Windows Analysis Report ZAM#U00d3WIENIE.exe

Overview

General Information

Sample Name:	ZAM#U00d3WIENIE.exe
Analysis ID:	501857
MD5:	328b34adced9ad8128d4079bcffde016
SHA1:	fa03cb6529d634b2e30d042491c0c13e39fd445e
SHA256:	95f59bb24f6c23995b22e40d5ba6785f9072da815451c04f61ee42f42a63089e
Tags:	exe
Infos:
Most interesting Screenshot:

Detection

GuLoader

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected GuLoader

Tries to detect virtualization through RDTSC time measurements

C2 URLs / IPs found in malware configuration

Found potential dummy code loops (likely to delay analysis)

Uses 32bit PE files

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

Contains functionality to read the PEB

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Contains functionality to call native functions

Program does not show much activity (idle)

Contains functionality for execution timing, often used to detect debuggers

Abnormal high CPU Usage

Classification

Signatures

AV Detection:

Found malware configuration

Source: 00000000.00000002.808037224.0000000002A30000.00000040.00000001.sdmp

Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&i"}

Multi AV Scanner detection for submitted file

Source: ZAM#U00d3WIENIE.exe

Virustotal: Detection: 39%

Perma Link

Compliance:

Uses 32bit PE files

Source: ZAM#U00d3WIENIE.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Software Vulnerabilities:

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

Code function: 4x nop then mov ecx, dword ptr [ebp+00000238h]

0_2_02A3B04C

Networking:

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://drive.google.com/uc?export=download&i

System Summary:

Uses 32bit PE files

Source: ZAM#U00d3WIENIE.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Sample file is different than original file name gathered from version info

Source: ZAM#U00d3WIENIE.exe, 00000000.00000000.280320316.0000000000417000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameENSARTET.exe vs ZAM#U00d3WIENIE.exe
Source: ZAM#U00d3WIENIE.exe	Binary or memory string: OriginalFilenameENSARTET.exe vs ZAM#U00d3WIENIE.exe

Detected potential crypto function

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_004016FE	0_2_004016FE
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_0040174B	0_2_0040174B
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_0040150F	0_2_0040150F
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B696	0_2_02A3B696
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A374DE	0_2_02A374DE
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35AA8	0_2_02A35AA8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AAA8	0_2_02A3AAA8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35AB4	0_2_02A35AB4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AA84	0_2_02A3AA84
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35A9D	0_2_02A35A9D
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AA9C	0_2_02A3AA9C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37AE0	0_2_02A37AE0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37AEC	0_2_02A37AEC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35AF2	0_2_02A35AF2
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37AF8	0_2_02A37AF8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35AC0	0_2_02A35AC0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37ACA	0_2_02A37ACA
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37AD4	0_2_02A37AD4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35AD8	0_2_02A35AD8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37A08	0_2_02A37A08
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AA62	0_2_02A3AA62
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A267	0_2_02A3A267
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3726E	0_2_02A3726E
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AA77	0_2_02A3AA77
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35BBB	0_2_02A35BBB
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37BE4	0_2_02A37BE4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35BC4	0_2_02A35BC4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39BD1	0_2_02A39BD1
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35BD0	0_2_02A35BD0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37BD7	0_2_02A37BD7
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35BDC	0_2_02A35BDC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37B04	0_2_02A37B04
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37B10	0_2_02A37B10
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37B1C	0_2_02A37B1C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AB60	0_2_02A3AB60
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AB6C	0_2_02A3AB6C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AB78	0_2_02A3AB78
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AB48	0_2_02A3AB48
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AB54	0_2_02A3AB54
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A8A0	0_2_02A3A8A0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A358A4	0_2_02A358A4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8AF	0_2_02A3B8AF
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A8AC	0_2_02A3A8AC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A8B8	0_2_02A3A8B8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8BC	0_2_02A3B8BC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B880	0_2_02A3B880
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A887	0_2_02A3A887
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36088	0_2_02A36088
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3588C	0_2_02A3588C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A894	0_2_02A3A894
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35898	0_2_02A35898
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8E0	0_2_02A3B8E0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8EC	0_2_02A3B8EC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A8C4	0_2_02A3A8C4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8C8	0_2_02A3B8C8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A8D0	0_2_02A3A8D0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8D4	0_2_02A3B8D4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A8DC	0_2_02A3A8DC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3603C	0_2_02A3603C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B808	0_2_02A3B808
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36064	0_2_02A36064
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B868	0_2_02A3B868
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36070	0_2_02A36070
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B874	0_2_02A3B874
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3587F	0_2_02A3587F
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3607C	0_2_02A3607C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B842	0_2_02A3B842
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36040	0_2_02A36040
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35845	0_2_02A35845
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B84F	0_2_02A3B84F
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3604C	0_2_02A3604C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35850	0_2_02A35850
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36058	0_2_02A36058
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3585C	0_2_02A3585C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B85C	0_2_02A3B85C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A359A0	0_2_02A359A0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A9A0	0_2_02A3A9A0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A359AC	0_2_02A359AC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A359B8	0_2_02A359B8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A361BC	0_2_02A361BC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B980	0_2_02A3B980
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37984	0_2_02A37984
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A988	0_2_02A3A988
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B98C	0_2_02A3B98C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37990	0_2_02A37990
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35994	0_2_02A35994
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A994	0_2_02A3A994
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3513C	0_2_02A3513C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3790D	0_2_02A3790D
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A964	0_2_02A3A964
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B968	0_2_02A3B968
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3796C	0_2_02A3796C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A970	0_2_02A3A970
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B974	0_2_02A3B974
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37978	0_2_02A37978
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3597C	0_2_02A3597C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A97C	0_2_02A3A97C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B943	0_2_02A3B943
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A950	0_2_02A3A950
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B950	0_2_02A3B950
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A958	0_2_02A3A958
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B95C	0_2_02A3B95C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39EA3	0_2_02A39EA3
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39EB0	0_2_02A39EB0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A6E9	0_2_02A3A6E9
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B6F4	0_2_02A3B6F4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AE27	0_2_02A3AE27
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35E2C	0_2_02A35E2C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35630	0_2_02A35630
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36E34	0_2_02A36E34
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AE34	0_2_02A3AE34
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35E38	0_2_02A35E38
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35E0A	0_2_02A35E0A
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AE0F	0_2_02A3AE0F
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35E14	0_2_02A35E14
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35664	0_2_02A35664
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39E68	0_2_02A39E68
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35670	0_2_02A35670
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39E74	0_2_02A39E74
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35640	0_2_02A35640
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35E44	0_2_02A35E44
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3564C	0_2_02A3564C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35E50	0_2_02A35E50
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39E5B	0_2_02A39E5B
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35658	0_2_02A35658
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35E5C	0_2_02A35E5C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A7AB	0_2_02A3A7AB
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39FA8	0_2_02A39FA8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A788	0_2_02A3A788
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A794	0_2_02A3A794
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7EF	0_2_02A3B7EF
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7FC	0_2_02A3B7FC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7C8	0_2_02A3B7C8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7CC	0_2_02A3B7CC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7D8	0_2_02A3B7D8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F24	0_2_02A35F24
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F30	0_2_02A35F30
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35734	0_2_02A35734
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37F38	0_2_02A37F38
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F3C	0_2_02A35F3C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3573C	0_2_02A3573C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B700	0_2_02A3B700
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F08	0_2_02A35F08
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F0C	0_2_02A35F0C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B70C	0_2_02A3B70C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F18	0_2_02A35F18
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B718	0_2_02A3B718
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35760	0_2_02A35760
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B760	0_2_02A3B760
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37F68	0_2_02A37F68
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A76F	0_2_02A3A76F
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3576C	0_2_02A3576C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B76C	0_2_02A3B76C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35778	0_2_02A35778
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B778	0_2_02A3B778
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A77C	0_2_02A3A77C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F48	0_2_02A35F48
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35748	0_2_02A35748
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37F4F	0_2_02A37F4F
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F54	0_2_02A35F54
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35754	0_2_02A35754
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B754	0_2_02A3B754
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37F5C	0_2_02A37F5C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35CE0	0_2_02A35CE0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35CEC	0_2_02A35CEC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A354F7	0_2_02A354F7
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35CF8	0_2_02A35CF8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35CC6	0_2_02A35CC6
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35CC8	0_2_02A35CC8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35CD4	0_2_02A35CD4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39C37	0_2_02A39C37
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35470	0_2_02A35470
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39C44	0_2_02A39C44
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3ADED	0_2_02A3ADED
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3ADF8	0_2_02A3ADF8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36DDD	0_2_02A36DDD
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39D24	0_2_02A39D24
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35528	0_2_02A35528
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39D30	0_2_02A39D30
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35534	0_2_02A35534
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39D3C	0_2_02A39D3C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35504	0_2_02A35504
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35D04	0_2_02A35D04
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35510	0_2_02A35510
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35D10	0_2_02A35D10
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3551C	0_2_02A3551C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35D1C	0_2_02A35D1C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39D60	0_2_02A39D60
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39D48	0_2_02A39D48
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39D54	0_2_02A39D54
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A558	0_2_02A3A558

Contains functionality to call native functions

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A374DE NtAllocateVirtualMemory,	0_2_02A374DE
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A376C5 NtAllocateVirtualMemory,	0_2_02A376C5
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A375A7 NtAllocateVirtualMemory,	0_2_02A375A7
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A375B4 NtAllocateVirtualMemory,	0_2_02A375B4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37584 NtAllocateVirtualMemory,	0_2_02A37584
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37590 NtAllocateVirtualMemory,	0_2_02A37590
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A375C0 NtAllocateVirtualMemory,	0_2_02A375C0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3757F NtAllocateVirtualMemory,	0_2_02A3757F

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

Process Stats: CPU usage > 98%

Source: ZAM#U00d3WIENIE.exe

Virustotal: Detection: 39%

Source: ZAM#U00d3WIENIE.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

File created: C:\Users\user\AppData\Local\Temp\~DF8EA2B832342F5421.TMP

Jump to behavior

Source: classification engine

Classification label: mal76.troj.evad.winEXE@1/0@0/0

Data Obfuscation:

Yara detected GuLoader

Source: Yara match

File source: 00000000.00000002.808037224.0000000002A30000.00000040.00000001.sdmp, type: MEMORY

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_00403A41 push ds; ret	0_2_00403A44
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_0040347B push edx; iretd	0_2_004034AA
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_00404C38 push 0000002Fh; ret	0_2_00404C3A
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_00403EDB push ss; ret	0_2_00403EDC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_004042EE push ds; ret	0_2_00404308
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_004060F5 push ds; ret	0_2_004060F8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_00405E83 push ebx; iretd	0_2_00405EA4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_004056A7 push ds; ret	0_2_004056B8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_004044B9 push ebp; iretd	0_2_004044BA
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_00403955 push ds; ret	0_2_00403960
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_00404367 push edx; ret	0_2_00404368
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_00405B03 push ds; retf	0_2_00405B10
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_0040413E push ss; iretd	0_2_00404148
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_004069F1 push ds; iretd	0_2_00406A20
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_0040419B push ss; iretd	0_2_00404148
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_0040539E push 00000033h; ret	0_2_004053A0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A32AB0 push 89000002h; retf	0_2_02A32AB6
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AA90 push eax; ret	0_2_02A3AA36
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A34A23 push edx; retf	0_2_02A34A24
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A32B0B push 89000002h; retf	0_2_02A32AB6
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3903C pushad ; retf	0_2_02A38FEE
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3213E push edx; ret	0_2_02A32162

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

RDTSC instruction interceptor: First address: 000000000040EDDB second address: 000000000040EDDB instructions: 0x00000000 rdtsc 0x00000002 wait 0x00000003 cmp ecx, 03h 0x00000006 popad 0x00000007 wait 0x00000008 pushfd 0x00000009 popfd 0x0000000a dec edi 0x0000000b cmp ecx, 000000F3h 0x00000011 wait 0x00000012 cmp edi, 00000000h 0x00000015 jne 00007FABC4F6817Eh 0x00000017 pushfd 0x00000018 popfd 0x00000019 lfence 0x0000001c pushad 0x0000001d pushfd 0x0000001e popfd 0x0000001f cmp eax, 000000CEh 0x00000024 rdtsc

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

Code function: 0_2_02A37068 rdtsc

0_2_02A37068

Anti Debugging:

Found potential dummy code loops (likely to delay analysis)

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

Process Stats: CPU usage > 90% for more than 60s

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39A88 mov eax, dword ptr fs:[00000030h]	0_2_02A39A88
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A34BA3 mov eax, dword ptr fs:[00000030h]	0_2_02A34BA3
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A34B8C mov eax, dword ptr fs:[00000030h]	0_2_02A34B8C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36B72 mov eax, dword ptr fs:[00000030h]	0_2_02A36B72
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A6E9 mov eax, dword ptr fs:[00000030h]	0_2_02A3A6E9
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A394E0 mov eax, dword ptr fs:[00000030h]	0_2_02A394E0

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

Code function: 0_2_02A37068 rdtsc

0_2_02A37068

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B696 RtlAddVectoredExceptionHandler,	0_2_02A3B696
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BAA8 RtlAddVectoredExceptionHandler,	0_2_02A3BAA8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BAB4 RtlAddVectoredExceptionHandler,	0_2_02A3BAB4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BA82 RtlAddVectoredExceptionHandler,	0_2_02A3BA82
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BA84 RtlAddVectoredExceptionHandler,	0_2_02A3BA84
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BA90 RtlAddVectoredExceptionHandler,	0_2_02A3BA90
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BA9C RtlAddVectoredExceptionHandler,	0_2_02A3BA9C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BAC0 RtlAddVectoredExceptionHandler,	0_2_02A3BAC0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BBA0 RtlAddVectoredExceptionHandler,	0_2_02A3BBA0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BBAC RtlAddVectoredExceptionHandler,	0_2_02A3BBAC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BBB8 RtlAddVectoredExceptionHandler,	0_2_02A3BBB8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BB96 RtlAddVectoredExceptionHandler,	0_2_02A3BB96
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BBC4 RtlAddVectoredExceptionHandler,	0_2_02A3BBC4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8AF RtlAddVectoredExceptionHandler,	0_2_02A3B8AF
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8BC RtlAddVectoredExceptionHandler,	0_2_02A3B8BC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B880 RtlAddVectoredExceptionHandler,	0_2_02A3B880
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8E0 RtlAddVectoredExceptionHandler,	0_2_02A3B8E0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8EC RtlAddVectoredExceptionHandler,	0_2_02A3B8EC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8C8 RtlAddVectoredExceptionHandler,	0_2_02A3B8C8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8D4 RtlAddVectoredExceptionHandler,	0_2_02A3B8D4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B808 RtlAddVectoredExceptionHandler,	0_2_02A3B808
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B868 RtlAddVectoredExceptionHandler,	0_2_02A3B868
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B874 RtlAddVectoredExceptionHandler,	0_2_02A3B874
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B842 RtlAddVectoredExceptionHandler,	0_2_02A3B842
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B84F RtlAddVectoredExceptionHandler,	0_2_02A3B84F
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B85C RtlAddVectoredExceptionHandler,	0_2_02A3B85C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B980 RtlAddVectoredExceptionHandler,	0_2_02A3B980
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B98C RtlAddVectoredExceptionHandler,	0_2_02A3B98C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B968 RtlAddVectoredExceptionHandler,	0_2_02A3B968
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B974 RtlAddVectoredExceptionHandler,	0_2_02A3B974
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B943 RtlAddVectoredExceptionHandler,	0_2_02A3B943
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B950 RtlAddVectoredExceptionHandler,	0_2_02A3B950
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B95C RtlAddVectoredExceptionHandler,	0_2_02A3B95C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B6F4 RtlAddVectoredExceptionHandler,	0_2_02A3B6F4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7EF RtlAddVectoredExceptionHandler,	0_2_02A3B7EF
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7FC RtlAddVectoredExceptionHandler,	0_2_02A3B7FC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7C8 RtlAddVectoredExceptionHandler,	0_2_02A3B7C8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7CC RtlAddVectoredExceptionHandler,	0_2_02A3B7CC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7D8 RtlAddVectoredExceptionHandler,	0_2_02A3B7D8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B700 RtlAddVectoredExceptionHandler,	0_2_02A3B700
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B70C RtlAddVectoredExceptionHandler,	0_2_02A3B70C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B718 RtlAddVectoredExceptionHandler,	0_2_02A3B718
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B760 RtlAddVectoredExceptionHandler,	0_2_02A3B760
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B76C RtlAddVectoredExceptionHandler,	0_2_02A3B76C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B778 RtlAddVectoredExceptionHandler,	0_2_02A3B778
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B754 RtlAddVectoredExceptionHandler,	0_2_02A3B754

Source: ZAM#U00d3WIENIE.exe, 00000000.00000002.807763858.0000000000CA0000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: ZAM#U00d3WIENIE.exe, 00000000.00000002.807763858.0000000000CA0000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: ZAM#U00d3WIENIE.exe, 00000000.00000002.807763858.0000000000CA0000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: ZAM#U00d3WIENIE.exe, 00000000.00000002.807763858.0000000000CA0000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No contacted IP infos

AV Detection:

Found malware configuration

Source: 00000000.00000002.808037224.0000000002A30000.00000040.00000001.sdmp

Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&i"}

Multi AV Scanner detection for submitted file

Source: ZAM#U00d3WIENIE.exe

Virustotal: Detection: 39%

Perma Link

Compliance:

Uses 32bit PE files

Source: ZAM#U00d3WIENIE.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Software Vulnerabilities:

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

Code function: 4x nop then mov ecx, dword ptr [ebp+00000238h]

0_2_02A3B04C

Networking:

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://drive.google.com/uc?export=download&i

System Summary:

Uses 32bit PE files

Source: ZAM#U00d3WIENIE.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Sample file is different than original file name gathered from version info

Source: ZAM#U00d3WIENIE.exe, 00000000.00000000.280320316.0000000000417000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameENSARTET.exe vs ZAM#U00d3WIENIE.exe
Source: ZAM#U00d3WIENIE.exe	Binary or memory string: OriginalFilenameENSARTET.exe vs ZAM#U00d3WIENIE.exe

Detected potential crypto function

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_004016FE	0_2_004016FE
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_0040174B	0_2_0040174B
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_0040150F	0_2_0040150F
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B696	0_2_02A3B696
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A374DE	0_2_02A374DE
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35AA8	0_2_02A35AA8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AAA8	0_2_02A3AAA8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35AB4	0_2_02A35AB4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AA84	0_2_02A3AA84
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35A9D	0_2_02A35A9D
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AA9C	0_2_02A3AA9C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37AE0	0_2_02A37AE0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37AEC	0_2_02A37AEC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35AF2	0_2_02A35AF2
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37AF8	0_2_02A37AF8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35AC0	0_2_02A35AC0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37ACA	0_2_02A37ACA
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37AD4	0_2_02A37AD4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35AD8	0_2_02A35AD8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37A08	0_2_02A37A08
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AA62	0_2_02A3AA62
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A267	0_2_02A3A267
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3726E	0_2_02A3726E
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AA77	0_2_02A3AA77
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35BBB	0_2_02A35BBB
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37BE4	0_2_02A37BE4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35BC4	0_2_02A35BC4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39BD1	0_2_02A39BD1
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35BD0	0_2_02A35BD0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37BD7	0_2_02A37BD7
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35BDC	0_2_02A35BDC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37B04	0_2_02A37B04
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37B10	0_2_02A37B10
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37B1C	0_2_02A37B1C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AB60	0_2_02A3AB60
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AB6C	0_2_02A3AB6C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AB78	0_2_02A3AB78
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AB48	0_2_02A3AB48
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AB54	0_2_02A3AB54
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A8A0	0_2_02A3A8A0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A358A4	0_2_02A358A4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8AF	0_2_02A3B8AF
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A8AC	0_2_02A3A8AC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A8B8	0_2_02A3A8B8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8BC	0_2_02A3B8BC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B880	0_2_02A3B880
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A887	0_2_02A3A887
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36088	0_2_02A36088
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3588C	0_2_02A3588C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A894	0_2_02A3A894
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35898	0_2_02A35898
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8E0	0_2_02A3B8E0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8EC	0_2_02A3B8EC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A8C4	0_2_02A3A8C4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8C8	0_2_02A3B8C8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A8D0	0_2_02A3A8D0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8D4	0_2_02A3B8D4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A8DC	0_2_02A3A8DC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3603C	0_2_02A3603C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B808	0_2_02A3B808
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36064	0_2_02A36064
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B868	0_2_02A3B868
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36070	0_2_02A36070
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B874	0_2_02A3B874
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3587F	0_2_02A3587F
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3607C	0_2_02A3607C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B842	0_2_02A3B842
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36040	0_2_02A36040
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35845	0_2_02A35845
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B84F	0_2_02A3B84F
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3604C	0_2_02A3604C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35850	0_2_02A35850
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36058	0_2_02A36058
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3585C	0_2_02A3585C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B85C	0_2_02A3B85C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A359A0	0_2_02A359A0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A9A0	0_2_02A3A9A0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A359AC	0_2_02A359AC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A359B8	0_2_02A359B8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A361BC	0_2_02A361BC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B980	0_2_02A3B980
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37984	0_2_02A37984
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A988	0_2_02A3A988
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B98C	0_2_02A3B98C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37990	0_2_02A37990
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35994	0_2_02A35994
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A994	0_2_02A3A994
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3513C	0_2_02A3513C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3790D	0_2_02A3790D
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A964	0_2_02A3A964
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B968	0_2_02A3B968
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3796C	0_2_02A3796C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A970	0_2_02A3A970
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B974	0_2_02A3B974
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37978	0_2_02A37978
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3597C	0_2_02A3597C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A97C	0_2_02A3A97C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B943	0_2_02A3B943
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A950	0_2_02A3A950
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B950	0_2_02A3B950
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A958	0_2_02A3A958
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B95C	0_2_02A3B95C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39EA3	0_2_02A39EA3
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39EB0	0_2_02A39EB0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A6E9	0_2_02A3A6E9
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B6F4	0_2_02A3B6F4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AE27	0_2_02A3AE27
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35E2C	0_2_02A35E2C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35630	0_2_02A35630
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36E34	0_2_02A36E34
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AE34	0_2_02A3AE34
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35E38	0_2_02A35E38
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35E0A	0_2_02A35E0A
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AE0F	0_2_02A3AE0F
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35E14	0_2_02A35E14
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35664	0_2_02A35664
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39E68	0_2_02A39E68
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35670	0_2_02A35670
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39E74	0_2_02A39E74
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35640	0_2_02A35640
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35E44	0_2_02A35E44
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3564C	0_2_02A3564C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35E50	0_2_02A35E50
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39E5B	0_2_02A39E5B
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35658	0_2_02A35658
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35E5C	0_2_02A35E5C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A7AB	0_2_02A3A7AB
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39FA8	0_2_02A39FA8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A788	0_2_02A3A788
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A794	0_2_02A3A794
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7EF	0_2_02A3B7EF
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7FC	0_2_02A3B7FC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7C8	0_2_02A3B7C8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7CC	0_2_02A3B7CC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7D8	0_2_02A3B7D8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F24	0_2_02A35F24
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F30	0_2_02A35F30
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35734	0_2_02A35734
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37F38	0_2_02A37F38
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F3C	0_2_02A35F3C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3573C	0_2_02A3573C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B700	0_2_02A3B700
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F08	0_2_02A35F08
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F0C	0_2_02A35F0C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B70C	0_2_02A3B70C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F18	0_2_02A35F18
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B718	0_2_02A3B718
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35760	0_2_02A35760
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B760	0_2_02A3B760
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37F68	0_2_02A37F68
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A76F	0_2_02A3A76F
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3576C	0_2_02A3576C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B76C	0_2_02A3B76C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35778	0_2_02A35778
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B778	0_2_02A3B778
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A77C	0_2_02A3A77C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F48	0_2_02A35F48
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35748	0_2_02A35748
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37F4F	0_2_02A37F4F
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35F54	0_2_02A35F54
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35754	0_2_02A35754
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B754	0_2_02A3B754
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37F5C	0_2_02A37F5C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35CE0	0_2_02A35CE0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35CEC	0_2_02A35CEC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A354F7	0_2_02A354F7
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35CF8	0_2_02A35CF8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35CC6	0_2_02A35CC6
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35CC8	0_2_02A35CC8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35CD4	0_2_02A35CD4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39C37	0_2_02A39C37
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35470	0_2_02A35470
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39C44	0_2_02A39C44
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3ADED	0_2_02A3ADED
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3ADF8	0_2_02A3ADF8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36DDD	0_2_02A36DDD
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39D24	0_2_02A39D24
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35528	0_2_02A35528
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39D30	0_2_02A39D30
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35534	0_2_02A35534
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39D3C	0_2_02A39D3C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35504	0_2_02A35504
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35D04	0_2_02A35D04
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35510	0_2_02A35510
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35D10	0_2_02A35D10
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3551C	0_2_02A3551C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A35D1C	0_2_02A35D1C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39D60	0_2_02A39D60
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39D48	0_2_02A39D48
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39D54	0_2_02A39D54
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A558	0_2_02A3A558

Contains functionality to call native functions

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A374DE NtAllocateVirtualMemory,	0_2_02A374DE
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A376C5 NtAllocateVirtualMemory,	0_2_02A376C5
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A375A7 NtAllocateVirtualMemory,	0_2_02A375A7
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A375B4 NtAllocateVirtualMemory,	0_2_02A375B4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37584 NtAllocateVirtualMemory,	0_2_02A37584
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A37590 NtAllocateVirtualMemory,	0_2_02A37590
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A375C0 NtAllocateVirtualMemory,	0_2_02A375C0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3757F NtAllocateVirtualMemory,	0_2_02A3757F

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

Process Stats: CPU usage > 98%

Source: ZAM#U00d3WIENIE.exe

Virustotal: Detection: 39%

Source: ZAM#U00d3WIENIE.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

File created: C:\Users\user\AppData\Local\Temp\~DF8EA2B832342F5421.TMP

Jump to behavior

Source: classification engine

Classification label: mal76.troj.evad.winEXE@1/0@0/0

Data Obfuscation:

Yara detected GuLoader

Source: Yara match

File source: 00000000.00000002.808037224.0000000002A30000.00000040.00000001.sdmp, type: MEMORY

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_00403A41 push ds; ret	0_2_00403A44
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_0040347B push edx; iretd	0_2_004034AA
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_00404C38 push 0000002Fh; ret	0_2_00404C3A
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_00403EDB push ss; ret	0_2_00403EDC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_004042EE push ds; ret	0_2_00404308
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_004060F5 push ds; ret	0_2_004060F8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_00405E83 push ebx; iretd	0_2_00405EA4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_004056A7 push ds; ret	0_2_004056B8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_004044B9 push ebp; iretd	0_2_004044BA
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_00403955 push ds; ret	0_2_00403960
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_00404367 push edx; ret	0_2_00404368
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_00405B03 push ds; retf	0_2_00405B10
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_0040413E push ss; iretd	0_2_00404148
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_004069F1 push ds; iretd	0_2_00406A20
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_0040419B push ss; iretd	0_2_00404148
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_0040539E push 00000033h; ret	0_2_004053A0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A32AB0 push 89000002h; retf	0_2_02A32AB6
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3AA90 push eax; ret	0_2_02A3AA36
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A34A23 push edx; retf	0_2_02A34A24
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A32B0B push 89000002h; retf	0_2_02A32AB6
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3903C pushad ; retf	0_2_02A38FEE
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3213E push edx; ret	0_2_02A32162

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

Code function: 0_2_02A37068 rdtsc

0_2_02A37068

Anti Debugging:

Found potential dummy code loops (likely to delay analysis)

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

Process Stats: CPU usage > 90% for more than 60s

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A39A88 mov eax, dword ptr fs:[00000030h]	0_2_02A39A88
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A34BA3 mov eax, dword ptr fs:[00000030h]	0_2_02A34BA3
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A34B8C mov eax, dword ptr fs:[00000030h]	0_2_02A34B8C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A36B72 mov eax, dword ptr fs:[00000030h]	0_2_02A36B72
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3A6E9 mov eax, dword ptr fs:[00000030h]	0_2_02A3A6E9
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A394E0 mov eax, dword ptr fs:[00000030h]	0_2_02A394E0

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe

Code function: 0_2_02A37068 rdtsc

0_2_02A37068

Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B696 RtlAddVectoredExceptionHandler,	0_2_02A3B696
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BAA8 RtlAddVectoredExceptionHandler,	0_2_02A3BAA8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BAB4 RtlAddVectoredExceptionHandler,	0_2_02A3BAB4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BA82 RtlAddVectoredExceptionHandler,	0_2_02A3BA82
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BA84 RtlAddVectoredExceptionHandler,	0_2_02A3BA84
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BA90 RtlAddVectoredExceptionHandler,	0_2_02A3BA90
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BA9C RtlAddVectoredExceptionHandler,	0_2_02A3BA9C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BAC0 RtlAddVectoredExceptionHandler,	0_2_02A3BAC0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BBA0 RtlAddVectoredExceptionHandler,	0_2_02A3BBA0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BBAC RtlAddVectoredExceptionHandler,	0_2_02A3BBAC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BBB8 RtlAddVectoredExceptionHandler,	0_2_02A3BBB8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BB96 RtlAddVectoredExceptionHandler,	0_2_02A3BB96
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3BBC4 RtlAddVectoredExceptionHandler,	0_2_02A3BBC4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8AF RtlAddVectoredExceptionHandler,	0_2_02A3B8AF
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8BC RtlAddVectoredExceptionHandler,	0_2_02A3B8BC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B880 RtlAddVectoredExceptionHandler,	0_2_02A3B880
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8E0 RtlAddVectoredExceptionHandler,	0_2_02A3B8E0
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8EC RtlAddVectoredExceptionHandler,	0_2_02A3B8EC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8C8 RtlAddVectoredExceptionHandler,	0_2_02A3B8C8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B8D4 RtlAddVectoredExceptionHandler,	0_2_02A3B8D4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B808 RtlAddVectoredExceptionHandler,	0_2_02A3B808
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B868 RtlAddVectoredExceptionHandler,	0_2_02A3B868
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B874 RtlAddVectoredExceptionHandler,	0_2_02A3B874
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B842 RtlAddVectoredExceptionHandler,	0_2_02A3B842
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B84F RtlAddVectoredExceptionHandler,	0_2_02A3B84F
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B85C RtlAddVectoredExceptionHandler,	0_2_02A3B85C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B980 RtlAddVectoredExceptionHandler,	0_2_02A3B980
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B98C RtlAddVectoredExceptionHandler,	0_2_02A3B98C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B968 RtlAddVectoredExceptionHandler,	0_2_02A3B968
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B974 RtlAddVectoredExceptionHandler,	0_2_02A3B974
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B943 RtlAddVectoredExceptionHandler,	0_2_02A3B943
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B950 RtlAddVectoredExceptionHandler,	0_2_02A3B950
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B95C RtlAddVectoredExceptionHandler,	0_2_02A3B95C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B6F4 RtlAddVectoredExceptionHandler,	0_2_02A3B6F4
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7EF RtlAddVectoredExceptionHandler,	0_2_02A3B7EF
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7FC RtlAddVectoredExceptionHandler,	0_2_02A3B7FC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7C8 RtlAddVectoredExceptionHandler,	0_2_02A3B7C8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7CC RtlAddVectoredExceptionHandler,	0_2_02A3B7CC
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B7D8 RtlAddVectoredExceptionHandler,	0_2_02A3B7D8
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B700 RtlAddVectoredExceptionHandler,	0_2_02A3B700
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B70C RtlAddVectoredExceptionHandler,	0_2_02A3B70C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B718 RtlAddVectoredExceptionHandler,	0_2_02A3B718
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B760 RtlAddVectoredExceptionHandler,	0_2_02A3B760
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B76C RtlAddVectoredExceptionHandler,	0_2_02A3B76C
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B778 RtlAddVectoredExceptionHandler,	0_2_02A3B778
Source: C:\Users\user\Desktop\ZAM#U00d3WIENIE.exe	Code function: 0_2_02A3B754 RtlAddVectoredExceptionHandler,	0_2_02A3B754

Source: ZAM#U00d3WIENIE.exe, 00000000.00000002.807763858.0000000000CA0000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: ZAM#U00d3WIENIE.exe, 00000000.00000002.807763858.0000000000CA0000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: ZAM#U00d3WIENIE.exe, 00000000.00000002.807763858.0000000000CA0000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: ZAM#U00d3WIENIE.exe, 00000000.00000002.807763858.0000000000CA0000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

ID:	501857
Product:	CloudBasic
Start time:	10:38:13
Start date:	13.10.2021
Sample:	ZAM#U00d3WIENIE.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	328b34adced9ad8128d4079bcffde016
SHA1:	fa03cb6529d634b2e30d042491c0c13e39fd445e
SHA256:	95f59bb24f6c23995b22e40d5ba6785f9072da815451c04f61ee42f42a63089e
Filetype:	Win32 Executable (generic) a (10002005/4) 99.15%

Windows Analysis Report ZAM#U00d3WIENIE.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Screenshots

Behavior Graph

Network Map