Source: Proforma Invoice.exe | Virustotal: Detection: 19% | Perma Link |
Source: Proforma Invoice.exe | ReversingLabs: Detection: 24% |
Source: Proforma Invoice.exe | Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: Proforma Invoice.exe | Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Code function: 4x nop then jmp 05F01B4Eh |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Code function: 4x nop then jmp 05F01B4Eh |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Code function: 4x nop then jmp 05F01B4Eh |
Source: Proforma Invoice.exe, 00000001.00000002.384252504.0000000002D84000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.m |
Source: initial sample | Static PE information: Filename: Proforma Invoice.exe |
Source: Proforma Invoice.exe, Castle.Samples.Extensibility/UI/Input.cs | Long String: Length: 75776 |
Source: 1.0.Proforma Invoice.exe.990000.0.unpack, Castle.Samples.Extensibility/UI/Input.cs | Long String: Length: 75776 |
Source: 1.2.Proforma Invoice.exe.990000.0.unpack, Castle.Samples.Extensibility/UI/Input.cs | Long String: Length: 75776 |
Source: 4.2.Proforma Invoice.exe.130000.0.unpack, Castle.Samples.Extensibility/UI/Input.cs | Long String: Length: 75776 |
Source: 5.2.Proforma Invoice.exe.80000.0.unpack, Castle.Samples.Extensibility/UI/Input.cs | Long String: Length: 75776 |
Source: 5.0.Proforma Invoice.exe.80000.0.unpack, Castle.Samples.Extensibility/UI/Input.cs | Long String: Length: 75776 |
Source: Proforma Invoice.exe | Static file information: Suspicious name |
Source: Proforma Invoice.exe | Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: Proforma Invoice.exe | Binary or memory string: OriginalFilename vs Proforma Invoice.exe |
Source: Proforma Invoice.exe, 00000001.00000002.394557947.0000000003DA3000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameCF_Secretaria.dll< vs Proforma Invoice.exe |
Source: Proforma Invoice.exe, 00000001.00000002.383529720.0000000000992000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameSearchResultHandl.exeJ vs Proforma Invoice.exe |
Source: Proforma Invoice.exe | Binary or memory string: OriginalFilename vs Proforma Invoice.exe |
Source: Proforma Invoice.exe, 00000004.00000002.355667372.0000000000132000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameSearchResultHandl.exeJ vs Proforma Invoice.exe |
Source: Proforma Invoice.exe, 00000004.00000002.355919793.0000000000595000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenameCF_Secretaria.dll< vs Proforma Invoice.exe |
Source: Proforma Invoice.exe | Binary or memory string: OriginalFilename vs Proforma Invoice.exe |
Source: Proforma Invoice.exe, 00000005.00000002.356678194.0000000000082000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameSearchResultHandl.exeJ vs Proforma Invoice.exe |
Source: Proforma Invoice.exe, 00000005.00000002.356866662.0000000000535000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenameCF_Secretaria.dll< vs Proforma Invoice.exe |
Source: Proforma Invoice.exe | Binary or memory string: OriginalFilename vs Proforma Invoice.exe |
Source: Proforma Invoice.exe, 00000006.00000002.362518414.00000000009A2000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameSearchResultHandl.exeJ vs Proforma Invoice.exe |
Source: Proforma Invoice.exe, 00000006.00000002.362605907.0000000000E35000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenameCF_Secretaria.dll< vs Proforma Invoice.exe |
Source: Proforma Invoice.exe | Binary or memory string: OriginalFilename vs Proforma Invoice.exe |
Source: Proforma Invoice.exe, 00000007.00000002.372325904.0000000000CB2000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameSearchResultHandl.exeJ vs Proforma Invoice.exe |
Source: Proforma Invoice.exe, 00000007.00000002.372402576.0000000001135000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenameCF_Secretaria.dll< vs Proforma Invoice.exe |
Source: Proforma Invoice.exe | Binary or memory string: OriginalFilename vs Proforma Invoice.exe |
Source: Proforma Invoice.exe, 00000008.00000000.375243263.00000000002B2000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameSearchResultHandl.exeJ vs Proforma Invoice.exe |
Source: Proforma Invoice.exe, 00000008.00000002.383624530.0000000000735000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenameCF_Secretaria.dll< vs Proforma Invoice.exe |
Source: Proforma Invoice.exe | Binary or memory string: OriginalFilenameSearchResultHandl.exeJ vs Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Code function: 1_2_05D90D38 |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Code function: 1_2_05D9DE40 |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Code function: 1_2_05D911D0 |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Code function: 1_2_05D9D1E8 |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Code function: 1_2_05D911E0 |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Code function: 1_2_05D93591 |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Code function: 1_2_05D90D28 |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Code function: 1_2_05D972C0 |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Code function: 1_2_05D972B2 |
Source: Proforma Invoice.exe | Virustotal: Detection: 19% |
Source: Proforma Invoice.exe | ReversingLabs: Detection: 24% |
Source: Proforma Invoice.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll |
Source: unknown | Process created: C:\Users\user\Desktop\Proforma Invoice.exe 'C:\Users\user\Desktop\Proforma Invoice.exe' |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process created: C:\Users\user\Desktop\Proforma Invoice.exe C:\Users\user\Desktop\Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process created: C:\Users\user\Desktop\Proforma Invoice.exe C:\Users\user\Desktop\Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process created: C:\Users\user\Desktop\Proforma Invoice.exe C:\Users\user\Desktop\Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process created: C:\Users\user\Desktop\Proforma Invoice.exe C:\Users\user\Desktop\Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process created: C:\Users\user\Desktop\Proforma Invoice.exe C:\Users\user\Desktop\Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process created: C:\Users\user\Desktop\Proforma Invoice.exe C:\Users\user\Desktop\Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process created: C:\Users\user\Desktop\Proforma Invoice.exe C:\Users\user\Desktop\Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process created: C:\Users\user\Desktop\Proforma Invoice.exe C:\Users\user\Desktop\Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process created: C:\Users\user\Desktop\Proforma Invoice.exe C:\Users\user\Desktop\Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process created: C:\Users\user\Desktop\Proforma Invoice.exe C:\Users\user\Desktop\Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Proforma Invoice.exe.log | Jump to behavior |
Source: classification engine | Classification label: mal76.evad.winEXE@11/1@0/0 |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll |
Source: Proforma Invoice.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: Proforma Invoice.exe | Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: Proforma Invoice.exe, Castle.Samples.Extensibility/UI/ApplicationShell.cs | .Net Code: DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 1.0.Proforma Invoice.exe.990000.0.unpack, Castle.Samples.Extensibility/UI/ApplicationShell.cs | .Net Code: DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 1.2.Proforma Invoice.exe.990000.0.unpack, Castle.Samples.Extensibility/UI/ApplicationShell.cs | .Net Code: DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 4.2.Proforma Invoice.exe.130000.0.unpack, Castle.Samples.Extensibility/UI/ApplicationShell.cs | .Net Code: DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 5.2.Proforma Invoice.exe.80000.0.unpack, Castle.Samples.Extensibility/UI/ApplicationShell.cs | .Net Code: DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 5.0.Proforma Invoice.exe.80000.0.unpack, Castle.Samples.Extensibility/UI/ApplicationShell.cs | .Net Code: DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Code function: 1_2_05F03EFD push FFFFFF8Bh; iretd |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process information set: NOOPENFILEERRORBOX |
Source: Yara match | File source: 1.2.Proforma Invoice.exe.2d8482c.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000001.00000002.384187519.0000000002D41000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.384252504.0000000002D84000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: Proforma Invoice.exe PID: 6612, type: MEMORYSTR |
Source: Proforma Invoice.exe, 00000001.00000002.384187519.0000000002D41000.00000004.00000001.sdmp | Binary or memory string: SBIEDLL.DLL |
Source: Proforma Invoice.exe, 00000001.00000002.384187519.0000000002D41000.00000004.00000001.sdmp | Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME |
Source: C:\Users\user\Desktop\Proforma Invoice.exe TID: 6616 | Thread sleep time: -35345s >= -30000s |
Source: C:\Users\user\Desktop\Proforma Invoice.exe TID: 6672 | Thread sleep time: -922337203685477s >= -30000s |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Thread delayed: delay time: 922337203685477 |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Thread delayed: delay time: 35345 |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Thread delayed: delay time: 922337203685477 |
Source: Proforma Invoice.exe, 00000001.00000002.384187519.0000000002D41000.00000004.00000001.sdmp | Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Proforma Invoice.exe, 00000001.00000002.384187519.0000000002D41000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: Proforma Invoice.exe, 00000001.00000002.384187519.0000000002D41000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II |
Source: Proforma Invoice.exe, 00000001.00000002.384187519.0000000002D41000.00000004.00000001.sdmp | Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process token adjusted: Debug |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Memory allocated: page read and write | page guard |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process created: C:\Users\user\Desktop\Proforma Invoice.exe C:\Users\user\Desktop\Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process created: C:\Users\user\Desktop\Proforma Invoice.exe C:\Users\user\Desktop\Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process created: C:\Users\user\Desktop\Proforma Invoice.exe C:\Users\user\Desktop\Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process created: C:\Users\user\Desktop\Proforma Invoice.exe C:\Users\user\Desktop\Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Process created: C:\Users\user\Desktop\Proforma Invoice.exe C:\Users\user\Desktop\Proforma Invoice.exe |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Queries volume information: C:\Users\user\Desktop\Proforma Invoice.exe VolumeInformation |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\Proforma Invoice.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.