Source: 0klWxH7lko.exe |
Virustotal: Detection: 19% |
Perma Link |
Source: 0klWxH7lko.exe |
ReversingLabs: Detection: 22% |
Source: 0klWxH7lko.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI |
Source: |
Binary string: makecab.pdbGCTL source: 0klWxH7lko.exe |
Source: |
Binary string: makecab.pdb source: 0klWxH7lko.exe |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_004059DC GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn, |
1_2_004059DC |
Source: unknown |
DNS traffic detected: queries for: clientconfig.passport.net |
Source: 0klWxH7lko.exe, 00000001.00000002.517897189.000000000069A000.00000004.00000020.sdmp |
Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/> |
|
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0043289C GetKeyboardState,KiUserCallbackDispatcher, |
1_2_0043289C |
Source: 0klWxH7lko.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI |
Source: 0klWxH7lko.exe |
Binary or memory string: OriginalFilename vs 0klWxH7lko.exe |
Source: 0klWxH7lko.exe, 00000001.00000002.517674694.0000000000457000.00000008.00020000.sdmp |
Binary or memory string: OriginalFilenamemakecab.exej% vs 0klWxH7lko.exe |
Source: 0klWxH7lko.exe |
Binary or memory string: OriginalFilenamemakecab.exej% vs 0klWxH7lko.exe |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0044AA44 |
1_2_0044AA44 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0044583C |
1_2_0044583C |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: String function: 00406A24 appears 61 times |
|
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: String function: 004048D8 appears 68 times |
|
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00450594 NtdllDefWindowProc_A, |
1_2_00450594 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0043582C NtdllDefWindowProc_A,GetCapture, |
1_2_0043582C |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00450D38 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A, |
1_2_00450D38 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00450DE8 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus, |
1_2_00450DE8 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00429488 NtdllDefWindowProc_A, |
1_2_00429488 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0044583C GetSubMenu,SaveDC,RestoreDC,7378B080,SaveDC,RestoreDC,NtdllDefWindowProc_A, |
1_2_0044583C |
Source: 0klWxH7lko.exe |
Virustotal: Detection: 19% |
Source: 0klWxH7lko.exe |
ReversingLabs: Detection: 22% |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0041E178 GetLastError,FormatMessageA, |
1_2_0041E178 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: 0klWxH7lko.exe |
Joe Sandbox Cloud Basic: Detection: clean Score: 0 |
Perma Link |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00414038 FindResourceA, |
1_2_00414038 |
Source: classification engine |
Classification label: mal52.evad.winEXE@1/0@1/0 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00408D92 GetDiskFreeSpaceA, |
1_2_00408D92 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Window found: window name: TButton |
Jump to behavior |
Source: |
Binary string: makecab.pdbGCTL source: 0klWxH7lko.exe |
Source: |
Binary string: makecab.pdb source: 0klWxH7lko.exe |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0043CE54 push 0043CEE1h; ret |
1_2_0043CED9 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0043E11C push 0043E148h; ret |
1_2_0043E140 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_004462F4 push 0044635Fh; ret |
1_2_00446357 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0041A428 push ecx; mov dword ptr [esp], edx |
1_2_0041A42D |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0042443C push 0042447Ah; ret |
1_2_00424472 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00424484 push 004244B0h; ret |
1_2_004244A8 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_004244BC push 004244F4h; ret |
1_2_004244EC |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00406570 push 004065C1h; ret |
1_2_004065B9 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0040E628 push 0040E654h; ret |
1_2_0040E64C |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0043263C push ecx; mov dword ptr [esp], ecx |
1_2_00432640 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_004226D0 push 004227A0h; ret |
1_2_00422798 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_004247E0 push 0042480Ch; ret |
1_2_00424804 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_004067B8 push 004067E4h; ret |
1_2_004067DC |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00406830 push 0040685Ch; ret |
1_2_00406854 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_004168D4 push ecx; mov dword ptr [esp], edx |
1_2_004168D6 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_004228B0 push 004228DCh; ret |
1_2_004228D4 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00452954 push 004529AEh; ret |
1_2_004529A6 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0042498C push 004249B8h; ret |
1_2_004249B0 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00422B84 push 00422BB0h; ret |
1_2_00422BA8 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00422C88 push 00422CB4h; ret |
1_2_00422CAC |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0043CDEC push 0043CE52h; ret |
1_2_0043CE4A |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00408E40 push ecx; mov dword ptr [esp], eax |
1_2_00408E41 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00410F86 push 00410FFEh; ret |
1_2_00410FF6 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00410F88 push 00410FFEh; ret |
1_2_00410FF6 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0042AFAC push 0042B005h; ret |
1_2_0042AFFD |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00409044 push ecx; mov dword ptr [esp], eax |
1_2_00409045 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0042B048 push 0042B080h; ret |
1_2_0042B078 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00411000 push 004110A8h; ret |
1_2_004110A0 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_004550C8 push 004550FBh; ret |
1_2_004550F3 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0042B0DC push 0042B108h; ret |
1_2_0042B100 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_004110AA push 004111C0h; ret |
1_2_004111B8 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0043C824 SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode, |
1_2_0043C824 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0043C824 SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode, |
1_2_0043C824 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0045061C PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, |
1_2_0045061C |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0044D604 KiUserCallbackDispatcher,SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow, |
1_2_0044D604 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00438128 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient, |
1_2_00438128 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00450D38 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A, |
1_2_00450D38 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00450DE8 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus, |
1_2_00450DE8 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00422ECC MonitorFromWindow,MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect, |
1_2_00422ECC |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00436F50 IsIconic,GetCapture, |
1_2_00436F50 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_00437804 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement, |
1_2_00437804 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0042BDC8 |
1_2_0042BDC8 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: GetCurrentThreadId,GetCursorPos,WaitForSingleObject, |
1_2_0044FB78 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0042BDC8 |
1_2_0042BDC8 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0041E714 GetSystemInfo, |
1_2_0041E714 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_004059DC GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn, |
1_2_004059DC |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0043C824 SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode, |
1_2_0043C824 |
Source: 0klWxH7lko.exe, 00000001.00000002.518229505.0000000000D20000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: 0klWxH7lko.exe, 00000001.00000002.518229505.0000000000D20000.00000002.00020000.sdmp |
Binary or memory string: Progman |
Source: 0klWxH7lko.exe, 00000001.00000002.518229505.0000000000D20000.00000002.00020000.sdmp |
Binary or memory string: SProgram Managerl |
Source: 0klWxH7lko.exe, 00000001.00000002.518229505.0000000000D20000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd, |
Source: 0klWxH7lko.exe, 00000001.00000002.518229505.0000000000D20000.00000002.00020000.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA, |
1_2_00405BB4 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: GetLocaleInfoA, |
1_2_004064FC |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: GetLocaleInfoA,GetACP, |
1_2_0040CC84 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: GetLocaleInfoA, |
1_2_0040B638 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: GetLocaleInfoA, |
1_2_0040B684 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA, |
1_2_00405CBF |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0043CE54 GetVersion, |
1_2_0043CE54 |
Source: C:\Users\user\Desktop\0klWxH7lko.exe |
Code function: 1_2_0040A10C GetLocalTime, |
1_2_0040A10C |