Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Virustotal: Detection: 37% |
Perma Link |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Metadefender: Detection: 25% |
Perma Link |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
ReversingLabs: Detection: 33% |
Source: C:\Windows\System32\conhost.exe |
Code function: 1_2_000001BA559E70D6 |
1_2_000001BA559E70D6 |
Source: C:\Windows\System32\conhost.exe |
Code function: 1_2_000001BA559E6D06 |
1_2_000001BA559E6D06 |
Source: C:\Windows\System32\conhost.exe |
Code function: 1_2_000001BA559E60D2 |
1_2_000001BA559E60D2 |
Source: C:\Windows\System32\conhost.exe |
Code function: 1_2_000001BA559E750E |
1_2_000001BA559E750E |
Source: C:\Windows\System32\conhost.exe |
Code function: 1_2_000001BA559E796A |
1_2_000001BA559E796A |
Source: C:\Windows\System32\conhost.exe |
Code function: 1_2_00007FFD04005862 |
1_2_00007FFD04005862 |
Source: C:\Windows\System32\conhost.exe |
Code function: 1_2_00007FFD04004AB6 |
1_2_00007FFD04004AB6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Code function: 0_2_00401D58 NtAllocateVirtualMemory, |
0_2_00401D58 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Code function: 0_2_00401D18 NtWriteVirtualMemory, |
0_2_00401D18 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Code function: 0_2_004019D8 NtCreateThreadEx, |
0_2_004019D8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Code function: 0_2_00401D98 NtProtectVirtualMemory, |
0_2_00401D98 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Code function: 0_2_00401C98 NtClose, |
0_2_00401C98 |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Static PE information: Section: .rdata ZLIB complexity 0.999692137922 |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Virustotal: Detection: 37% |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Metadefender: Detection: 25% |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
ReversingLabs: Detection: 33% |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe' |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Process created: C:\Windows\System32\conhost.exe 'C:\Windows\System32\conhost.exe' 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe' |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Process created: C:\Windows\System32\conhost.exe 'C:\Windows\System32\conhost.exe' 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe' |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine from Win32_Process where Name='explorer.exe' |
Source: C:\Windows\System32\conhost.exe |
File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\conhost.exe.log |
Jump to behavior |
Source: classification engine |
Classification label: mal60.evad.winEXE@3/1@0/0 |
Source: C:\Windows\System32\conhost.exe |
File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll |
Jump to behavior |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Static file information: File size 2009088 > 1048576 |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x1e8800 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Code function: 0_2_005ECB00 push rax; retf |
0_2_005ECB01 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Code function: 0_2_005EC8C0 push rax; retn 0009h |
0_2_005EC8C1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Code function: 0_2_005ECBFF push rax; iretd |
0_2_005ECC01 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Code function: 0_2_005ECAB7 push rax; retf 0009h |
0_2_005ECAC1 |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Memory written: C:\Windows\System32\conhost.exe base: 1BA55800000 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Thread created: C:\Windows\System32\conhost.exe EIP: 55800000 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Memory allocated: C:\Windows\System32\conhost.exe base: 1BA55800000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe |
Process created: C:\Windows\System32\conhost.exe 'C:\Windows\System32\conhost.exe' 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe' |
Jump to behavior |
Source: conhost.exe, 00000001.00000000.350445968.000001BA56310000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: conhost.exe, 00000001.00000000.350445968.000001BA56310000.00000002.00020000.sdmp |
Binary or memory string: Progman |
Source: conhost.exe, 00000001.00000000.350445968.000001BA56310000.00000002.00020000.sdmp |
Binary or memory string: &Program Manager |
Source: conhost.exe, 00000001.00000000.350445968.000001BA56310000.00000002.00020000.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Windows\System32\conhost.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation |
Jump to behavior |