{"Payload URL": "https://afrocompass.com/karinedocesesalgados_Hpi"}
Source: 00000000.00000002.781020135.0000000002930000.00000040.00000001.sdmp | Malware Configuration Extractor: GuLoader {"Payload URL": "https://afrocompass.com/karinedocesesalgados_Hpi"} |
Source: 2GirCpksIO.exe | Virustotal: Detection: 32% | Perma Link |
Source: 2GirCpksIO.exe | ReversingLabs: Detection: 20% |
Source: 2GirCpksIO.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: Malware configuration extractor | URLs: https://afrocompass.com/karinedocesesalgados_Hpi |
Source: initial sample | Icon embedded in PE file: bad icon match: 20047c7c70f0e004 |
Source: 2GirCpksIO.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: 2GirCpksIO.exe, 00000000.00000002.779736362.000000000041B000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameSORNER.exe vs 2GirCpksIO.exe |
Source: 2GirCpksIO.exe | Binary or memory string: OriginalFilenameSORNER.exe vs 2GirCpksIO.exe |
Source: 2GirCpksIO.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_0293BE72 |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_029418A6 |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_0293B688 |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_029402D0 |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_0293BA6E |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_0293C399 |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_029303EC |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_0293EC0A |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_0293E876 |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_0293BE72 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process Stats: CPU usage > 98% |
Source: 2GirCpksIO.exe | Virustotal: Detection: 32% |
Source: 2GirCpksIO.exe | ReversingLabs: Detection: 20% |
Source: 2GirCpksIO.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Section loaded: C:\Windows\SysWOW64\msvbvm60.dll |
Source: classification engine | Classification label: mal84.rans.troj.evad.winEXE@1/0@0/0 |
Source: Yara match | File source: 00000000.00000002.781020135.0000000002930000.00000040.00000001.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_00407447 push esi; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_004084D6 push ebp; retf |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_0040688C pushfd ; iretd |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_0040856E push ebp; retf |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_00404572 push ecx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_004091FD push ss; retf |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_0040798C pushfd ; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_004085A1 push ebp; retf |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_004059BD pushad ; retf 0008h |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_00405EA9 push edi; retf |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_0040937F push FFFFFFDFh; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_00408325 push dword ptr [edi]; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_00407B9F push esi; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02041EF5 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02044205 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02042A05 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02041205 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02045A03 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02046214 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02044A13 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02043213 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02041A13 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02040218 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02043A24 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02042224 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02040A24 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02046A24 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02045225 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02044233 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02042A33 push edx; ret |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_02041233 push edx; ret |
Source: initial sample | Static PE information: section name: .text entropy: 6.86127779315 |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process information set: NOOPENFILEERRORBOX |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Process Stats: CPU usage > 90% for more than 60s |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_029402D0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_0293EE31 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_0293B87D mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_0293E553 mov eax, dword ptr fs:[00000030h] |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\2GirCpksIO.exe | Code function: 0_2_029418A6 RtlAddVectoredExceptionHandler, |
Source: 2GirCpksIO.exe, 00000000.00000002.780409814.0000000000C20000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWnd |
Source: 2GirCpksIO.exe, 00000000.00000002.780409814.0000000000C20000.00000002.00020000.sdmp | Binary or memory string: Progman |
Source: 2GirCpksIO.exe, 00000000.00000002.780409814.0000000000C20000.00000002.00020000.sdmp | Binary or memory string: SProgram Managerl |
Source: 2GirCpksIO.exe, 00000000.00000002.780409814.0000000000C20000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWnd, |
Source: 2GirCpksIO.exe, 00000000.00000002.780409814.0000000000C20000.00000002.00020000.sdmp | Binary or memory string: Progmanlock |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.