Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE.lzh |
Virustotal: Detection: 14% |
Perma Link |
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE.lzh |
ReversingLabs: Detection: 39% |
Source: C:\Windows\SysWOW64\unarchiver.exe |
File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Code function: 4x nop then jmp 055D099Bh |
0_2_055D02A8 |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Code function: 4x nop then jmp 055D099Ah |
0_2_055D02A8 |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Code function: 0_2_055D02A8 |
0_2_055D02A8 |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Code function: 0_2_055D0299 |
0_2_055D0299 |
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE.lzh |
Virustotal: Detection: 14% |
Source: NOA_-_CMA_CGM_ARRIVAL_NOTICE.lzh |
ReversingLabs: Detection: 39% |
Source: C:\Windows\SysWOW64\unarchiver.exe |
File created: C:\Users\user\AppData\Local\Temp\103b5ifs.cxq |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll |
Jump to behavior |
Source: classification engine |
Classification label: mal48.winLZH@3/1@0/0 |
Source: unknown |
Process created: C:\Windows\SysWOW64\unarchiver.exe 'C:\Windows\SysWOW64\unarchiver.exe' 'C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE.lzh' |
|
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process created: C:\Windows\SysWOW64\7za.exe 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\zdsmcxok.014' 'C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE.lzh' |
|
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process created: C:\Windows\SysWOW64\7za.exe 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\zdsmcxok.014' 'C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE.lzh' |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Memory allocated: page read and write | page guard |
Jump to behavior |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Process created: C:\Windows\SysWOW64\7za.exe 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\zdsmcxok.014' 'C:\Users\user\Desktop\NOA_-_CMA_CGM_ARRIVAL_NOTICE.lzh' |
Jump to behavior |
Source: unarchiver.exe, 00000000.00000002.1332470511.0000000001B20000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: unarchiver.exe, 00000000.00000002.1332470511.0000000001B20000.00000002.00020000.sdmp |
Binary or memory string: Progman |
Source: unarchiver.exe, 00000000.00000002.1332470511.0000000001B20000.00000002.00020000.sdmp |
Binary or memory string: SProgram Managerl |
Source: unarchiver.exe, 00000000.00000002.1332470511.0000000001B20000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd, |
Source: unarchiver.exe, 00000000.00000002.1332470511.0000000001B20000.00000002.00020000.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Windows\SysWOW64\unarchiver.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Jump to behavior |