Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Virustotal: Detection: 37% | Perma Link |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Metadefender: Detection: 25% | Perma Link |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | ReversingLabs: Detection: 33% |
Source: C:\Windows\System32\conhost.exe | Code function: 1_2_000001BA559E70D6 |
Source: C:\Windows\System32\conhost.exe | Code function: 1_2_000001BA559E6D06 |
Source: C:\Windows\System32\conhost.exe | Code function: 1_2_000001BA559E60D2 |
Source: C:\Windows\System32\conhost.exe | Code function: 1_2_000001BA559E750E |
Source: C:\Windows\System32\conhost.exe | Code function: 1_2_000001BA559E796A |
Source: C:\Windows\System32\conhost.exe | Code function: 1_2_00007FFD04005862 |
Source: C:\Windows\System32\conhost.exe | Code function: 1_2_00007FFD04004AB6 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Code function: 0_2_00401D58 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Code function: 0_2_00401D18 NtWriteVirtualMemory, |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Code function: 0_2_004019D8 NtCreateThreadEx, |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Code function: 0_2_00401D98 NtProtectVirtualMemory, |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Code function: 0_2_00401C98 NtClose, |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Static PE information: Section: .rdata ZLIB complexity 0.999692137922 |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Virustotal: Detection: 37% |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Metadefender: Detection: 25% |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | ReversingLabs: Detection: 33% |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: C:\Windows\System32\conhost.exe | Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll |
Source: unknown | Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe' |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Process created: C:\Windows\System32\conhost.exe 'C:\Windows\System32\conhost.exe' 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe' |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Process created: C:\Windows\System32\conhost.exe 'C:\Windows\System32\conhost.exe' 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe' |
Source: C:\Windows\System32\conhost.exe | WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine from Win32_Process where Name='explorer.exe' |
Source: C:\Windows\System32\conhost.exe | File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\conhost.exe.log | Jump to behavior |
Source: classification engine | Classification label: mal60.evad.winEXE@3/1@0/0 |
Source: C:\Windows\System32\conhost.exe | File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Static file information: File size 2009088 > 1048576 |
Source: SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x1e8800 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Code function: 0_2_005ECB00 push rax; retf |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Code function: 0_2_005EC8C0 push rax; retn 0009h |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Code function: 0_2_005ECBFF push rax; iretd |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Code function: 0_2_005ECAB7 push rax; retf 0009h |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Thread delayed: delay time: 922337203685477 |
Source: C:\Windows\System32\conhost.exe | Thread delayed: delay time: 922337203685477 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Memory written: C:\Windows\System32\conhost.exe base: 1BA55800000 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Thread created: C:\Windows\System32\conhost.exe EIP: 55800000 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Memory allocated: C:\Windows\System32\conhost.exe base: 1BA55800000 protect: page execute and read and write |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe | Process created: C:\Windows\System32\conhost.exe 'C:\Windows\System32\conhost.exe' 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.InjectNET.14.3934.exe' |
Source: conhost.exe, 00000001.00000000.350445968.000001BA56310000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWnd |
Source: conhost.exe, 00000001.00000000.350445968.000001BA56310000.00000002.00020000.sdmp | Binary or memory string: Progman |
Source: conhost.exe, 00000001.00000000.350445968.000001BA56310000.00000002.00020000.sdmp | Binary or memory string: &Program Manager |
Source: conhost.exe, 00000001.00000000.350445968.000001BA56310000.00000002.00020000.sdmp | Binary or memory string: Progmanlock |
Source: C:\Windows\System32\conhost.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.