Source: 00000000.00000002.862055491.0000000003060000.00000040.00000001.sdmp |
Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=downlD'"} |
Source: FACTURAS.exe |
Virustotal: Detection: 40% |
Perma Link |
Source: FACTURAS.exe |
Metadefender: Detection: 38% |
Perma Link |
Source: FACTURAS.exe |
ReversingLabs: Detection: 57% |
Source: FACTURAS.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: Malware configuration extractor |
URLs: https://drive.google.com/uc?export=downlD' |
Source: FACTURAS.exe, 00000000.00000002.860970740.00000000005CA000.00000004.00000020.sdmp |
Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/> |
|
Source: FACTURAS.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306D940 NtAllocateVirtualMemory, |
0_2_0306D940 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306DB0E NtAllocateVirtualMemory, |
0_2_0306DB0E |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306DB52 NtAllocateVirtualMemory, |
0_2_0306DB52 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306DE06 NtAllocateVirtualMemory, |
0_2_0306DE06 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306DC8C NtAllocateVirtualMemory, |
0_2_0306DC8C |
Source: FACTURAS.exe, 00000000.00000002.860928984.0000000000424000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameSERVICEKONTRAKTS.exe vs FACTURAS.exe |
Source: FACTURAS.exe, 00000000.00000002.861579074.0000000002A60000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameSERVICEKONTRAKTS.exeFE2XMURALL vs FACTURAS.exe |
Source: FACTURAS.exe |
Binary or memory string: OriginalFilenameSERVICEKONTRAKTS.exe vs FACTURAS.exe |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Process Stats: CPU usage > 98% |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03076B17 |
0_2_03076B17 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306D940 |
0_2_0306D940 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306E3A7 |
0_2_0306E3A7 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306A3A0 |
0_2_0306A3A0 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306E3C2 |
0_2_0306E3C2 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306A28E |
0_2_0306A28E |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_030692AF |
0_2_030692AF |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_030692DA |
0_2_030692DA |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306A122 |
0_2_0306A122 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306B1FE |
0_2_0306B1FE |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306B034 |
0_2_0306B034 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306A0B4 |
0_2_0306A0B4 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306A0D5 |
0_2_0306A0D5 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306A730 |
0_2_0306A730 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306E75A |
0_2_0306E75A |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306C76B |
0_2_0306C76B |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_030697F8 |
0_2_030697F8 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306E65C |
0_2_0306E65C |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306A6C9 |
0_2_0306A6C9 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306D566 |
0_2_0306D566 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306957A |
0_2_0306957A |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03074430 |
0_2_03074430 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03069444 |
0_2_03069444 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306A4C0 |
0_2_0306A4C0 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306E4F6 |
0_2_0306E4F6 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306DB0E |
0_2_0306DB0E |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03074BBF |
0_2_03074BBF |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03073BCC |
0_2_03073BCC |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03069A80 |
0_2_03069A80 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03073ABC |
0_2_03073ABC |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306AAFA |
0_2_0306AAFA |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03069932 |
0_2_03069932 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306993C |
0_2_0306993C |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03073994 |
0_2_03073994 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306A9DE |
0_2_0306A9DE |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0307382F |
0_2_0307382F |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03073860 |
0_2_03073860 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306E8B4 |
0_2_0306E8B4 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306EF04 |
0_2_0306EF04 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03074F2E |
0_2_03074F2E |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03069FA8 |
0_2_03069FA8 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03069E60 |
0_2_03069E60 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306AE9A |
0_2_0306AE9A |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306EEB4 |
0_2_0306EEB4 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03073D0C |
0_2_03073D0C |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306CD2E |
0_2_0306CD2E |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306AD74 |
0_2_0306AD74 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03069DDE |
0_2_03069DDE |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306AC38 |
0_2_0306AC38 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03069CDB |
0_2_03069CDB |
Source: FACTURAS.exe |
Virustotal: Detection: 40% |
Source: FACTURAS.exe |
Metadefender: Detection: 38% |
Source: FACTURAS.exe |
ReversingLabs: Detection: 57% |
Source: FACTURAS.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: classification engine |
Classification label: mal68.troj.winEXE@1/2@0/0 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\FACTURAS.exe |
File created: C:\Users\user\AppData\Roaming\Bh2BSU9xxO49MYboEPptixGKslvKjoQApxmsXHE151 |
Jump to behavior |
Source: Yara match |
File source: 00000000.00000002.862055491.0000000003060000.00000040.00000001.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_004098C0 push 2DBAC715h; retf |
0_2_004098C5 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_004098CB push ss; retf |
0_2_004098CD |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0040508B pushad ; ret |
0_2_0040509D |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0040755C push cs; retf |
0_2_0040755D |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_00407179 push esp; iretd |
0_2_00407181 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_00407584 push cs; retf |
0_2_0040755D |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_004085B8 push edx; retf |
0_2_004085B9 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_00406245 push ecx; retf |
0_2_00406249 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_004072E6 push ebp; iretd |
0_2_004072E9 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_004042FC push edx; retf |
0_2_004042FD |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0040972A push eax; iretd |
0_2_00409745 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_004083D6 pushfd ; iretd |
0_2_00408422 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03066512 push ecx; retf |
0_2_03066516 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03064E82 push esi; iretd |
0_2_03064E99 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0307339D mov eax, dword ptr fs:[00000030h] |
0_2_0307339D |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_0306C76B mov eax, dword ptr fs:[00000030h] |
0_2_0306C76B |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03072A70 mov eax, dword ptr fs:[00000030h] |
0_2_03072A70 |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03074F2E mov eax, dword ptr fs:[00000030h] |
0_2_03074F2E |
Source: C:\Users\user\Desktop\FACTURAS.exe |
Code function: 0_2_03076B17 RtlAddVectoredExceptionHandler, |
0_2_03076B17 |
Source: FACTURAS.exe, 00000000.00000002.861049488.0000000000D90000.00000002.00020000.sdmp |
Binary or memory string: Program Manager |
Source: FACTURAS.exe, 00000000.00000002.861049488.0000000000D90000.00000002.00020000.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: FACTURAS.exe, 00000000.00000002.861049488.0000000000D90000.00000002.00020000.sdmp |
Binary or memory string: Progman |
Source: FACTURAS.exe, 00000000.00000002.861049488.0000000000D90000.00000002.00020000.sdmp |
Binary or memory string: Progmanlock |