Windows Analysis Report NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe

Overview

General Information

Sample Name: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe
Analysis ID: 482590
MD5: e8bceea59b2074bd08bf68ab55ecdf3e
SHA1: 8b62bf811b03fe25924ef6ff4d4afd89c902f7cd
SHA256: 0b4684d82509a6e7e0c1cb63174bf68d182ccff75a3d19f16821127605d636b8
Tags: exe
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score: 92
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
GuLoader behavior detected
Yara detected GuLoader
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Tries to detect Any.run
C2 URLs / IPs found in malware configuration
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses 32bit PE files
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
PE file contains strange resources
Contains functionality to read the PEB
Uses code obfuscation techniques (call, push, ret)
Checks if the current process is being debugged
Detected potential crypto function
Contains functionality to call native functions
Creates a process in suspended mode (likely to inject code)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Abnormal high CPU Usage

Classification

AV Detection:

barindex
Found malware configuration
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Malware Configuration Extractor: GuLoader {"Payload URL": "https://www.paulassinkarchitect.nl/bin_fDiyu115.bin"}
Multi AV Scanner detection for submitted file
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Virustotal: Detection: 25% Perma Link
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe ReversingLabs: Detection: 18%

Compliance:

barindex
Uses 32bit PE files
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: https://www.paulassinkarchitect.nl/bin_fDiyu115.bin

System Summary:

barindex
Initial sample is a PE file and has a suspicious name
Source: initial sample Static PE information: Filename: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe
Uses 32bit PE files
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Sample file is different than original file name gathered from version info
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe, 00000001.00000002.543921353.0000000002240000.00000004.00000001.sdmp Binary or memory string: OriginalFilenamesmedesvende.exeFE2XKareo vs NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe, 00000001.00000000.260934793.0000000000448000.00000002.00020000.sdmp Binary or memory string: OriginalFilenamesmedesvende.exe vs NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe, 00000017.00000000.542692130.0000000000448000.00000002.00020000.sdmp Binary or memory string: OriginalFilenamesmedesvende.exe vs NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Binary or memory string: OriginalFilenamesmedesvende.exe vs NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe
PE file contains strange resources
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Detected potential crypto function
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E1055 1_2_024E1055
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EF4F6 1_2_024EF4F6
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024F3504 1_2_024F3504
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EB52A 1_2_024EB52A
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E75D7 1_2_024E75D7
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EA83B 1_2_024EA83B
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E1EEB 1_2_024E1EEB
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E6259 1_2_024E6259
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E1278 1_2_024E1278
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E2218 1_2_024E2218
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E6218 1_2_024E6218
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9214 1_2_024E9214
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E423D 1_2_024E423D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E62DC 1_2_024E62DC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E22D8 1_2_024E22D8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E92D0 1_2_024E92D0
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E12EF 1_2_024E12EF
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E228D 1_2_024E228D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9295 1_2_024E9295
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E92B8 1_2_024E92B8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E92B4 1_2_024E92B4
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E136C 1_2_024E136C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E5360 1_2_024E5360
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E2338 1_2_024E2338
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9339 1_2_024E9339
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E5330 1_2_024E5330
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E63DD 1_2_024E63DD
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E13D5 1_2_024E13D5
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E6389 1_2_024E6389
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E93A8 1_2_024E93A8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E23B8 1_2_024E23B8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EA058 1_2_024EA058
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E6059 1_2_024E6059
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E3050 1_2_024E3050
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E907D 1_2_024E907D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EC03F 1_2_024EC03F
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EA03A 1_2_024EA03A
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E90CD 1_2_024E90CD
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E2098 1_2_024E2098
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EC0B4 1_2_024EC0B4
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9144 1_2_024E9144
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E6140 1_2_024E6140
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E211D 1_2_024E211D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EC1D8 1_2_024EC1D8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E41E7 1_2_024E41E7
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E81E4 1_2_024E81E4
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E11E1 1_2_024E11E1
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E21A0 1_2_024E21A0
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EC1BD 1_2_024EC1BD
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E2640 1_2_024E2640
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E766D 1_2_024E766D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9668 1_2_024E9668
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E6671 1_2_024E6671
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EB628 1_2_024EB628
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E5635 1_2_024E5635
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E76C9 1_2_024E76C9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E96E9 1_2_024E96E9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E56F1 1_2_024E56F1
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E26A0 1_2_024E26A0
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EB6A0 1_2_024EB6A0
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E575F 1_2_024E575F
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E7758 1_2_024E7758
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E6754 1_2_024E6754
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E2770 1_2_024E2770
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E6701 1_2_024E6701
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E2715 1_2_024E2715
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E77C4 1_2_024E77C4
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E17D9 1_2_024E17D9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E57D5 1_2_024E57D5
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E27ED 1_2_024E27ED
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E67FD 1_2_024E67FD
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E47F9 1_2_024E47F9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E07F1 1_2_024E07F1
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9783 1_2_024E9783
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E47A4 1_2_024E47A4
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E07BB 1_2_024E07BB
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E6459 1_2_024E6459
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E1453 1_2_024E1453
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8461 1_2_024E8461
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E242C 1_2_024E242C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E6434 1_2_024E6434
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9431 1_2_024E9431
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E24EE 1_2_024E24EE
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E64FC 1_2_024E64FC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8490 1_2_024E8490
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EB491 1_2_024EB491
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E64A9 1_2_024E64A9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E84BB 1_2_024E84BB
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E24B8 1_2_024E24B8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E94B9 1_2_024E94B9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9560 1_2_024E9560
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E752F 1_2_024E752F
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9537 1_2_024E9537
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E55D9 1_2_024E55D9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E65E8 1_2_024E65E8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E25E9 1_2_024E25E9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E75F9 1_2_024E75F9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E6589 1_2_024E6589
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EB5BC 1_2_024EB5BC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EFA5F 1_2_024EFA5F
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8A7C 1_2_024E8A7C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9A21 1_2_024E9A21
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E2A34 1_2_024E2A34
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9AC7 1_2_024E9AC7
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8AE1 1_2_024E8AE1
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9A94 1_2_024E9A94
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E2AA4 1_2_024E2AA4
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8B54 1_2_024E8B54
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9B7C 1_2_024E9B7C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E2B1B 1_2_024E2B1B
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9B14 1_2_024E9B14
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EEBE8 1_2_024EEBE8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9BF8 1_2_024E9BF8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E0B90 1_2_024E0B90
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E7849 1_2_024E7849
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E185B 1_2_024E185B
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E2855 1_2_024E2855
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E6868 1_2_024E6868
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E4865 1_2_024E4865
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E682C 1_2_024E682C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9829 1_2_024E9829
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E0834 1_2_024E0834
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E28CC 1_2_024E28CC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E58DD 1_2_024E58DD
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E68DD 1_2_024E68DD
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E089F 1_2_024E089F
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E5895 1_2_024E5895
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E98A0 1_2_024E98A0
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024F0960 1_2_024F0960
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E0979 1_2_024E0979
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E990D 1_2_024E990D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E0903 1_2_024E0903
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E991F 1_2_024E991F
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E293C 1_2_024E293C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E89FB 1_2_024E89FB
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E89F9 1_2_024E89F9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E89AC 1_2_024E89AC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E99BC 1_2_024E99BC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E29B1 1_2_024E29B1
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9E69 1_2_024E9E69
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024F2E7A 1_2_024F2E7A
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9E00 1_2_024E9E00
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8E29 1_2_024E8E29
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EBE34 1_2_024EBE34
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E5EAC 1_2_024E5EAC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E1EA8 1_2_024E1EA8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8EA0 1_2_024E8EA0
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EBEBC 1_2_024EBEBC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E4EBB 1_2_024E4EBB
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E5F4D 1_2_024E5F4D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EBF4B 1_2_024EBF4B
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9F54 1_2_024E9F54
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E1F6C 1_2_024E1F6C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EBF61 1_2_024EBF61
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8F7D 1_2_024E8F7D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EBF01 1_2_024EBF01
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E1F10 1_2_024E1F10
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8F11 1_2_024E8F11
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E5FE4 1_2_024E5FE4
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E1FFC 1_2_024E1FFC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9FF4 1_2_024E9FF4
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9FAA 1_2_024E9FAA
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E6FA9 1_2_024E6FA9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E0C4D 1_2_024E0C4D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8C45 1_2_024E8C45
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9C60 1_2_024E9C60
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E2C10 1_2_024E2C10
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E0C2A 1_2_024E0C2A
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E0CD0 1_2_024E0CD0
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E2CED 1_2_024E2CED
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E2C88 1_2_024E2C88
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9CA0 1_2_024E9CA0
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8CB8 1_2_024E8CB8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9D49 1_2_024E9D49
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8D40 1_2_024E8D40
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E0D5C 1_2_024E0D5C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EBD69 1_2_024EBD69
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056B52A 23_2_0056B52A
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00561055 23_2_00561055
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056985D 23_2_0056985D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056185B 23_2_0056185B
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056A058 23_2_0056A058
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056907D 23_2_0056907D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00564865 23_2_00564865
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569011 23_2_00569011
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00560834 23_2_00560834
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056A83B 23_2_0056A83B
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005698D1 23_2_005698D1
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005690CD 23_2_005690CD
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056089F 23_2_0056089F
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005670B5 23_2_005670B5
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569175 23_2_00569175
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00560979 23_2_00560979
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00570960 23_2_00570960
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056991F 23_2_0056991F
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00560903 23_2_00560903
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056990D 23_2_0056990D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00567136 23_2_00567136
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005691D1 23_2_005691D1
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005689F9 23_2_005689F9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005641E7 23_2_005641E7
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005681E4 23_2_005681E4
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005611E1 23_2_005611E1
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00568984 23_2_00568984
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569A51 23_2_00569A51
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056FA5F 23_2_0056FA5F
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00568A7C 23_2_00568A7C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00561278 23_2_00561278
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569214 23_2_00569214
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00568A01 23_2_00568A01
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056423D 23_2_0056423D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005692D0 23_2_005692D0
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569AC7 23_2_00569AC7
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00568AF1 23_2_00568AF1
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005612EF 23_2_005612EF
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569295 23_2_00569295
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005692B4 23_2_005692B4
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005692B8 23_2_005692B8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00568B54 23_2_00568B54
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00565348 23_2_00565348
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569B7C 23_2_00569B7C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056136C 23_2_0056136C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569339 23_2_00569339
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005673CC 23_2_005673CC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056EBE8 23_2_0056EBE8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00560B90 23_2_00560B90
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005693A8 23_2_005693A8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00568C45 23_2_00568C45
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00560C4D 23_2_00560C4D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056147D 23_2_0056147D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569C11 23_2_00569C11
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00561405 23_2_00561405
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569431 23_2_00569431
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00560C2A 23_2_00560C2A
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00560CD0 23_2_00560CD0
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056F4F6 23_2_0056F4F6
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005694F3 23_2_005694F3
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005614E5 23_2_005614E5
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569CE9 23_2_00569CE9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056549F 23_2_0056549F
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00568CB8 23_2_00568CB8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00560D5C 23_2_00560D5C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00568D40 23_2_00568D40
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569D49 23_2_00569D49
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569560 23_2_00569560
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056DD10 23_2_0056DD10
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00573504 23_2_00573504
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00567509 23_2_00567509
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00560D2C 23_2_00560D2C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005655D9 23_2_005655D9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00568DC5 23_2_00568DC5
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569DCC 23_2_00569DCC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005675F9 23_2_005675F9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569675 23_2_00569675
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00572E7A 23_2_00572E7A
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569E00 23_2_00569E00
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00568E29 23_2_00568E29
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00568EC5 23_2_00568EC5
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569EF9 23_2_00569EF9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569E9D 23_2_00569E9D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569F54 23_2_00569F54
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569742 23_2_00569742
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00568F3D 23_2_00568F3D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005617D9 23_2_005617D9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005607F1 23_2_005607F1
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005647F9 23_2_005647F9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569795 23_2_00569795
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00568FB1 23_2_00568FB1
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005607BB 23_2_005607BB
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005697B9 23_2_005697B9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005647A4 23_2_005647A4
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00569FAA 23_2_00569FAA
Contains functionality to call native functions
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EF4F6 NtWriteVirtualMemory,LoadLibraryA, 1_2_024EF4F6
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EB52A NtAllocateVirtualMemory, 1_2_024EB52A
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E75D7 NtWriteVirtualMemory,LoadLibraryA, 1_2_024E75D7
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EA83B NtWriteVirtualMemory,LoadLibraryA, 1_2_024EA83B
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024F2D4E NtProtectVirtualMemory, 1_2_024F2D4E
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EA250 NtWriteVirtualMemory, 1_2_024EA250
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EA27C NtWriteVirtualMemory, 1_2_024EA27C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9214 NtWriteVirtualMemory, 1_2_024E9214
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E92D0 NtWriteVirtualMemory, 1_2_024E92D0
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9295 NtWriteVirtualMemory, 1_2_024E9295
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E92B8 NtWriteVirtualMemory, 1_2_024E92B8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E92B4 NtWriteVirtualMemory, 1_2_024E92B4
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EA364 NtWriteVirtualMemory, 1_2_024EA364
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9339 NtWriteVirtualMemory, 1_2_024E9339
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E93A8 NtWriteVirtualMemory, 1_2_024E93A8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EA058 NtWriteVirtualMemory, 1_2_024EA058
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E907D NtWriteVirtualMemory, 1_2_024E907D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EA03A NtWriteVirtualMemory, 1_2_024EA03A
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E90CD NtWriteVirtualMemory, 1_2_024E90CD
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EA0D4 NtWriteVirtualMemory, 1_2_024EA0D4
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9144 NtWriteVirtualMemory, 1_2_024E9144
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EA135 NtWriteVirtualMemory, 1_2_024EA135
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EA1B4 NtWriteVirtualMemory, 1_2_024EA1B4
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9668 NtWriteVirtualMemory, 1_2_024E9668
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EB628 NtAllocateVirtualMemory, 1_2_024EB628
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E96E9 NtWriteVirtualMemory, 1_2_024E96E9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EB6A0 NtAllocateVirtualMemory, 1_2_024EB6A0
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EB71C NtAllocateVirtualMemory, 1_2_024EB71C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EB789 NtAllocateVirtualMemory, 1_2_024EB789
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9783 NtWriteVirtualMemory, 1_2_024E9783
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9431 NtWriteVirtualMemory, 1_2_024E9431
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EB491 NtAllocateVirtualMemory, 1_2_024EB491
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E94B9 NtWriteVirtualMemory, 1_2_024E94B9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9560 NtWriteVirtualMemory, 1_2_024E9560
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9537 NtWriteVirtualMemory, 1_2_024E9537
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EB5BC NtAllocateVirtualMemory, 1_2_024EB5BC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8A7C NtWriteVirtualMemory, 1_2_024E8A7C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9A21 NtWriteVirtualMemory, 1_2_024E9A21
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9AC7 NtWriteVirtualMemory, 1_2_024E9AC7
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8AE1 NtWriteVirtualMemory, 1_2_024E8AE1
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9A94 NtWriteVirtualMemory, 1_2_024E9A94
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8B54 NtWriteVirtualMemory, 1_2_024E8B54
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9B7C NtWriteVirtualMemory, 1_2_024E9B7C
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9B14 NtWriteVirtualMemory, 1_2_024E9B14
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9BF8 NtWriteVirtualMemory, 1_2_024E9BF8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E185B NtWriteVirtualMemory, 1_2_024E185B
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9829 NtWriteVirtualMemory, 1_2_024E9829
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E98A0 NtWriteVirtualMemory, 1_2_024E98A0
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E990D NtWriteVirtualMemory, 1_2_024E990D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E991F NtWriteVirtualMemory, 1_2_024E991F
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E89FB NtWriteVirtualMemory, 1_2_024E89FB
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E89AC NtWriteVirtualMemory, 1_2_024E89AC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E99BC NtWriteVirtualMemory, 1_2_024E99BC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9E69 NtWriteVirtualMemory, 1_2_024E9E69
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9E00 NtWriteVirtualMemory, 1_2_024E9E00
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8E29 NtWriteVirtualMemory, 1_2_024E8E29
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E5EAC NtWriteVirtualMemory,LoadLibraryA, 1_2_024E5EAC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8EA0 NtWriteVirtualMemory, 1_2_024E8EA0
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9F54 NtWriteVirtualMemory, 1_2_024E9F54
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8F7D NtWriteVirtualMemory, 1_2_024E8F7D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8F11 NtWriteVirtualMemory, 1_2_024E8F11
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9FF4 NtWriteVirtualMemory, 1_2_024E9FF4
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9FAA NtWriteVirtualMemory, 1_2_024E9FAA
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8C45 NtWriteVirtualMemory, 1_2_024E8C45
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9C60 NtWriteVirtualMemory, 1_2_024E9C60
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9CA0 NtWriteVirtualMemory, 1_2_024E9CA0
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8CB8 NtWriteVirtualMemory, 1_2_024E8CB8
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E9D49 NtWriteVirtualMemory, 1_2_024E9D49
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E8D40 NtWriteVirtualMemory, 1_2_024E8D40
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EBD69 NtWriteVirtualMemory,LoadLibraryA, 1_2_024EBD69
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056B52A NtAllocateVirtualMemory, 23_2_0056B52A
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Process Stats: CPU usage > 98%
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Virustotal: Detection: 25%
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe ReversingLabs: Detection: 18%
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe 'C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe'
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Process created: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe 'C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe'
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Process created: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe 'C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe' Jump to behavior
Source: classification engine Classification label: mal92.troj.evad.winEXE@3/0@0/0

Data Obfuscation:

barindex
Yara detected GuLoader
Source: Yara match File source: 00000017.00000002.783554447.0000000000560000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.544066668.00000000024E0000.00000040.00000001.sdmp, type: MEMORY
PE file contains an invalid checksum
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Static PE information: real checksum: 0x791f7 should be: 0x73bc1
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_004064C4 push ebp; iretd 1_2_004064C6
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_0040A8F6 push esi; ret 1_2_0040A97B
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_00403171 push ds; ret 1_2_00403172
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_00404979 push esi; ret 1_2_00404980
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_00407B84 push es; ret 1_2_00407B85
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E089F push 2FA9C30Eh; ret 1_2_024E08F5
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E99BC push FFFFFF85h; retf 0805h 1_2_024E99EB
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056089F push 2FA9C30Eh; ret 23_2_005608F5
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005615FD push 00000039h; ret 23_2_00561607
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00565744 push esp; retf 23_2_0056574D
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Tries to detect Any.run
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe, 00000001.00000002.543939100.0000000002380000.00000004.00000001.sdmp Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe, 00000001.00000002.543939100.0000000002380000.00000004.00000001.sdmp Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00570682 rdtsc 23_2_00570682
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe System information queried: ModuleInformation Jump to behavior
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe, 00000001.00000002.543939100.0000000002380000.00000004.00000001.sdmp Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe, 00000001.00000002.543939100.0000000002380000.00000004.00000001.sdmp Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

Anti Debugging:

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Thread information set: HideFromDebugger Jump to behavior
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E75D7 mov eax, dword ptr fs:[00000030h] 1_2_024E75D7
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E752F mov eax, dword ptr fs:[00000030h] 1_2_024E752F
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E75F9 mov eax, dword ptr fs:[00000030h] 1_2_024E75F9
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024F18D3 mov eax, dword ptr fs:[00000030h] 1_2_024F18D3
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024E5EAC mov eax, dword ptr fs:[00000030h] 1_2_024E5EAC
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EEF53 mov eax, dword ptr fs:[00000030h] 1_2_024EEF53
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024EFCF5 mov eax, dword ptr fs:[00000030h] 1_2_024EFCF5
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_005718D3 mov eax, dword ptr fs:[00000030h] 23_2_005718D3
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056FCF5 mov eax, dword ptr fs:[00000030h] 23_2_0056FCF5
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056AD21 mov eax, dword ptr fs:[00000030h] 23_2_0056AD21
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_0056EF53 mov eax, dword ptr fs:[00000030h] 23_2_0056EF53
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 23_2_00570682 rdtsc 23_2_00570682
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Code function: 1_2_024ECE61 LdrInitializeThunk, 1_2_024ECE61

HIPS / PFW / Operating System Protection Evasion:

barindex
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Process created: C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe 'C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe' Jump to behavior
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe, 00000017.00000002.784485876.0000000000EC0000.00000002.00020000.sdmp Binary or memory string: uProgram Manager
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe, 00000017.00000002.784485876.0000000000EC0000.00000002.00020000.sdmp Binary or memory string: Shell_TrayWnd
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe, 00000017.00000002.784485876.0000000000EC0000.00000002.00020000.sdmp Binary or memory string: Progman
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe, 00000017.00000002.784485876.0000000000EC0000.00000002.00020000.sdmp Binary or memory string: Progmanlock

Stealing of Sensitive Information:

barindex
GuLoader behavior detected
Source: Initial file Signature Results: GuLoader behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 482590 Sample: NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe Startdate: 13/09/2021 Architecture: WINDOWS Score: 92 11 Found malware configuration 2->11 13 Multi AV Scanner detection for submitted file 2->13 15 GuLoader behavior detected 2->15 17 4 other signatures 2->17 6 NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe 1 2->6         started        process3 signatures4 19 Tries to detect Any.run 6->19 21 Hides threads from debuggers 6->21 9 NOA_-_CMA_CGM_ARRIVAL_NOTICE .exe 6->9         started        process5
No contacted IP infos

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.paulassinkarchitect.nl/bin_fDiyu115.bin true
  • Avira URL Cloud: safe
 unknown