Click to jump to signature section
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
| Source: | Binary string: hmmapi.pdb source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, hmmapi.dll.2.dr |
| Source: | Binary string: f:\bluetooth8.0.1.57\sw\src\WIN8_Mainline\ExtArch\Bin\x64\Release\atheros Outlook Addin.pdb source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, atheros Outlook Addin.dll.2.dr |
| Source: | Binary string: hmmapi.pdbGCTL source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, hmmapi.dll.2.dr |
| Source: | Binary string: d:\Projects\AirVPN\Repo\eddie-air\src\Lib.Platform.Windows\obj\x64\Release\Lib.Platform.Windows.pdb source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Lib.Platform.Windows.dll.2.dr |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Code function: 2_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Code function: 2_2_0040290B FindFirstFileW, |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Code function: 2_2_0040699E FindFirstFileW,FindClose, |
| Source: pan-end-symbolic-rtl.svg.2.dr | String found in binary or memory: http://creativecommons.org/licenses/by-sa/4.0/ |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956635435.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, pan-end-symbolic-rtl.svg.2.dr | String found in binary or memory: http://creativecommons.org/ns# |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956635435.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, pan-end-symbolic-rtl.svg.2.dr | String found in binary or memory: http://creativecommons.org/ns#Attribution |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956635435.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, pan-end-symbolic-rtl.svg.2.dr | String found in binary or memory: http://creativecommons.org/ns#DerivativeWorks |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956635435.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, pan-end-symbolic-rtl.svg.2.dr | String found in binary or memory: http://creativecommons.org/ns#Distribution |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956635435.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, pan-end-symbolic-rtl.svg.2.dr | String found in binary or memory: http://creativecommons.org/ns#Notice |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956635435.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, pan-end-symbolic-rtl.svg.2.dr | String found in binary or memory: http://creativecommons.org/ns#Reproduction |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956635435.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, pan-end-symbolic-rtl.svg.2.dr | String found in binary or memory: http://creativecommons.org/ns#ShareAlike |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Lib.Platform.Windows.dll.2.dr | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Lib.Platform.Windows.dll.2.dr | String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Lib.Platform.Windows.dll.2.dr | String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Lib.Platform.Windows.dll.2.dr | String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0# |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Lib.Platform.Windows.dll.2.dr | String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Lib.Platform.Windows.dll.2.dr | String found in binary or memory: http://ocsp.comodoca.com0 |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Lib.Platform.Windows.dll.2.dr | String found in binary or memory: http://ocsp.sectigo.com0 |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | String found in binary or memory: http://s.symcd.com06 |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | String found in binary or memory: https://d.symcb.com/cps0% |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | String found in binary or memory: https://d.symcb.com/rpa0 |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | String found in binary or memory: https://d.symcb.com/rpa0. |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Lib.Platform.Windows.dll.2.dr | String found in binary or memory: https://eddie.website |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Lib.Platform.Windows.dll.2.dr | String found in binary or memory: https://eddie.website/windows-runtime/ |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Lib.Platform.Windows.dll.2.dr | String found in binary or memory: https://eddie.websiteX |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Lib.Platform.Windows.dll.2.dr | String found in binary or memory: https://sectigo.com/CPS0 |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Lib.Platform.Windows.dll.2.dr | String found in binary or memory: https://sectigo.com/CPS0D |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Code function: 2_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameLib.Platform.Windows.dllP vs SecuriteInfo.com.Variant.Babar.54324.15185.exe |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameOutlook Addin.DLLD vs SecuriteInfo.com.Variant.Babar.54324.15185.exe |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameHMMAPI.DLLD vs SecuriteInfo.com.Variant.Babar.54324.15185.exe |
| Source: hmmapi.dll.2.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
| Source: hmmapi.dll.2.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
| Source: hmmapi.dll.2.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
| Source: atheros Outlook Addin.dll.2.dr | Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Code function: 2_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Code function: 2_2_00406D5F |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Code function: 2_2_731D1BFF |
| Source: closure.dll.2.dr | Static PE information: Number of sections : 19 > 10 |
| Source: libshishi-0.dll.2.dr | Static PE information: Number of sections : 11 > 10 |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | Virustotal: Detection: 22% |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | ReversingLabs: Detection: 19% |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Code function: 2_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | String found in binary or memory: <?xml version='1.0' encoding='UTF-8' standalone='no'?> <svg xmlns:cc='http://creativecommons.org/ns#' xmlns:dc='http://purl.org/dc/elements/1.1/' sodipodi:docname='pan-start-symbolic.svg' inkscape:export-filename='/home/sam/source-symbolic.png' inkscape:export |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | String found in binary or memory: <?xml version='1.0' encoding='UTF-8' standalone='no'?><svg xmlns:cc='http://creativecommons.org/ns#' xmlns:dc='http://purl.org/dc/elements/1.1/' sodipodi:docname='pan-start-symbolic.svg' inkscape:export-filename='/home/sam/source-symbolic.png' inkscape:export |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Code function: 2_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, |
| Source: SecuriteInfo.com.Variant.Babar.54324.15185.exe | Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
| Source: | Binary string: hmmapi.pdb source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, hmmapi.dll.2.dr |
| Source: | Binary string: f:\bluetooth8.0.1.57\sw\src\WIN8_Mainline\ExtArch\Bin\x64\Release\atheros Outlook Addin.pdb source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, atheros Outlook Addin.dll.2.dr |
| Source: | Binary string: hmmapi.pdbGCTL source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, hmmapi.dll.2.dr |
| Source: | Binary string: d:\Projects\AirVPN\Repo\eddie-air\src\Lib.Platform.Windows\obj\x64\Release\Lib.Platform.Windows.pdb source: SecuriteInfo.com.Variant.Babar.54324.15185.exe, 00000002.00000002.956875325.00000000027E6000.00000004.00000800.00020000.00000000.sdmp, Lib.Platform.Windows.dll.2.dr |
| Source: libshishi-0.dll.2.dr | Static PE information: section name: .xdata |
| Source: closure.dll.2.dr | Static PE information: section name: .xdata |
| Source: closure.dll.2.dr | Static PE information: section name: /4 |
| Source: closure.dll.2.dr | Static PE information: section name: /19 |
| Source: closure.dll.2.dr | Static PE information: section name: /31 |
| Source: closure.dll.2.dr | Static PE information: section name: /45 |
| Source: closure.dll.2.dr | Static PE information: section name: /57 |
| Source: closure.dll.2.dr | Static PE information: section name: /70 |
| Source: closure.dll.2.dr | Static PE information: section name: /81 |
| Source: closure.dll.2.dr | Static PE information: section name: /92 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Code function: 2_2_731D1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | File created: C:\Users\user\AppData\Local\Temp\nso144E.tmp\System.dll | Jump to dropped file |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | File created: C:\Users\user\AppData\Local\Temp\libshishi-0.dll | Jump to dropped file |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | File created: C:\Users\user\AppData\Local\Temp\hmmapi.dll | Jump to dropped file |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | File created: C:\Users\user\AppData\Local\Temp\atheros Outlook Addin.dll | Jump to dropped file |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | File created: C:\Users\user\AppData\Local\Temp\Lib.Platform.Windows.dll | Jump to dropped file |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | File created: C:\Users\user\AppData\Local\Temp\closure.dll | Jump to dropped file |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | RDTSC instruction interceptor: First address: 00000000030E27E1 second address: 00000000030E27E1 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F55ACAA8DCAh 0x00000006 inc ebp 0x00000007 inc ebx 0x00000008 rdtsc |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\libshishi-0.dll | Jump to dropped file |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\hmmapi.dll | Jump to dropped file |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\atheros Outlook Addin.dll | Jump to dropped file |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Lib.Platform.Windows.dll | Jump to dropped file |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\closure.dll | Jump to dropped file |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Code function: 2_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Code function: 2_2_0040290B FindFirstFileW, |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Code function: 2_2_0040699E FindFirstFileW,FindClose, |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | API call chain: ExitProcess graph end node |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | API call chain: ExitProcess graph end node |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Code function: 2_2_731D1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Babar.54324.15185.exe | Code function: 2_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
Edit tour
SecuriteInfo.com.Variant.Babar.54324.15185.exe (PID: 7156 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node