Source: niPie.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: niPie.exe |
Static PE information: certificate valid |
Source: C:\Users\user\Desktop\niPie.exe |
Code function: 0_2_00401460 RegEnumValueA,FindFirstFileA,FindNextFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA, |
0_2_00401460 |
Source: niPie.exe |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: niPie.exe |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: niPie.exe |
String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: niPie.exe |
String found in binary or memory: http://s.symcd.com06 |
Source: niPie.exe |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: niPie.exe |
String found in binary or memory: http://s2.symcb.com0 |
Source: niPie.exe |
String found in binary or memory: http://sf.symcb.com/sf.crl0a |
Source: niPie.exe |
String found in binary or memory: http://sf.symcb.com/sf.crt0 |
Source: niPie.exe |
String found in binary or memory: http://sf.symcd.com0& |
Source: niPie.exe |
String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: niPie.exe |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: niPie.exe |
String found in binary or memory: http://sv.symcd.com0& |
Source: niPie.exe |
String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: niPie.exe |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: niPie.exe |
String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: niPie.exe |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: niPie.exe |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: niPie.exe |
String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: niPie.exe |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: niPie.exe |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: niPie.exe |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: niPie.exe |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: niPie.exe |
String found in binary or memory: https://d.symcb.com/rpa0. |
Source: niPie.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: niPie.exe, 00000000.00000002.355130521.000000000040F000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameWinNestInst.exe vs niPie.exe |
Source: niPie.exe |
Binary or memory string: OriginalFilenameWinNestInst.exe vs niPie.exe |
Source: C:\Users\user\Desktop\niPie.exe |
Code function: 0_2_00402100 |
0_2_00402100 |
Source: niPie.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\niPie.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: niPie.exe |
String found in binary or memory: /install |
Source: niPie.exe |
String found in binary or memory: /install |
Source: niPie.exe |
String found in binary or memory: ^@INSTALL\Software\National Instruments\Common\Installer\Pending\PackagesSoftware\National Instruments\Common\Installer\Pending\Deletes...%s\%s%s\*.*Value-ValueNameKeySoftware\National Instruments\Common\Installer\Pending\Registry\DeleteSoftware\National Instruments\Common\Installer\Pending\Registry\AddSoftware\National Instruments\Common\Installer\Pending\Registry/sREMOVEALL%s %s/remove"/install/test/qMutex FailedNested Install_MSIExecute/qnmSoftware\National Instruments\Common\Installer\Pending/undo%s ,\FeaturesTrueLaunchedByUpgrade\ProductsSoftware\National Instruments\Common\InstallerNIUPDMGRtrue |
Source: classification engine |
Classification label: clean4.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\niPie.exe |
Mutant created: \Sessions\1\BaseNamedObjects\_MSIExecute |
Source: niPie.exe |
Static PE information: certificate valid |
Source: C:\Users\user\Desktop\niPie.exe |
Code function: 0_2_00407AB8 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
0_2_00407AB8 |
Source: C:\Users\user\Desktop\niPie.exe |
Code function: 0_2_00402930 push eax; ret |
0_2_0040295E |
Source: C:\Users\user\Desktop\niPie.exe |
Evasive API call chain: RegOpenKey,DecisionNodes,ExitProcess |
Source: C:\Users\user\Desktop\niPie.exe |
API coverage: 6.3 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\niPie.exe |
Code function: 0_2_00401460 RegEnumValueA,FindFirstFileA,FindNextFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA, |
0_2_00401460 |
Source: C:\Users\user\Desktop\niPie.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\niPie.exe |
Code function: 0_2_00407AB8 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
0_2_00407AB8 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\niPie.exe |
Code function: 0_2_00405644 GetVersionExA,GetEnvironmentVariableA,GetModuleFileNameA, |
0_2_00405644 |