190
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056699E 18_2_0056699E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B9B2 18_2_0056B9B2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005665AF 18_2_005665AF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563E51 18_2_00563E51
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565E51 18_2_00565E51
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566644 18_2_00566644
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566672 18_2_00566672
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056567C 18_2_0056567C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BA6E 18_2_0056BA6E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BA1E 18_2_0056BA1E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566A0A 18_2_00566A0A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056D609 18_2_0056D609
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566233 18_2_00566233
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056423A 18_2_0056423A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565E3A 18_2_00565E3A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BAD6 18_2_0056BAD6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005666F6 18_2_005666F6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565AFA 18_2_00565AFA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566AEA 18_2_00566AEA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565A86 18_2_00565A86
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566286 18_2_00566286
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00562682 18_2_00562682
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00566A8E 18_2_00566A8E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565EBE 18_2_00565EBE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005642A2 18_2_005642A2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564AA2 18_2_00564AA2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565B56 18_2_00565B56
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056635A 18_2_0056635A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564B4E 18_2_00564B4E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056476E 18_2_0056476E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056636E 18_2_0056636E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564B1F 18_2_00564B1F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056231C 18_2_0056231C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563F1A 18_2_00563F1A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00562302 18_2_00562302
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056430E 18_2_0056430E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056630B 18_2_0056630B
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056473D 18_2_0056473D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00568724 18_2_00568724
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565F2E 18_2_00565F2E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056BB28 18_2_0056BB28
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005663DE 18_2_005663DE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563FF7 18_2_00563FF7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565BE6 18_2_00565BE6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564396 18_2_00564396
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00565F9A 18_2_00565F9A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005647BE 18_2_005647BE
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005653A1 18_2_005653A1
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005647AD 18_2_005647AD
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 000000000214A419 second address: 000000000214A419 instructions:
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 0000000002145B95 second address: 0000000002145B95 instructions:
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 0000000002146DA5 second address: 0000000002146DA5 instructions:
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 0000000002146E01 second address: 0000000002146E6E instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov edx, 98501FA3h 0x0000000f sub edx, FDFB34E1h 0x00000015 cmp dh, 00000011h 0x00000018 xor edx, E50871A7h 0x0000001e cmp bx, ax 0x00000021 sub edx, 7F5C9B65h 0x00000027 cmp edx, ecx 0x00000029 cmp eax, edx 0x0000002b mov edx, dword ptr [ebp+000001D6h] 0x00000031 jne 00007FD770B76457h 0x00000037 test dx, bx 0x0000003a nop 0x0000003b mov ebx, dword ptr [ebp+20h] 0x0000003e add ebx, 00004100h 0x00000044 mov eax, dword ptr [ebp+00000104h] 0x0000004a mov dword ptr [ebx+000000B8h], eax 0x00000050 mov dword ptr [ebp+000001B9h], esi 0x00000056 jmp 00007FD770B76356h 0x00000058 pushad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 0000000002146E6E second address: 0000000002146E6E instructions:
Tries to detect Any.run
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: Weemaes B.V.-PO74748392.exe, 00000000.00000002.1006564942.0000000002120000.00000004.00000001.sdmp Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
Source: Weemaes B.V.-PO74748392.exe, 00000000.00000002.1006564942.0000000002120000.00000004.00000001.sdmp Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 0000000002140135 second address: 0000000002140160 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b jmp 00007FD770B6A38Ah 0x0000000d pushad 0x0000000e mov eax, 000000FDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 000000000214B063 second address: 000000000214B136 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b test edx, 9428169Fh 0x00000011 cmp esi, edi 0x00000013 mov edi, dword ptr [ebp+000001BEh] 0x00000019 je 00007FD770B76AA9h 0x0000001f push 3343CA3Bh 0x00000024 jmp 00007FD770B76356h 0x00000026 test dh, ch 0x00000028 xor dword ptr [esp], 478B418Dh 0x0000002f cmp edx, 82262C5Fh 0x00000035 sub dword ptr [esp], 2EB968E3h 0x0000003c xor dword ptr [esp], 460F22D3h 0x00000043 cmp ebx, ebx 0x00000045 cmp dl, 0000002Ah 0x00000048 test ebx, edx 0x0000004a push 1ACA19CEh 0x0000004f cmp ch, ch 0x00000051 xor dword ptr [esp], A03EEE6Ah 0x00000058 pushad 0x00000059 mov di, 3215h 0x0000005d cmp di, 3215h 0x00000062 jne 00007FD770B75079h 0x00000068 popad 0x00000069 xor dword ptr [esp], 7AA2B45Eh 0x00000070 sub dword ptr [esp], C05643DEh 0x00000077 test cl, bl 0x00000079 mov dword ptr [ebp+0000023Bh], ecx 0x0000007f mov ecx, edi 0x00000081 push ecx 0x00000082 mov ecx, dword ptr [ebp+0000023Bh] 0x00000088 jmp 00007FD770B7635Ah 0x0000008a test ah, dh 0x0000008c test dh, ah 0x0000008e test eax, eax 0x00000090 mov dword ptr [ebp+00000180h], edx 0x00000096 mov edx, 92B25D48h 0x0000009b cmp bl, al 0x0000009d xor edx, 7EFE344Eh 0x000000a3 pushad 0x000000a4 lfence 0x000000a7 rdtsc
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 000000000214A8D1 second address: 000000000214AD3D instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b test dl, dl 0x0000000d xor ecx, 90DF1B83h 0x00000013 cmp cx, ax 0x00000016 test ah, ah 0x00000018 xor ecx, F680A7B6h 0x0000001e test eax, ecx 0x00000020 nop 0x00000021 xor ecx, BC0BF375h 0x00000027 test ecx, ebx 0x00000029 test dl, cl 0x0000002b cmp cx, ax 0x0000002e mov dword ptr [ebp+00000187h], esi 0x00000034 test ah, ah 0x00000036 mov esi, ecx 0x00000038 test eax, ecx 0x0000003a push esi 0x0000003b nop 0x0000003c mov esi, dword ptr [ebp+00000187h] 0x00000042 jmp 00007FD770B6A386h 0x00000044 test dx, cx 0x00000047 test dl, cl 0x00000049 call 00007FD770B6A4D5h 0x0000004e call 00007FD770B6A617h 0x00000053 lfence 0x00000056 rdtsc
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 000000000214AD3D second address: 000000000214AD3D instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 438A76AEh 0x00000013 xor eax, 68233658h 0x00000018 add eax, 13769C0Fh 0x0000001d sub eax, 3F1FDD04h 0x00000022 cpuid 0x00000024 jmp 00007FD770B76356h 0x00000026 pushad 0x00000027 mov eax, 0000004Fh 0x0000002c cpuid 0x0000002e popad 0x0000002f bt ecx, 1Fh 0x00000033 jc 00007FD770B76D2Eh 0x00000039 cmp ebx, edx 0x0000003b jmp 00007FD770B7635Ah 0x0000003d cmp cl, cl 0x0000003f popad 0x00000040 call 00007FD770B76581h 0x00000045 lfence 0x00000048 rdtsc
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 000000000214BBDB second address: 000000000214BC4F instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 sub byte ptr [eax+09h], FFFFFFAAh 0x00000007 test dl, bl 0x00000009 mov byte ptr [eax+0Ah], FFFFFF95h 0x0000000d push ss 0x0000000e pop ss 0x0000000f jmp 00007FD770B6A386h 0x00000011 cmp bh, ch 0x00000013 xor byte ptr [eax+0Ah], 0000007Dh 0x00000017 cmp ax, 0000E6C6h 0x0000001b test ax, ax 0x0000001e xor byte ptr [eax+0Ah], FFFFFFAFh 0x00000022 add byte ptr [eax+0Ah], FFFFFFBDh 0x00000026 cmp edx, ebx 0x00000028 mov byte ptr [eax+0Bh], 00000005h 0x0000002c test ch, FFFFFF91h 0x0000002f test ah, bh 0x00000031 sub byte ptr [eax+0Bh], 00000072h 0x00000035 xor byte ptr [eax+0Bh], FFFFFFDDh 0x00000039 cmp ax, ax 0x0000003c sub byte ptr [eax+0Bh], 0000004Eh 0x00000040 jmp 00007FD770B6A386h 0x00000042 test ax, dx 0x00000045 test dx, dx 0x00000048 pushad 0x00000049 lfence 0x0000004c rdtsc
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 000000000214A419 second address: 000000000214A419 instructions:
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 000000000214132D second address: 000000000214A17B instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov dword ptr [ebp+0000021Bh], ebx 0x00000011 mov ebx, esi 0x00000013 push ebx 0x00000014 mov ebx, dword ptr [ebp+0000021Bh] 0x0000001a push ss 0x0000001b pop ss 0x0000001c jmp 00007FD770B6A37Eh 0x0000001e test ch, ah 0x00000020 add edi, 000000FFh 0x00000026 cmp bh, ch 0x00000028 mov dword ptr [ebp+000001F6h], esi 0x0000002e mov esi, edi 0x00000030 push esi 0x00000031 jmp 00007FD770B6A38Ah 0x00000033 test cx, dx 0x00000036 mov esi, dword ptr [ebp+000001F6h] 0x0000003c cmp ah, ch 0x0000003e cmp bx, ax 0x00000041 call 00007FD770B73153h 0x00000046 pushad 0x00000047 mov esi, 00000037h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 0000000002145ADB second address: 0000000002145B95 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b test ebx, eax 0x0000000d push dword ptr [ebp+24h] 0x00000010 push 4305DBF6h 0x00000015 sub dword ptr [esp], 353DDF0Bh 0x0000001c jmp 00007FD770B7635Ah 0x0000001e test ecx, ebx 0x00000020 xor dword ptr [esp], A11F1182h 0x00000027 test ax, dx 0x0000002a xor dword ptr [esp], ACD8ED69h 0x00000031 push 2B6511BBh 0x00000036 cmp bl, bl 0x00000038 add dword ptr [esp], CCB58C56h 0x0000003f test ch, FFFFFFCCh 0x00000042 add dword ptr [esp], 223B4A72h 0x00000049 cmp ah, FFFFFFC6h 0x0000004c add dword ptr [esp], E5AA177Dh 0x00000053 test bl, cl 0x00000055 mov dword ptr [ebp+000001A1h], ecx 0x0000005b mov ecx, 0A2D9D02h 0x00000060 jmp 00007FD770B7635Ah 0x00000062 cmp esi, FD2C9FCDh 0x00000068 xor ecx, 7F113666h 0x0000006e xor ecx, DB36DDE1h 0x00000074 pushad 0x00000075 mov ah, D4h 0x00000077 cmp ah, FFFFFFD4h 0x0000007a jne 00007FD770B76238h 0x00000080 popad 0x00000081 cmp dl, dl 0x00000083 xor ecx, AE0A7685h 0x00000089 pushad 0x0000008a rdtsc
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 0000000002145B95 second address: 0000000002145B95 instructions:
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 00000000021499C9 second address: 00000000021499C9 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b call 00007FD770B766CAh 0x00000010 test ax, bx 0x00000013 mov ebx, dword ptr [esp+04h] 0x00000017 xor ecx, ecx 0x00000019 test dl, 00000056h 0x0000001c add ecx, 02h 0x0000001f cmp word ptr [ebx+ecx], 0000h 0x00000024 jne 00007FD770B76338h 0x00000026 add ecx, 02h 0x00000029 cmp word ptr [ebx+ecx], 0000h 0x0000002e jne 00007FD770B76338h 0x00000030 add ecx, 02h 0x00000033 cmp word ptr [ebx+ecx], 0000h 0x00000038 jne 00007FD770B76338h 0x0000003a add ecx, 02h 0x0000003d cmp word ptr [ebx+ecx], 0000h 0x00000042 jne 00007FD770B76338h 0x00000044 add ecx, 02h 0x00000047 cmp word ptr [ebx+ecx], 0000h 0x0000004c jne 00007FD770B76338h 0x0000004e add ecx, 02h 0x00000051 cmp word ptr [ebx+ecx], 0000h 0x00000056 jne 00007FD770B76338h 0x00000058 add ecx, 02h 0x0000005b cmp word ptr [ebx+ecx], 0000h 0x00000060 jne 00007FD770B76338h 0x00000062 retn 0004h 0x00000065 sub ecx, 02h 0x00000068 add eax, 02h 0x0000006b jmp 00007FD770B76356h 0x0000006d test bl, 00000007h 0x00000070 mov bx, word ptr [eax+ecx] 0x00000074 mov dx, word ptr [esi+ecx] 0x00000078 cmp bx, dx 0x0000007b jne 00007FD770B762FEh 0x0000007d push dword ptr [esp+04h] 0x00000081 pushad 0x00000082 lfence 0x00000085 rdtsc
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 0000000002146DA5 second address: 0000000002146DA5 instructions:
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 0000000002146E01 second address: 0000000002146E6E instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a mov edx, 98501FA3h 0x0000000f sub edx, FDFB34E1h 0x00000015 cmp dh, 00000011h 0x00000018 xor edx, E50871A7h 0x0000001e cmp bx, ax 0x00000021 sub edx, 7F5C9B65h 0x00000027 cmp edx, ecx 0x00000029 cmp eax, edx 0x0000002b mov edx, dword ptr [ebp+000001D6h] 0x00000031 jne 00007FD770B76457h 0x00000037 test dx, bx 0x0000003a nop 0x0000003b mov ebx, dword ptr [ebp+20h] 0x0000003e add ebx, 00004100h 0x00000044 mov eax, dword ptr [ebp+00000104h] 0x0000004a mov dword ptr [ebx+000000B8h], eax 0x00000050 mov dword ptr [ebp+000001B9h], esi 0x00000056 jmp 00007FD770B76356h 0x00000058 pushad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 0000000002146E6E second address: 0000000002146E6E instructions:
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 0000000000560135 second address: 0000000000560160 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b jmp 00007FD770B7635Ah 0x0000000d pushad 0x0000000e mov eax, 000000FDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe RDTSC instruction interceptor: First address: 000000000056B063 second address: 000000000056B136 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b test edx, 9428169Fh 0x00000011 cmp esi, edi 0x00000013 mov edi, dword ptr [ebp+000001BEh] 0x00000019 je 00007FD770B6AAD9h 0x0000001f push 3343CA3Bh 0x00000024 jmp 00007FD770B6A386h 0x00000026 test dh, ch 0x00000028 xor dword ptr [esp], 478B418Dh 0x0000002f cmp edx, 82262C5Fh 0x00000035 sub dword ptr [esp], 2EB968E3h 0x0000003c xor dword ptr [esp], 460F22D3h 0x00000043 cmp ebx, ebx 0x00000045 cmp dl, 0000002Ah 0x00000048 test ebx, edx 0x0000004a push 1ACA19CEh 0x0000004f cmp ch, ch 0x00000051 xor dword ptr [esp], A03EEE6Ah 0x00000058 pushad 0x00000059 mov di, 3215h 0x0000005d cmp di, 3215h 0x00000062 jne 00007FD770B690A9h 0x00000068 popad 0x00000069 xor dword ptr [esp], 7AA2B45Eh 0x00000070 sub dword ptr [esp], C05643DEh 0x00000077 test cl, bl 0x00000079 mov dword ptr [ebp+0000023Bh], ecx 0x0000007f mov ecx, edi 0x00000081 push ecx 0x00000082 mov ecx, dword ptr [ebp+0000023Bh] 0x00000088 jmp 00007FD770B6A38Ah 0x0000008a test ah, dh 0x0000008c test dh, ah 0x0000008e test eax, eax 0x00000090 mov dword ptr [ebp+00000180h], edx 0x00000096 mov edx, 92B25D48h 0x0000009b cmp bl, al 0x0000009d xor edx, 7EFE344Eh 0x000000a3 pushad 0x000000a4 lfence 0x000000a7 rdtsc
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02140827 rdtsc 0_2_02140827
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: Weemaes B.V.-PO74748392.exe, 00000000.00000002.1006564942.0000000002120000.00000004.00000001.sdmp Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
Source: Weemaes B.V.-PO74748392.exe, 00000000.00000002.1006564942.0000000002120000.00000004.00000001.sdmp Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe System information queried: ModuleInformation Jump to behavior

Anti Debugging:

barindex
Found potential dummy code loops (likely to delay analysis)
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Process Stats: CPU usage > 90% for more than 60s
Hides threads from debuggers
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Thread information set: HideFromDebugger Jump to behavior
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214423A Start: 02144526 End: 0214453A 0_2_0214423A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143E51 Start: 02144526 End: 0214453A 0_2_02143E51
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021442A2 Start: 02144526 End: 0214453A 0_2_021442A2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02142AC6 Start: 02142BBB End: 02142BD4 0_2_02142AC6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143F1A Start: 02144526 End: 0214453A 0_2_02143F1A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214430E Start: 02144526 End: 0214453A 0_2_0214430E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214473D Start: 02144526 End: 0214453A 0_2_0214473D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144396 Start: 02144526 End: 0214453A 0_2_02144396
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143FF7 Start: 02144526 End: 0214453A 0_2_02143FF7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214404A Start: 02144526 End: 0214453A 0_2_0214404A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144480 Start: 02144526 End: 0214453A 0_2_02144480
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021444DD Start: 02144526 End: 0214453A 0_2_021444DD
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021444FA Start: 02144526 End: 0214453A 0_2_021444FA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214293A Start: 02142BBB End: 02142BD4 0_2_0214293A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214412D Start: 02144526 End: 0214453A 0_2_0214412D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02142928 Start: 02142BBB End: 02142BD4 0_2_02142928
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214298A Start: 02142BBB End: 02142BD4 0_2_0214298A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021429F8 Start: 02142BBB End: 02142BD4 0_2_021429F8
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143DE2 Start: 02144526 End: 0214453A 0_2_02143DE2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021441EA Start: 02144526 End: 0214453A 0_2_021441EA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056404A Start: 00564526 End: 0056453A 18_2_0056404A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005644DD Start: 00564526 End: 0056453A 18_2_005644DD
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005644FA Start: 00564526 End: 0056453A 18_2_005644FA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564480 Start: 00564526 End: 0056453A 18_2_00564480
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056293A Start: 00562BBB End: 00562BD4 18_2_0056293A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056412D Start: 00564526 End: 0056453A 18_2_0056412D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00562928 Start: 00562BBB End: 00562BD4 18_2_00562928
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005629F8 Start: 00562BBB End: 00562BD4 18_2_005629F8
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563DE2 Start: 00564526 End: 0056453A 18_2_00563DE2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005641EA Start: 00564526 End: 0056453A 18_2_005641EA
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056298A Start: 00562BBB End: 00562BD4 18_2_0056298A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563E51 Start: 00564526 End: 0056453A 18_2_00563E51
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056423A Start: 00564526 End: 0056453A 18_2_0056423A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00562AC6 Start: 00562BBB End: 00562BD4 18_2_00562AC6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005642A2 Start: 00564526 End: 0056453A 18_2_005642A2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563F1A Start: 00564526 End: 0056453A 18_2_00563F1A
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056430E Start: 00564526 End: 0056453A 18_2_0056430E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056473D Start: 00564526 End: 0056453A 18_2_0056473D
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563FF7 Start: 00564526 End: 0056453A 18_2_00563FF7
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564396 Start: 00564526 End: 0056453A 18_2_00564396
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02140827 rdtsc 0_2_02140827
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02148BF9 LdrInitializeThunk, 0_2_02148BF9
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214B51C mov eax, dword ptr fs:[00000030h] 0_2_0214B51C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02141190 mov eax, dword ptr fs:[00000030h] 0_2_02141190
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144AA2 mov eax, dword ptr fs:[00000030h] 0_2_02144AA2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021472D6 mov eax, dword ptr fs:[00000030h] 0_2_021472D6
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144B1F mov eax, dword ptr fs:[00000030h] 0_2_02144B1F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144B4E mov eax, dword ptr fs:[00000030h] 0_2_02144B4E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021473B1 mov eax, dword ptr fs:[00000030h] 0_2_021473B1
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021473A2 mov eax, dword ptr fs:[00000030h] 0_2_021473A2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02144BC8 mov eax, dword ptr fs:[00000030h] 0_2_02144BC8
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02143C6C mov eax, dword ptr fs:[00000030h] 0_2_02143C6C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_021410AF mov eax, dword ptr fs:[00000030h] 0_2_021410AF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214B8C4 mov eax, dword ptr fs:[00000030h] 0_2_0214B8C4
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02149DE5 mov eax, dword ptr fs:[00000030h] 0_2_02149DE5
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_0214A5EB mov eax, dword ptr fs:[00000030h] 0_2_0214A5EB
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00563C6C mov eax, dword ptr fs:[00000030h] 18_2_00563C6C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B8C4 mov eax, dword ptr fs:[00000030h] 18_2_0056B8C4
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005610AF mov eax, dword ptr fs:[00000030h] 18_2_005610AF
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056B51C mov eax, dword ptr fs:[00000030h] 18_2_0056B51C
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00569DE5 mov eax, dword ptr fs:[00000030h] 18_2_00569DE5
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_0056A5EB mov eax, dword ptr fs:[00000030h] 18_2_0056A5EB
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00561190 mov eax, dword ptr fs:[00000030h] 18_2_00561190
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564AA2 mov eax, dword ptr fs:[00000030h] 18_2_00564AA2
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564B4E mov eax, dword ptr fs:[00000030h] 18_2_00564B4E
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564B1F mov eax, dword ptr fs:[00000030h] 18_2_00564B1F
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_00564BC8 mov eax, dword ptr fs:[00000030h] 18_2_00564BC8
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 18_2_005673B1 mov eax, dword ptr fs:[00000030h] 18_2_005673B1
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

HIPS / PFW / Operating System Protection Evasion:

barindex
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Process created: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe 'C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe' Jump to behavior
Source: Weemaes B.V.-PO74748392.exe, 00000012.00000002.1741093700.0000000000FA0000.00000002.00000001.sdmp Binary or memory string: Program Manager
Source: Weemaes B.V.-PO74748392.exe, 00000012.00000002.1741093700.0000000000FA0000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: Weemaes B.V.-PO74748392.exe, 00000012.00000002.1741093700.0000000000FA0000.00000002.00000001.sdmp Binary or memory string: Progman
Source: Weemaes B.V.-PO74748392.exe, 00000012.00000002.1741093700.0000000000FA0000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Code function: 0_2_02145A2A cpuid 0_2_02145A2A
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\Weemaes B.V.-PO74748392.exe Queries volume information: C:\ VolumeInformation Jump to behavior

Stealing of Sensitive Information:

barindex
GuLoader behavior detected
Source: Initial file Signature Results: GuLoader behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 458358 Sample: Weemaes B.V.-PO74748392.exe Startdate: 03/08/2021 Architecture: WINDOWS Score: 100 11 Found malware configuration 2->11 13 Multi AV Scanner detection for submitted file 2->13 15 GuLoader behavior detected 2->15 17 8 other signatures 2->17 6 Weemaes B.V.-PO74748392.exe 1 2->6         started        process3 signatures4 19 Tries to detect Any.run 6->19 21 Hides threads from debuggers 6->21 9 Weemaes B.V.-PO74748392.exe 6->9         started        process5
No contacted IP infos

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://rossettlee.ddnsgeek.com/x/5bab0b1d864615bab0b1d864b3/2 true
  • Avira URL Cloud: safe
 unknown