Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1qlA"} |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Virustotal: Detection: 25% |
Perma Link |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
ReversingLabs: Detection: 13% |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: Malware configuration extractor |
URLs: https://drive.google.com/uc?export=download&id=1qlA |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe, 00000000.00000000.242791228.0000000000417000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameelect.exe vs GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Binary or memory string: OriginalFilenameelect.exe vs GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Code function: 0_2_021F76A5 |
0_2_021F76A5 |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Virustotal: Detection: 25% |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
ReversingLabs: Detection: 13% |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
File created: C:\Users\user\AppData\Local\Temp\~DF7517115C2FEB583B.TMP |
Jump to behavior |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Section loaded: C:\Windows\SysWOW64\msvbvm60.dll |
Jump to behavior |
Source: classification engine |
Classification label: mal68.troj.winEXE@1/0@0/0 |
Source: Yara match |
File source: 00000000.00000002.514140065.00000000021F0000.00000040.00000001.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Code function: 0_2_00403752 push eax; ret |
0_2_004037A5 |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Code function: 0_2_00406552 push es; ret |
0_2_00406561 |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Code function: 0_2_00403558 pushfd ; ret |
0_2_00403561 |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Code function: 0_2_00404FF6 push ecx; ret |
0_2_00404FFC |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Code function: 0_2_021F2625 push esi; iretd |
0_2_021F2631 |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Code function: 0_2_021F0ADE push 00000016h; ret |
0_2_021F0AE0 |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Code function: 0_2_021F12F3 push ebx; ret |
0_2_021F1310 |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Code function: 0_2_021F0F95 push edx; retf |
0_2_021F0FEA |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Code function: 0_2_021F3184 push ds; retf |
0_2_021F3189 |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Code function: 0_2_021F9CAA rdtsc |
0_2_021F9CAA |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Code function: 0_2_021F965B mov eax, dword ptr fs:[00000030h] |
0_2_021F965B |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Code function: 0_2_021FCBD3 mov eax, dword ptr fs:[00000030h] |
0_2_021FCBD3 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe |
Code function: 0_2_021F9CAA rdtsc |
0_2_021F9CAA |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe, 00000000.00000002.512820853.0000000000C90000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe, 00000000.00000002.512820853.0000000000C90000.00000002.00020000.sdmp |
Binary or memory string: Progman |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe, 00000000.00000002.512820853.0000000000C90000.00000002.00020000.sdmp |
Binary or memory string: SProgram Managerl |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe, 00000000.00000002.512820853.0000000000C90000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd, |
Source: GRUPO MARI#U00d1O OBRAS Y SERVICIOS, SL Oferta 2709212890.exe, 00000000.00000002.512820853.0000000000C90000.00000002.00020000.sdmp |
Binary or memory string: Progmanlock |