Source: SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll |
Virustotal: Detection: 62% |
Source: SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll |
Metadefender: Detection: 29% |
Source: SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll |
ReversingLabs: Detection: 75% |
Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll' |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll',#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll,uvlcopdlxoed |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll',#1 |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 804 |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 816 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll',uvlcopdlxoed |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 804 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll',#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll,uvlcopdlxoed |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll',uvlcopdlxoed |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Agent.FHBA.20741.dll',#1 |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6780 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6192 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6820 |
Source: C:\Windows\SysWOW64\WerFault.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process queried: DebugPort |
Jump to behavior |
Source: rundll32.exe, 00000003.00000000.348071407.0000000002C00000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.348637441.00000000030E0000.00000002.00020000.sdmp, rundll32.exe, 00000009.00000000.357123948.0000000003420000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: rundll32.exe, 00000003.00000000.348071407.0000000002C00000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.348637441.00000000030E0000.00000002.00020000.sdmp, rundll32.exe, 00000009.00000000.357123948.0000000003420000.00000002.00020000.sdmp |
Binary or memory string: Progman |
Source: rundll32.exe, 00000003.00000000.348071407.0000000002C00000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.348637441.00000000030E0000.00000002.00020000.sdmp, rundll32.exe, 00000009.00000000.357123948.0000000003420000.00000002.00020000.sdmp |
Binary or memory string: &Program Manager |
Source: rundll32.exe, 00000003.00000000.348071407.0000000002C00000.00000002.00020000.sdmp, rundll32.exe, 00000004.00000000.348637441.00000000030E0000.00000002.00020000.sdmp, rundll32.exe, 00000009.00000000.357123948.0000000003420000.00000002.00020000.sdmp |
Binary or memory string: Progmanlock |