Windows Analysis Report
ibaAnalyzerSetup_x64_v7.3.6.exe

Overview

General Information

Sample Name: ibaAnalyzerSetup_x64_v7.3.6.exe
Analysis ID: 632527
MD5: c1ae350f67039cbe69f10df9b8001371
SHA1: 6362ba848a6027939c642d4b405994ca5a96272c
SHA256: fbf6ebb863e6ee15a9fbe144116fc568d929cdb560ad1380a45c71f761946cd1
Infos:

Detection

Score: 24
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Compliance

Score: 34
Range: 0 - 100

Signatures

Found evasive API chain (may stop execution after checking mutex)
Tries to detect virtualization through RDTSC time measurements
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to launch a process as a different user
Contains functionality to get notified if a device is plugged in / out
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to enumerate running services
Contains functionality to dynamically determine API calls
Contains functionality to read the clipboard data
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Found inlined nop instructions (likely shell or obfuscated code)
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Binary contains a suspicious time stamp
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to delete services
Contains functionality for read data from the clipboard

Classification

Antivirus or Machine Learning detection for unpacked file
Source: 0.2.ibaAnalyzerSetup_x64_v7.3.6.exe.411c52.1.unpack Avira: Label: TR/Patched.Ren.Gen
DLL planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe DLL: USP10.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe DLL: mpiwin32.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe DLL: VERSION.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe DLL: SHFOLDER.DLL Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe DLL: RichEd20.DLL Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe DLL: msls31.dll Jump to behavior

Compliance
barindex
Uses 32bit PE files
Source: ibaAnalyzerSetup_x64_v7.3.6.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe DLL: USP10.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe DLL: mpiwin32.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe DLL: VERSION.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe DLL: SHFOLDER.DLL Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe DLL: RichEd20.DLL Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe DLL: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Window detected: < &BackI &AgreeCanceliba AG iba AGLicense AgreementPlease review the license terms before installing ibaAnalyzer v7.3.6 (x64).Press Page Down to see the rest of the agreement.LICENSE AGREEMENT for ibaAnalyzer (hereinafter referred to as SOFTWARE)Copyright iba AG. All Rights Reserved.YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE. IF YOU DO NOT AGREE DO NOT INSTALL COPY OR USE THE SOFTWARE 1. GRANT OF LICENSE. iba AG grants the customer a non-transferable non-exclusive right to use the SOFTWARE under the provisions of this LICENSE AGREEMENT.(1) LICENSE PROTECTIONThe SOFTWARE provided contains technical features intended to prevent unlicensed use. (a) Cost free license for standard functions iba AG grants a cost free license for use of the standard features of the product if a genuine iba file format is opened. Each time such a genuine file is opened a cost free single use license for this program is intrinsically granted. Genuine in this context means that the measurement file has been produced with a correctly licensed iba SOFTWARE which can be ibaPDA ibaLogic ibaAnalyzer ibaDatCoordinator or ibaFiles. (b) Purchased license for special functions Use of special functions in the SOFTWARE requires a purchased license. The use of these functions is allowed only if the purchased license dongle (USB hardware key) carries the associated license information. The license dongle must be plugged into a port on the PC suitable for the purpose and may not be removed while the functions requiring the license are being used. The license is issued to the end user name specified in the order and is not transferrable. The license may also be managed by a license server for multiple users within the same organization. (2) ACTIONS EXCLUDED FROM THE LICENSE(a) You may not amend modify or edit the SOFTWARE. The modification or removal of trademarks copyrights and other IP protection notices is expressively forbidden. (b) You may not reverse engineer decompile or disassemble the SOFTWARE except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.(c) You may not reproduce the SOFTWARE for the purpose of passing it to third parties.(3) NON TRANSFERABILITYThe license is not transferable. The customer only has the right to transfer the rights of use of the SOFTWARE to a third party if the license has already been issued in the name of this third party or has been changed to this name by iba AG.(4) GENUINE iba FILE FORMATThe genuine iba file formats in its different versions are intellectual property of iba AG. Any file generated by a third party product with a similar or different format requires the purchase of a proper license from iba AG. Unlicensed generation of the genuine iba file format is illegal and subject to legal action. iba AG reserves the right to modify the genuine file formats at any time without notice.2. DESCRIPTION OF OTH
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\License_Agreement_ibaAnalyzer.pdf Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\License_Agreement_ibaAnalyzer.pdf Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzer.exe Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\SciLexer.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\versions.htm Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\License_Agreement_ibaAnalyzer.pdf Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\support.htm Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractor.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractorMC.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\reg_dataextractorMC.bat Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\reg_dataextractor.bat Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\mkl64_parallel.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\libiomp5md.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\msvcr100.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\msvcp100.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Data.v16.1.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Printing.v16.1.Core.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Sparkline.v16.1.Core.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Utils.v16.1.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraEditors.v16.1.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraGrid.v16.1.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraPrinting.v16.1.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DotNetMagic2005.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\hdClientInterfaces.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\hdCommon.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaUser.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaUser.Forms.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaHdViewUtilities.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaLogger.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ICSharpCode.SharpZipLib.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaViewInterfaces.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaViewUtilities.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaPdaServerInterfaces.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaExpressions.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaPdaPluginInterface.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\OverlayWindow.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\PowerCollections.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\View.ibaEventTable.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\View.ibaGraphManager.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaHDOffline.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaHdOfflineActiveX.ocx Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\hdClient.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\hdCore.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaRunTime64.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\hdClient.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\ibaHDOffline.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\hdCommon.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.Forms.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\ibaViewUtilities.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaEventTable.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaGraphManager.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\ibaShared.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\ibaSharedGui.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaFFT.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaOrbit.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\View.GeoView.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\ibaAnalyzerViewHostViewWrapper.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaAnalyzerViewHostGraphManager.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\hdClient.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaHDOffline.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\hdCommon.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.Forms.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaViewUtilities.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaEventTable.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaGraphManager.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaShared.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaSharedGui.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaFFT.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaOrbit.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\View.GeoView.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaAnalyzerViewHostViewWrapper.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaAnalyzerViewHostGraphManager.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHost.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostViewWrapper.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaShared.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaSharedGui.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaManagedFFT.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaThreadSafeNativeFFT.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\GMap.NET.Core.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\GMap.NET.WindowsForms.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\System.Data.SQLite.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\SQLite.Interop.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\Plugins Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaFFT.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaOrbit.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaGraphManager.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaAnalyzerViewHostGraphManager.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.GeoView.dll Jump to behavior
Source: ibaAnalyzerSetup_x64_v7.3.6.exe Static PE information: certificate valid
Source: Binary string: D:\proj\ibafft\ibaNativeFFTWrapper\bin\x64\Release\ibaThreadSafeNativeFFT.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaThreadSafeNativeFFT.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\bin\x64\Release\ibaAnalyzer.pdb source: ibaAnalyzer.exe.0.dr
Source: Binary string: F:\LL\LL.Export_20\combit.ListLabel.Export.x64\bin\Release\v4.0\AnyCPU\DllExporter\combit.ListLabel20.Export.x64.pdbBSJB source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcr100.amd64.pdb source: msvcr100.dll.0.dr
Source: Binary string: C:\Users\mistachkin\Documents\checkouts\sqlite\dotnet\bin\2017\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.Core\obj\Release\net40\GMap.NET.Core.pdbSHA256 source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHost\obj\Release\ibaAnalyzerViewHost.pdb source: ibaAnalyzerViewHost.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostMaps\obj\Release\View.GeoView.pdbV7 source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmp, View.GeoView.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostMaps\obj\Release\View.GeoView.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmp, View.GeoView.dll.0.dr
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.WindowsForms\obj\Release\net40\GMap.NET.WindowsForms.pdbSHA256 source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaHDOffline\ibaHDOfflineActiveX\bin\x64\Release\ibaHDOfflineActiveX.pdb source: regsvr32.exe, 0000000F.00000002.664864019.00000000029A1000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: V:\_Project\scintilla410\scintilla\win32\x64\Release\SciLexer.pdb source: SciLexer.dll.0.dr
Source: Binary string: D:\proj\ibaFFT\ibaManagedFFT\obj\Release\ibaManagedFFT.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaManagedFFT.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostActiveX\bin\x64\Release\ibaAnalyzerViewHostActiveX.pdb source: regsvr32.exe, 00000016.00000002.720287948.0000000002726000.00000002.00000001.01000000.00000012.sdmp, regsvr32.exe, 00000016.00000002.722962885.00007FFA66866000.00000002.00000001.01000000.00000012.sdmp, ibaAnalyzerViewHostActiveX.ocx.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\bin\x64\Release\ibaAnalyzer.pdbf source: ibaAnalyzer.exe.0.dr
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.Core\obj\Release\net40\GMap.NET.Core.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr
Source: Binary string: c:\dev\sqlite\dotnet\obj\2010\System.Data.SQLite.2010\Release\System.Data.SQLite.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.WindowsForms\obj\Release\net40\GMap.NET.WindowsForms.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\projects\sharpziplib\src\ICSharpCode.SharpZipLib\obj\Release\net45\ICSharpCode.SharpZipLib.pdbSHA256 source: regsvr32.exe, 0000000F.00000002.665830211.000000001B5A2000.00000002.00000001.01000000.00000011.sdmp, regsvr32.exe, 00000016.00000002.720664341.00000000027E2000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostActiveX\bin\x64\Release\ibaAnalyzerViewHostActiveX.pdbBB' source: regsvr32.exe, 00000016.00000002.720287948.0000000002726000.00000002.00000001.01000000.00000012.sdmp, regsvr32.exe, 00000016.00000002.722962885.00007FFA66866000.00000002.00000001.01000000.00000012.sdmp, ibaAnalyzerViewHostActiveX.ocx.0.dr
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaGraphManager\obj\Release\View.ibaGraphManager.pdb source: View.ibaGraphManager.dll.0.dr
Source: Binary string: c:\Projects\16.1\BuildLabel\Temp\NetStudio.v16.1.2005\Win\DevExpress.XtraCharts\DevExpress.Sparkline.Core\obj\Release\DevExpress.Sparkline.v16.1.Core.pdb source: DevExpress.Sparkline.v16.1.Core.dll.0.dr
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaViewInterfaces\obj\Release\ibaViewInterfaces.pdb source: ibaViewInterfaces.dll.0.dr
Source: Binary string: C:\Proj\ibaPDA_7.3.x\Installer\nsSCMEx\Release\nsSCMEx.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\projects\sharpziplib\src\ICSharpCode.SharpZipLib\obj\Release\net45\ICSharpCode.SharpZipLib.pdb source: regsvr32.exe, 0000000F.00000002.665830211.000000001B5A2000.00000002.00000001.01000000.00000011.sdmp, regsvr32.exe, 00000016.00000002.720664341.00000000027E2000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaHDOffline\ibaHDOfflineActiveX\bin\x64\Release\ibaHDOfflineActiveX.pdb::' source: regsvr32.exe, 0000000F.00000002.664864019.00000000029A1000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaOnlineFFT\obj\Release\View.ibaFFT.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: F:\LL\LL.Export_20\combit.ListLabel.Export.x64\bin\Release\v4.0\AnyCPU\DllExporter\combit.ListLabel20.Export.x64.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaSharedGui\obj\Release\ibaSharedGui.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\proj\ibaFFT\ibaManagedFFT\obj\Release\ibaManagedFFT.pdb, source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaManagedFFT.dll.0.dr
Source: Binary string: D:\proj\ibafft\ibaNativeFFTWrapper\bin\x64\Release\ibaThreadSafeNativeFFT.pdb!! source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaThreadSafeNativeFFT.dll.0.dr
Contains functionality to get notified if a device is plugged in / out
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032ABFD0 WaitForInputIdle,GetCurrentProcess,GetCurrentProcess,WaitForInputIdle,FindWindowA,GetWindowThreadProcessId,PostThreadMessageA,RegisterClassExA,GetModuleHandleA,GetProcAddress,ShowWindow,RegisterDeviceNotificationA,PeekMessageA,DispatchMessageA,Sleep,GetLastError,FormatMessageA,UnregisterDeviceNotification,GetModuleHandleA,GetProcAddress,UnregisterClassA, 0_2_032ABFD0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_00405E61 FindFirstFileA,FindClose, 0_2_00405E61
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,SHELL32_IconCache_DoneExtractingIcons,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA, 0_2_0040548B
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_0040263E FindFirstFileA, 0_2_0040263E
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032D1866 FindFirstFileExW, 0_2_032D1866
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then movsxd rcx, qword ptr [r12+10h] 15_2_1B258BA0
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then mov rax, rcx 15_2_1B237B80
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then sub r11, 01h 15_2_1B26AA2C
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then sub r11, 01h 15_2_1B26AAD1
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then sub r11, 01h 15_2_1B26A96C
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then sub r11, 01h 15_2_1B26A9AC
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then sub r11, 01h 15_2_1B26A9E4
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then sub r11, 01h 15_2_1B26A83E
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then sub r11, 01h 15_2_1B26A8FE
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then sub r11, 01h 15_2_1B26A8D9
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then lea rbx, qword ptr [rsp+70h] 15_2_1B262FF0
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then mov rax, qword ptr [rdx] 15_2_1B232C00
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then movzx eax, byte ptr [rdx] 15_2_1B242310
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then cmp r9, qword ptr [rax+18h] 15_2_1B238340
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then movzx eax, byte ptr [rcx+rdx] 15_2_1B2622B0
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then mov eax, r10d 15_2_1B26B1C0
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then mov rcx, rax 15_2_1B2370B0
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then sub r11, 01h 15_2_1B26A73D
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then cmp dword ptr [rsp+rax*4+28h], edi 15_2_1B2697B0
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then cmp dword ptr [rsp+rcx*4+28h], ebx 15_2_1B2697B0
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then mov edx, dword ptr [rsp+r8*4+28h] 15_2_1B2697B0
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then cmp rcx, r8 15_2_1B2697B0
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then sub r11, 01h 15_2_1B26A798
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then sub r11, 01h 15_2_1B26A608
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then movsxd rbx, qword ptr [r14+10h] 15_2_1B2586A0
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then sub r11, 01h 15_2_1B26A699
Source: C:\Windows\System32\regsvr32.exe Code function: 4x nop then sub r11, 01h 15_2_1B26A510
Source: support.htm.0.dr String found in binary or memory: </p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://twitter.com/ibaagcom"><i class="fab fa-twitter-square"></i></a></div><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/iba-ag/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.xing.com/companies/ibaag-messtechnik-undautomatisierungssysteme"><i class="fab fa-xing"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/ibaagcom/"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div id="c1653" class="frame frame-default frame-type-text frame-layout-0 frame-background-none frame-no-backgroundimage frame-space-before-none frame-space-after-none"><div class="frame-container"><div class="frame-inner"><header class="frame-header"><h3 class="element-header text-left"><span>Europe</span></h3></header></div></div></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Austria &amp; Hungary</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Austria GmbH</span><br></div><div class="row"><div class="col-lg-7"><p>Hafenstra equals www.facebook.com (Facebook)
Source: support.htm.0.dr String found in binary or memory: </p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://twitter.com/ibaagcom"><i class="fab fa-twitter-square"></i></a></div><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/iba-ag/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.xing.com/companies/ibaag-messtechnik-undautomatisierungssysteme"><i class="fab fa-xing"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/ibaagcom/"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div id="c1653" class="frame frame-default frame-type-text frame-layout-0 frame-background-none frame-no-backgroundimage frame-space-before-none frame-space-after-none"><div class="frame-container"><div class="frame-inner"><header class="frame-header"><h3 class="element-header text-left"><span>Europe</span></h3></header></div></div></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Austria &amp; Hungary</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Austria GmbH</span><br></div><div class="row"><div class="col-lg-7"><p>Hafenstra equals www.linkedin.com (Linkedin)
Source: support.htm.0.dr String found in binary or memory: </p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://twitter.com/ibaagcom"><i class="fab fa-twitter-square"></i></a></div><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/iba-ag/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.xing.com/companies/ibaag-messtechnik-undautomatisierungssysteme"><i class="fab fa-xing"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/ibaagcom/"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div id="c1653" class="frame frame-default frame-type-text frame-layout-0 frame-background-none frame-no-backgroundimage frame-space-before-none frame-space-after-none"><div class="frame-container"><div class="frame-inner"><header class="frame-header"><h3 class="element-header text-left"><span>Europe</span></h3></header></div></div></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Austria &amp; Hungary</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Austria GmbH</span><br></div><div class="row"><div class="col-lg-7"><p>Hafenstra equals www.twitter.com (Twitter)
Source: support.htm.0.dr String found in binary or memory: <br><!--small class="text-muted">Email:</small><br--><a href="mailto:info@iba-scandinavia.com">info@iba-scandinavia.com</a></p><!-- KONTAKT 2 --><p><a href="mailto:"></a></p><!-- KONTAKT 3 --><p><a href="mailto:"></a></p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/begner-agenturer-ab/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/begneragenturer/"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Russian Federation</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">OOO iba Russia</span><br></div><div class="row"><div class="col-lg-7"><p>Prospekt Pobedy 29, Off. 411<br> 398024 Lipetsk</p> equals www.facebook.com (Facebook)
Source: support.htm.0.dr String found in binary or memory: <br><!--small class="text-muted">Email:</small><br--><a href="mailto:info@iba-scandinavia.com">info@iba-scandinavia.com</a></p><!-- KONTAKT 2 --><p><a href="mailto:"></a></p><!-- KONTAKT 3 --><p><a href="mailto:"></a></p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/begner-agenturer-ab/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/begneragenturer/"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Russian Federation</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">OOO iba Russia</span><br></div><div class="row"><div class="col-lg-7"><p>Prospekt Pobedy 29, Off. 411<br> 398024 Lipetsk</p> equals www.linkedin.com (Linkedin)
Source: support.htm.0.dr String found in binary or memory: <br><!--small class="text-muted">Email:</small><br--><a href="mailto:sales@iba-benelux.com">sales@iba-benelux.com</a></p><!-- KONTAKT 2 --><p><small class="text-muted" style="opacity: 0.8">Support:</small><br><!--f:translate key="LLL:fileadmin/templates/lang/locallang.xlf:email" />: --><a href="mailto:support@iba-benelux.com">support@iba-benelux.com</a></p><!-- KONTAKT 3 --><p><a href="mailto:"></a></p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/ibabeneluxbvba/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/iba-Benelux-BV-107066907754065"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Spain, Portugal</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Ib equals www.facebook.com (Facebook)
Source: support.htm.0.dr String found in binary or memory: <br><!--small class="text-muted">Email:</small><br--><a href="mailto:sales@iba-benelux.com">sales@iba-benelux.com</a></p><!-- KONTAKT 2 --><p><small class="text-muted" style="opacity: 0.8">Support:</small><br><!--f:translate key="LLL:fileadmin/templates/lang/locallang.xlf:email" />: --><a href="mailto:support@iba-benelux.com">support@iba-benelux.com</a></p><!-- KONTAKT 3 --><p><a href="mailto:"></a></p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/ibabeneluxbvba/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/iba-Benelux-BV-107066907754065"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Spain, Portugal</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Ib equals www.linkedin.com (Linkedin)
Source: support.htm.0.dr String found in binary or memory: <br><!--small class="text-muted">Email:</small><br--><a href="mailto:support@iba-italia.com">support@iba-italia.com</a></p><!-- KONTAKT 2 --><p><a href="mailto:"></a></p><!-- KONTAKT 3 --><p><a href="mailto:"></a></p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/iba-italia-srl/"><i class="fab fa-linkedin"></i></a></div></div></div></div><hr></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Poland</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Polska</span><br> equals www.linkedin.com (Linkedin)
Source: support.htm.0.dr String found in binary or memory: <br><!--small class="text-muted">Email:</small><br--><a href="mailto:support@iba-polska.com">support@iba-polska.com</a></p><!-- KONTAKT 2 --><p><a href="mailto:"></a></p><!-- KONTAKT 3 --><p><a href="mailto:"></a></p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/adegis/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/ADEGIS.we.care.a.lot/"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Denmark, Finland, Norway, Sweden</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Scandinavia</span><br> equals www.facebook.com (Facebook)
Source: support.htm.0.dr String found in binary or memory: <br><!--small class="text-muted">Email:</small><br--><a href="mailto:support@iba-polska.com">support@iba-polska.com</a></p><!-- KONTAKT 2 --><p><a href="mailto:"></a></p><!-- KONTAKT 3 --><p><a href="mailto:"></a></p></div></div></div><div class="col-md-1 offset-md-0 col-12"><div class="row dce-addresses-social-media-wrap"><div class="col-12"><a target="_blank" href="https://www.linkedin.com/company/adegis/"><i class="fab fa-linkedin"></i></a></div><div class="col-12"><a target="_blank" href="https://www.facebook.com/ADEGIS.we.care.a.lot/"><i class="fab fa-facebook-square"></i></a></div></div></div></div><hr></div> <div class="container" style="padding: 0px;"><div class="row" style="padding: 0px; padding-bottom: 10px;"><div class="col-md-3 col-12"><span style="font-weight: 100; margin-bottom: 30px; max-width: 90%; line-height: 0.9; color: #037748;">Denmark, Finland, Norway, Sweden</span></div><div class="col-md-8 col-12"><div style="padding-left: 20px;"><span style="font-size: 20px; font-weight: 600;">iba Scandinavia</span><br> equals www.linkedin.com (Linkedin)
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://4umaps.eu/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ajax.aspnetcdn.com/ajax/jquery.mobile/1.3.2/jquery.mobile-1.3.2.min.css
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ajax.aspnetcdn.com/ajax/jquery.mobile/1.3.2/jquery.mobile-1.3.2.min.js
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ajax.aspnetcdn.com/ajax/jquery/jquery-1.9.1.min.js
Source: ibaAnalyzer.exe.0.dr String found in binary or memory: http://analyzer-doc.iba-ag.com/%TEMP%
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://code.jquery.com/jquery-1.9.1.min.js
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.css
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.js
Source: DevExpress.Sparkline.v16.1.Core.dll.0.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://dc1.maps.lt/cache/mapslt_25d_vkkp/map/_alllayers/L
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://dc1.maps.lt/cache/mapslt_ortofoto_2010/map/_alllayers/L
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://dc5.maps.lt/cache/mapslt/map/_alllayers/L
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://dc5.maps.lt/cache/mapslt_ortofoto/map/_alllayers/L
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://dc5.maps.lt/cache/mapslt_ortofoto_overlay/map/_alllayers/L
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://dc5.maps.lt/cache/mapslt_relief_vector/map/_alllayers/L
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://dev.virtualearth.net/REST/V1/Imagery/Metadata/
Source: GMap.NET.Core.dll.0.dr String found in binary or memory: http://dev.virtualearth.net/REST/V1/Routes/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://dev.virtualearth.net/REST/v1/Locations?
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=0&fmt=1&type=
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://earth.google.com/kml/2.0
Source: GMap.NET.Core.dll.0.dr String found in binary or memory: http://ecn.t
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://greatmaps.codeplex.com
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://greatmaps.codeplex.com/discussions/252531
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://mapbender.wheregroup.com/cgi-bin/mapserv?map=/data/umn/osm/osm_basic.map&VERSION=1.1.1&REQUES
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://maps.yahoo.com/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: ibaAnalyzerSetup_x64_v7.3.6.exe String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: DevExpress.Sparkline.v16.1.Core.dll.0.dr String found in binary or memory: http://ocsp.thawte.com0
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://openseamap.org/ghttp://tiles.openseamap.org/seamark/
Source: versions.htm.0.dr String found in binary or memory: http://redmine.iba-ag.local/issues/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://routes.cloudmade.com/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/ESRI_Imagery_World_2D/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/ESRI_ShadedRelief_World_2D/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/ESRI_StreetMap_World_2D/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/NGS_Topo_US_2D/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/World_Physical_Map/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/World_Shaded_Relief/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/World_Street_Map/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/World_Terrain_Base/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://server.arcgisonline.com/ArcGIS/rest/services/World_Topo_Map/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://services.maps.lt/mapsk_services/rest/services/ikartelv/MapServer/tile/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://sigpac.mapa.es/kmlserver/raster/
Source: regsvr32.exe, 0000000F.00000002.665662339.000000001B422000.00000002.00000010.01000000.00000010.sdmp, regsvr32.exe, 00000016.00000002.719288765.00000000025D2000.00000002.00000001.01000000.00000010.sdmp String found in binary or memory: http://sourceforge.net/projects/nspring)
Source: regsvr32.exe, 0000000F.00000002.665662339.000000001B422000.00000002.00000010.01000000.00000010.sdmp, regsvr32.exe, 00000016.00000002.719288765.00000000025D2000.00000002.00000001.01000000.00000010.sdmp String found in binary or memory: http://sourceforge.net/projects/nspring).
Source: DevExpress.Sparkline.v16.1.Core.dll.0.dr String found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: DevExpress.Sparkline.v16.1.Core.dll.0.dr String found in binary or memory: http://t2.symcb.com0
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://tiles.ump.waw.pl/ump_tiles/
Source: DevExpress.Sparkline.v16.1.Core.dll.0.dr String found in binary or memory: http://tl.symcb.com/tl.crl0
Source: DevExpress.Sparkline.v16.1.Core.dll.0.dr String found in binary or memory: http://tl.symcb.com/tl.crt0
Source: DevExpress.Sparkline.v16.1.Core.dll.0.dr String found in binary or memory: http://tl.symcd.com0&
Source: DevExpress.Sparkline.v16.1.Core.dll.0.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: DevExpress.Sparkline.v16.1.Core.dll.0.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: DevExpress.Sparkline.v16.1.Core.dll.0.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://ump.waw.pl/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://wego.here.com/w
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://where.yahooapis.com/geocode?country=
Source: GMap.NET.Core.dll.0.dr String found in binary or memory: http://where.yahooapis.com/geocode?q=
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://wikimapia.org/S
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://www.4umaps.eu/map.htmu
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://www.darb.ae/ArcGIS/rest/services/BaseMaps/Q2_2011_NAVTQ_Eng_V5/MapServer/tile/
Source: DevExpress.Sparkline.v16.1.Core.dll.0.dr String found in binary or memory: http://www.devexpress.com/0/
Source: regsvr32.exe, 0000000F.00000002.665556769.000000001B39F000.00000002.00000001.01000000.0000000F.sdmp, ibaRunTime64.dll.0.dr String found in binary or memory: http://www.dnguard.net/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000003.498976131.00000000006F6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.iba-ag.com.
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://www.ikarte.lv/default.aspx?lang=en
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://www.maps.lt/map/K
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://www.mapy.cz/I6A1AF99A-84C6-4EF6-91A5-77B9D03257C2
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://www.nearmap.com/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://www.opencyclemap.org/whttp://
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://www.topografix.com/GPX/1/1
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://www.topografix.com/GPX/1/1D
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://www.topografix.com/GPX/1/1T
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: http://www.yournavigation.org/api/1.0/gosmore.php?format=kml&flat=
Source: View.GeoView.dll.0.dr String found in binary or memory: https://api.maptiler.com/maps/
Source: View.GeoView.dll.0.dr String found in binary or memory: https://api.maptiler.com/maps/tiles/Basic?key=_Software
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: https://kso.etjanster.lantmateriet.se/?lang=en#
Source: GMap.NET.Core.dll.0.dr String found in binary or memory: https://kso.etjanster.lantmateriet.se/karta/topowebb/v1.1/wmts?SERVICE=WMTS&REQUEST=GetTile&VERSION=
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: https://mapserver.mapy.cz/turist-m/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: https://nominatim.openstreetmap.org/reverse?format=xml&lat=
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: https://nominatim.openstreetmap.org/search?q=
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr String found in binary or memory: https://nominatim.openstreetmap.org/search?street=
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://system.data.sqlite.org/
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://system.data.sqlite.org/X
Source: support.htm.0.dr String found in binary or memory: https://twitter.com/ibaagcom
Source: support.htm.0.dr String found in binary or memory: https://www.linkedin.com/company/adegis/
Source: support.htm.0.dr String found in binary or memory: https://www.linkedin.com/company/begner-agenturer-ab/
Source: support.htm.0.dr String found in binary or memory: https://www.linkedin.com/company/iba-ag/
Source: support.htm.0.dr String found in binary or memory: https://www.linkedin.com/company/iba-italia-srl/
Source: support.htm.0.dr String found in binary or memory: https://www.linkedin.com/company/ibabeneluxbvba/
Source: View.GeoView.dll.0.dr String found in binary or memory: https://www.maptiler.com/#providersComboBox
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.sqlite.org/copyright.html2
Source: DevExpress.Sparkline.v16.1.Core.dll.0.dr String found in binary or memory: https://www.thawte.com/cps0/
Source: DevExpress.Sparkline.v16.1.Core.dll.0.dr String found in binary or memory: https://www.thawte.com/repository0W
Source: support.htm.0.dr String found in binary or memory: https://www.xing.com/companies/ibaag-messtechnik-undautomatisierungssysteme
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032A7450 GetTickCount,select,GetTickCount,GetTickCount,recv,recv,__WSAFDIsSet,__WSAFDIsSet, 0_2_032A7450
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_031C1D4E GetDlgCtrlID,OpenClipboard,GetClipboardData,GlobalLock,lstrlenA,SendMessageA,GlobalUnlock,CloseClipboard,CallWindowProcA, 0_2_031C1D4E
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_00405042
Uses 32bit PE files
Source: ibaAnalyzerSetup_x64_v7.3.6.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_0040323C EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess, 0_2_0040323C
Detected potential crypto function
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_00404853 0_2_00404853
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_00406131 0_2_00406131
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032DB348 0_2_032DB348
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032A5220 0_2_032A5220
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032A2200 0_2_032A2200
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032B9290 0_2_032B9290
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032C41D8 0_2_032C41D8
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032DB081 0_2_032DB081
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032DB603 0_2_032DB603
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032C440C 0_2_032C440C
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032D44CD 0_2_032D44CD
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032D94C3 0_2_032D94C3
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032D5B1A 0_2_032D5B1A
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032DAA65 0_2_032DAA65
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032C7930 0_2_032C7930
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032A2970 0_2_032A2970
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032CF8AE 0_2_032CF8AE
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032C3FA4 0_2_032C3FA4
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032D7EA8 0_2_032D7EA8
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032A2EE0 0_2_032A2EE0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032D7D84 0_2_032D7D84
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032A1DF0 0_2_032A1DF0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032DADD7 0_2_032DADD7
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B38E9F0 15_2_1B38E9F0
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B38DD2C 15_2_1B38DD2C
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B2447C0 15_2_1B2447C0
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B394A2E 15_2_1B394A2E
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B241A00 15_2_1B241A00
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B233420 15_2_1B233420
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B263920 15_2_1B263920
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B3929AB 15_2_1B3929AB
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B38C811 15_2_1B38C811
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B264F60 15_2_1B264F60
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B26BFE0 15_2_1B26BFE0
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B262FF0 15_2_1B262FF0
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B25CEF0 15_2_1B25CEF0
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B393C30 15_2_1B393C30
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B39331A 15_2_1B39331A
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B25B300 15_2_1B25B300
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B266300 15_2_1B266300
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B261350 15_2_1B261350
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B260220 15_2_1B260220
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B26C240 15_2_1B26C240
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B2641F0 15_2_1B2641F0
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B26B1C0 15_2_1B26B1C0
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B238FF0 15_2_1B238FF0
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B25C050 15_2_1B25C050
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B24F470 15_2_1B24F470
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B266080 15_2_1B266080
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B269080 15_2_1B269080
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B23B740 15_2_1B23B740
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B38D750 15_2_1B38D750
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B2637B0 15_2_1B2637B0
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B2341D0 15_2_1B2341D0
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B26A510 15_2_1B26A510
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B23B580 15_2_1B23B580
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B267430 15_2_1B267430
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B265410 15_2_1B265410
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_00007FF9EE5F2509 15_2_00007FF9EE5F2509
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_00007FF9EE5F1337 15_2_00007FF9EE5F1337
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_00007FF9EE5ED90A 15_2_00007FF9EE5ED90A
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_00007FF9EE5EC330 15_2_00007FF9EE5EC330
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: String function: 032BE8A0 appears 44 times
Contains functionality to launch a process as a different user
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032B5800 MultiByteToWideChar,MultiByteToWideChar,GlobalAlloc,GlobalAlloc,MultiByteToWideChar,MultiByteToWideChar,GlobalAlloc,MultiByteToWideChar,MultiByteToWideChar,GlobalAlloc,MultiByteToWideChar,MultiByteToWideChar,GlobalAlloc,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GlobalAlloc,MultiByteToWideChar,CreateProcessWithLogonW,CloseHandle,CloseHandle,CloseHandle,GetLastError,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree, 0_2_032B5800
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032A1780: DeviceIoControl,CloseHandle,DeviceIoControl,CloseHandle,CloseHandle,CloseHandle, 0_2_032A1780
Sample file is different than original file name gathered from version info
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameView.GeoView.dll8 vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: lbHash%lbOriginalFilename vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 2>>lbOriginalFilename.Name vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 6>>lbOriginalFilename.Parent vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 2>>lbOriginalFilename.Type vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 6>>lbOriginalFilename.ZOrder vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 6lbOriginalFilename.AutoSize vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 6lbOriginalFilename.Location vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: .lbOriginalFilename.SizeS vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: 6lbOriginalFilename.TabIndex vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: .lbOriginalFilename.Text vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: lbOriginalFilename vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameibaSharedGui.dll. vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameibaManagedFFT.dll< vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameibaThreadSafeNativeFFT_2015. vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameGMap.NET.Core.dll< vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameGMap.NET.WindowsForms.dllL vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSystem.Data.SQLite.dllH vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSQLite.Interop.dllF vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameView.ibaFFT.dll. vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamecombit.ListLabel20.Export.x64.dll< vs ibaAnalyzerSetup_x64_v7.3.6.exe
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.749163612.00000000032F4000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: OriginalFilenamensSCMEx.dllZ vs ibaAnalyzerSetup_x64_v7.3.6.exe
PE file contains strange resources
Source: ibaAnalyzerSetup_x64_v7.3.6.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Tries to load missing DLLs
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Section loaded: mpiwin32.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Contains functionality to delete services
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032B45E0 Remove,OpenSCManagerA,CloseServiceHandle,GlobalAlloc,wsprintfA,GlobalAlloc,lstrcpyA,GlobalFree,OpenServiceA,GlobalFree,DeleteService,CloseServiceHandle,CloseServiceHandle,GlobalFree,CloseServiceHandle,CloseServiceHandle, 0_2_032B45E0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File read: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Jump to behavior
Source: ibaAnalyzerSetup_x64_v7.3.6.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe "C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe"
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaHDOfflineActiveX.ocx
Source: C:\Windows\SysWOW64\regsvr32.exe Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\iba\ibaAnalyzer\ibaHDOfflineActiveX.ocx"
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx
Source: C:\Windows\SysWOW64\regsvr32.exe Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx"
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaHDOfflineActiveX.ocx Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Process created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\iba\ibaAnalyzer\ibaHDOfflineActiveX.ocx" Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx" Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032AE6D0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle, 0_2_032AE6D0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032B5A00 MultiByteToWideChar,GlobalFree,GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,GetShellWindow,GetWindowThreadProcessId,OpenProcess,OpenProcessToken,GetLastError,DuplicateTokenEx,LoadLibraryA,GetProcAddress,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,GetLastError, 0_2_032B5A00
Source: C:\Windows\System32\regsvr32.exe File created: C:\Users\user\AppData\Roaming\iba Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Users\user\AppData\Local\Temp\nshAD.tmp Jump to behavior
Source: classification engine Classification label: sus24.evad.winEXE@9/99@0/0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_00402020 CoCreateInstance,MultiByteToWideChar, 0_2_00402020
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: Install,OpenSCManagerA,CloseServiceHandle,GlobalAlloc,wsprintfA,GlobalAlloc,lstrcpyA,GlobalFree,GlobalFree,GlobalAlloc,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalAlloc,GlobalFree,GlobalFree,GlobalFree,GlobalAlloc,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalAlloc,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalAlloc,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,___from_strstr_to_strchr,GlobalAlloc,lstrcpyA,GlobalFree,GlobalAlloc,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CreateServiceA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GetLastError,CloseServiceHandle,CloseServiceHandle,GlobalFree,GlobalFree,GlobalFree,CloseServiceHandle,CloseServiceHandle, 0_2_032B3500
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_00404356 GetDlgItem,SetWindowTextA,SHAutoComplete,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, 0_2_00404356
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr Binary or memory string: INSERT INTO Tiles(X, Y, Zoom, Type, CacheTime) SELECT X, Y, Zoom, Type, CacheTime FROM Source.Tiles WHERE id={0}; INSERT INTO TilesData(id, Tile) Values((SELECT last_insert_rowid()), (SELECT Tile FROM Source.TilesData WHERE id={0}));/DETACH DATABASE Source;
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr Binary or memory string: SELECT id FROM Tiles WHERE X={0} AND Y={1} AND Zoom={2} AND Type={3};
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr Binary or memory string: create table large (a); insert into large values (zeroblob({0})); drop table large;
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr Binary or memory string: CREATE TABLE IF NOT EXISTS TilesData (id INTEGER NOT NULL PRIMARY KEY CONSTRAINT fk_Tiles_id REFERENCES Tiles(id) ON DELETE CASCADE, Tile BLOB NULL);
Source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032ABFD0 WaitForInputIdle,GetCurrentProcess,GetCurrentProcess,WaitForInputIdle,FindWindowA,GetWindowThreadProcessId,PostThreadMessageA,RegisterClassExA,GetModuleHandleA,GetProcAddress,ShowWindow,RegisterDeviceNotificationA,PeekMessageA,DispatchMessageA,Sleep,GetLastError,FormatMessageA,UnregisterDeviceNotification,GetModuleHandleA,GetProcAddress,UnregisterClassA, 0_2_032ABFD0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032B4D00 Start,OpenSCManagerA,CloseServiceHandle,GlobalAlloc,wsprintfA,GlobalAlloc,lstrcpyA,GlobalFree,OpenServiceA,GlobalFree,GetLastError,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GlobalFree,CloseServiceHandle,CloseServiceHandle, 0_2_032B4D00
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B246890 FindResourceA,LoadResource,LockResource,SizeofResource,WideCharToMultiByte,WideCharToMultiByte, 15_2_1B246890
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File written: C:\Users\user\AppData\Local\Temp\nss310.tmp\licenseserveroptions.ini Jump to behavior
Source: ICSharpCode.SharpZipLib.dll.0.dr, ICSharpCode.SharpZipLib/Zip/Compression/Streams/InflaterInputBuffer.cs Cryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.0.dr, ICSharpCode.SharpZipLib/Zip/Compression/Streams/InflaterInputBuffer.cs Cryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.0.dr, ICSharpCode.SharpZipLib/Zip/Compression/Streams/DeflaterOutputStream.cs Cryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.0.dr, ICSharpCode.SharpZipLib/Encryption/ZipAESTransform.cs Cryptographic APIs: 'TransformBlock'
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Automated click: Next >
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Automated click: I Agree
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Automated click: Next >
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Automated click: Next >
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Automated click: Install
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Window detected: < &BackI &AgreeCanceliba AG iba AGLicense AgreementPlease review the license terms before installing ibaAnalyzer v7.3.6 (x64).Press Page Down to see the rest of the agreement.LICENSE AGREEMENT for ibaAnalyzer (hereinafter referred to as SOFTWARE)Copyright iba AG. All Rights Reserved.YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE AGREEMENT BY INSTALLING COPYING OR OTHERWISE USING THE SOFTWARE. IF YOU DO NOT AGREE DO NOT INSTALL COPY OR USE THE SOFTWARE 1. GRANT OF LICENSE. iba AG grants the customer a non-transferable non-exclusive right to use the SOFTWARE under the provisions of this LICENSE AGREEMENT.(1) LICENSE PROTECTIONThe SOFTWARE provided contains technical features intended to prevent unlicensed use. (a) Cost free license for standard functions iba AG grants a cost free license for use of the standard features of the product if a genuine iba file format is opened. Each time such a genuine file is opened a cost free single use license for this program is intrinsically granted. Genuine in this context means that the measurement file has been produced with a correctly licensed iba SOFTWARE which can be ibaPDA ibaLogic ibaAnalyzer ibaDatCoordinator or ibaFiles. (b) Purchased license for special functions Use of special functions in the SOFTWARE requires a purchased license. The use of these functions is allowed only if the purchased license dongle (USB hardware key) carries the associated license information. The license dongle must be plugged into a port on the PC suitable for the purpose and may not be removed while the functions requiring the license are being used. The license is issued to the end user name specified in the order and is not transferrable. The license may also be managed by a license server for multiple users within the same organization. (2) ACTIONS EXCLUDED FROM THE LICENSE(a) You may not amend modify or edit the SOFTWARE. The modification or removal of trademarks copyrights and other IP protection notices is expressively forbidden. (b) You may not reverse engineer decompile or disassemble the SOFTWARE except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.(c) You may not reproduce the SOFTWARE for the purpose of passing it to third parties.(3) NON TRANSFERABILITYThe license is not transferable. The customer only has the right to transfer the rights of use of the SOFTWARE to a third party if the license has already been issued in the name of this third party or has been changed to this name by iba AG.(4) GENUINE iba FILE FORMATThe genuine iba file formats in its different versions are intellectual property of iba AG. Any file generated by a third party product with a similar or different format requires the purchase of a proper license from iba AG. Unlicensed generation of the genuine iba file format is illegal and subject to legal action. iba AG reserves the right to modify the genuine file formats at any time without notice.2. DESCRIPTION OF OTH
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\System32\regsvr32.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: ibaAnalyzerSetup_x64_v7.3.6.exe Static file information: File size 69983376 > 1048576
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzer.exe Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\SciLexer.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\versions.htm Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\License_Agreement_ibaAnalyzer.pdf Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\support.htm Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractor.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractorMC.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\reg_dataextractorMC.bat Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\reg_dataextractor.bat Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\mkl64_parallel.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\libiomp5md.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\msvcr100.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\msvcp100.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Data.v16.1.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Printing.v16.1.Core.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Sparkline.v16.1.Core.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Utils.v16.1.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraEditors.v16.1.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraGrid.v16.1.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraPrinting.v16.1.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\DotNetMagic2005.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\hdClientInterfaces.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\hdCommon.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaUser.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaUser.Forms.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaHdViewUtilities.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaLogger.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ICSharpCode.SharpZipLib.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaViewInterfaces.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaViewUtilities.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaPdaServerInterfaces.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaExpressions.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaPdaPluginInterface.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\OverlayWindow.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\PowerCollections.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\View.ibaEventTable.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\View.ibaGraphManager.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaHDOffline.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaHdOfflineActiveX.ocx Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\hdClient.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\hdCore.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaRunTime64.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\hdClient.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\ibaHDOffline.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\hdCommon.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.Forms.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\ibaViewUtilities.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaEventTable.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaGraphManager.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\ibaShared.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\ibaSharedGui.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaFFT.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaOrbit.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\View.GeoView.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\ibaAnalyzerViewHostViewWrapper.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaAnalyzerViewHostGraphManager.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\hdClient.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaHDOffline.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\hdCommon.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.Forms.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaViewUtilities.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaEventTable.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaGraphManager.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaShared.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaSharedGui.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaFFT.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaOrbit.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\View.GeoView.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\ibaAnalyzerViewHostViewWrapper.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaAnalyzerViewHostGraphManager.resources.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHost.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostViewWrapper.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaShared.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaSharedGui.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaManagedFFT.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\ibaThreadSafeNativeFFT.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\GMap.NET.Core.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\GMap.NET.WindowsForms.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\System.Data.SQLite.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\SQLite.Interop.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\Plugins Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaFFT.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaOrbit.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaGraphManager.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaAnalyzerViewHostGraphManager.dll Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Directory created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.GeoView.dll Jump to behavior
Source: ibaAnalyzerSetup_x64_v7.3.6.exe Static PE information: certificate valid
Source: Binary string: D:\proj\ibafft\ibaNativeFFTWrapper\bin\x64\Release\ibaThreadSafeNativeFFT.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaThreadSafeNativeFFT.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\bin\x64\Release\ibaAnalyzer.pdb source: ibaAnalyzer.exe.0.dr
Source: Binary string: F:\LL\LL.Export_20\combit.ListLabel.Export.x64\bin\Release\v4.0\AnyCPU\DllExporter\combit.ListLabel20.Export.x64.pdbBSJB source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcr100.amd64.pdb source: msvcr100.dll.0.dr
Source: Binary string: C:\Users\mistachkin\Documents\checkouts\sqlite\dotnet\bin\2017\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.Core\obj\Release\net40\GMap.NET.Core.pdbSHA256 source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHost\obj\Release\ibaAnalyzerViewHost.pdb source: ibaAnalyzerViewHost.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostMaps\obj\Release\View.GeoView.pdbV7 source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmp, View.GeoView.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostMaps\obj\Release\View.GeoView.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.716046472.0000000000409000.00000004.00000001.01000000.00000003.sdmp, View.GeoView.dll.0.dr
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.WindowsForms\obj\Release\net40\GMap.NET.WindowsForms.pdbSHA256 source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaHDOffline\ibaHDOfflineActiveX\bin\x64\Release\ibaHDOfflineActiveX.pdb source: regsvr32.exe, 0000000F.00000002.664864019.00000000029A1000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: V:\_Project\scintilla410\scintilla\win32\x64\Release\SciLexer.pdb source: SciLexer.dll.0.dr
Source: Binary string: D:\proj\ibaFFT\ibaManagedFFT\obj\Release\ibaManagedFFT.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaManagedFFT.dll.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostActiveX\bin\x64\Release\ibaAnalyzerViewHostActiveX.pdb source: regsvr32.exe, 00000016.00000002.720287948.0000000002726000.00000002.00000001.01000000.00000012.sdmp, regsvr32.exe, 00000016.00000002.722962885.00007FFA66866000.00000002.00000001.01000000.00000012.sdmp, ibaAnalyzerViewHostActiveX.ocx.0.dr
Source: Binary string: D:\proj\PdaOffline_7.3.x\bin\x64\Release\ibaAnalyzer.pdbf source: ibaAnalyzer.exe.0.dr
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.Core\obj\Release\net40\GMap.NET.Core.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, GMap.NET.Core.dll.0.dr
Source: Binary string: c:\dev\sqlite\dotnet\obj\2010\System.Data.SQLite.2010\Release\System.Data.SQLite.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\jleon\Source\Repos\GMap.NET\GMap.NET\GMap.NET.WindowsForms\obj\Release\net40\GMap.NET.WindowsForms.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\projects\sharpziplib\src\ICSharpCode.SharpZipLib\obj\Release\net45\ICSharpCode.SharpZipLib.pdbSHA256 source: regsvr32.exe, 0000000F.00000002.665830211.000000001B5A2000.00000002.00000001.01000000.00000011.sdmp, regsvr32.exe, 00000016.00000002.720664341.00000000027E2000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaAnalyzerViewHost\ibaAnalyzerViewHostActiveX\bin\x64\Release\ibaAnalyzerViewHostActiveX.pdbBB' source: regsvr32.exe, 00000016.00000002.720287948.0000000002726000.00000002.00000001.01000000.00000012.sdmp, regsvr32.exe, 00000016.00000002.722962885.00007FFA66866000.00000002.00000001.01000000.00000012.sdmp, ibaAnalyzerViewHostActiveX.ocx.0.dr
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaGraphManager\obj\Release\View.ibaGraphManager.pdb source: View.ibaGraphManager.dll.0.dr
Source: Binary string: c:\Projects\16.1\BuildLabel\Temp\NetStudio.v16.1.2005\Win\DevExpress.XtraCharts\DevExpress.Sparkline.Core\obj\Release\DevExpress.Sparkline.v16.1.Core.pdb source: DevExpress.Sparkline.v16.1.Core.dll.0.dr
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaViewInterfaces\obj\Release\ibaViewInterfaces.pdb source: ibaViewInterfaces.dll.0.dr
Source: Binary string: C:\Proj\ibaPDA_7.3.x\Installer\nsSCMEx\Release\nsSCMEx.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.749000339.00000000032DC000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\projects\sharpziplib\src\ICSharpCode.SharpZipLib\obj\Release\net45\ICSharpCode.SharpZipLib.pdb source: regsvr32.exe, 0000000F.00000002.665830211.000000001B5A2000.00000002.00000001.01000000.00000011.sdmp, regsvr32.exe, 00000016.00000002.720664341.00000000027E2000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\proj\PdaOffline_7.3.x\ibaHDOffline\ibaHDOfflineActiveX\bin\x64\Release\ibaHDOfflineActiveX.pdb::' source: regsvr32.exe, 0000000F.00000002.664864019.00000000029A1000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaOnlineFFT\obj\Release\View.ibaFFT.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: F:\LL\LL.Export_20\combit.ListLabel.Export.x64\bin\Release\v4.0\AnyCPU\DllExporter\combit.ListLabel20.Export.x64.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\proj\ibaPDAv7.3.x\ibaSharedGui\obj\Release\ibaSharedGui.pdb source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\proj\ibaFFT\ibaManagedFFT\obj\Release\ibaManagedFFT.pdb, source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaManagedFFT.dll.0.dr
Source: Binary string: D:\proj\ibafft\ibaNativeFFTWrapper\bin\x64\Release\ibaThreadSafeNativeFFT.pdb!! source: ibaAnalyzerSetup_x64_v7.3.6.exe, 00000000.00000002.719730623.00000000026E4000.00000004.00000800.00020000.00000000.sdmp, ibaThreadSafeNativeFFT.dll.0.dr
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032DA528 push ecx; ret 0_2_032DA526
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032BE8E6 push ecx; ret 0_2_032BE8F9
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_10002A10 push eax; ret 0_2_10002A3E
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_02977357 push 00000028h; iretd 15_2_02977359
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_02974FDB push 00000028h; retf 15_2_02974FE9
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B2DCE8E push rdi; ret 15_2_1B2DCFF3
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B296C2C push rdi; retf 15_2_1B296C30
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_00007FFA668C4FDB push 00000028h; retf 15_2_00007FFA668C4FE9
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_00007FFA668C7357 push 00000028h; iretd 15_2_00007FFA668C7359
Source: C:\Windows\System32\regsvr32.exe Code function: 22_2_027170A9 push 00000028h; retf 22_2_027170B5
Source: C:\Windows\System32\regsvr32.exe Code function: 22_2_02716F05 push 00000028h; retf 22_2_02716F17
Source: C:\Windows\System32\regsvr32.exe Code function: 22_2_00007FFA66856F05 push 00000028h; retf 22_2_00007FFA66856F17
Source: C:\Windows\System32\regsvr32.exe Code function: 22_2_00007FFA668570A9 push 00000028h; retf 22_2_00007FFA668570B5
PE file contains sections with non-standard names
Source: ibaRunTime64.dll.0.dr Static PE information: section name: .hvm
Source: ibaRunTime64.dll.0.dr Static PE information: section name: .hvm0
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress, 0_2_00405E88
Binary contains a suspicious time stamp
Source: ICSharpCode.SharpZipLib.dll.0.dr Static PE information: 0xEE450951 [Mon Sep 3 09:09:37 2096 UTC]
Drops PE files
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\System.Data.SQLite.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\fr\ibaAnalyzerViewHostViewWrapper.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaPdaServerInterfaces.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaOrbit.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaUser.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaFFT.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractor.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\View.ibaGraphManager.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzer.exe Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaExpressions.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\de\hdCommon.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\libiomp5md.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\msvcp100.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaRunTime64.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\msvcr100.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\mkl64_parallel.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Utils.v16.1.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.GeoView.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\fr\ibaShared.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\OverlayWindow.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaHdViewUtilities.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\fr\hdCommon.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaHDOffline.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaShared.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\fr\ibaViewUtilities.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaManagedFFT.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\SQLite.Interop.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Users\user\AppData\Local\Temp\nss310.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Users\user\AppData\Local\Temp\nss310.tmp\SimpleSC.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\de\View.GeoView.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\de\ibaViewUtilities.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Users\user\AppData\Local\Temp\nss310.tmp\InstallOptions.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaGraphManager.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaUser.Forms.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.Forms.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostViewWrapper.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\fr\View.GeoView.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraGrid.v16.1.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaGraphManager.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\hdCore.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\fr\hdClient.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\fr\ibaHDOffline.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Sparkline.v16.1.Core.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.Forms.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHost.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaGraphManager.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaAnalyzerViewHostGraphManager.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\GMap.NET.WindowsForms.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\de\ibaSharedGui.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaOrbit.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\DotNetMagic2005.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraEditors.v16.1.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaEventTable.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaFFT.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\SciLexer.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaAnalyzerViewHostGraphManager.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Printing.v16.1.Core.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\de\hdClient.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\de\View.ibaAnalyzerViewHostGraphManager.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\de\ibaShared.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaSharedGui.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\GMap.NET.Core.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\hdClientInterfaces.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\View.ibaEventTable.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\de\ibaHDOffline.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaPdaPluginInterface.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaOrbit.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Users\user\AppData\Local\Temp\nss310.tmp\nsSCMEx.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\DevExpress.Data.v16.1.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\hdCommon.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaEventTable.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractorMC.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\hdClient.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\PowerCollections.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaHdOfflineActiveX.ocx Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaFFT.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraPrinting.v16.1.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\de\ibaAnalyzerViewHostViewWrapper.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaLogger.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaViewUtilities.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Users\user\AppData\Local\Temp\nss310.tmp\UserInfo.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaViewInterfaces.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\fr\ibaSharedGui.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\ibaThreadSafeNativeFFT.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_031C1410 wsprintfA,lstrcpyA,GetPrivateProfileStringA,lstrcpyA,CharNextA, 0_2_031C1410
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\License_Agreement_ibaAnalyzer.pdf Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File created: C:\Program Files\iba\ibaAnalyzer\License_Agreement_ibaAnalyzer.pdf Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032B4D00 Start,OpenSCManagerA,CloseServiceHandle,GlobalAlloc,wsprintfA,GlobalAlloc,lstrcpyA,GlobalFree,OpenServiceA,GlobalFree,GetLastError,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GlobalFree,CloseServiceHandle,CloseServiceHandle, 0_2_032B4D00
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032BD7A0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_032BD7A0
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Registry key monitored for changes: HKEY_CURRENT_USER_Classes Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Evasive API call chain: CreateMutex,DecisionNodes,Sleep
Tries to detect virtualization through RDTSC time measurements
Source: C:\Windows\System32\regsvr32.exe RDTSC instruction interceptor: First address: 000000001B393905 second address: 000000001B393921 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, bl 0x00000005 bts dx, ax 0x00000009 movsx edx, di 0x0000000c inc ebp 0x0000000d xor eax, dword ptr [ebx+ecx*4+00000858h] 0x00000014 inc ebp 0x00000015 add eax, dword ptr [ebx+eax*4+00000C58h] 0x0000001c rdtsc
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\System32\regsvr32.exe TID: 5916 Thread sleep count: 117 > 30 Jump to behavior
Source: C:\Windows\System32\regsvr32.exe TID: 5916 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Found evasive API chain (date check)
Source: C:\Windows\System32\regsvr32.exe Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Found evasive API chain (may stop execution after checking a module file name)
Source: C:\Windows\System32\regsvr32.exe Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Contains functionality to enumerate running services
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: EnumServicesStatusExA,GetLastError,GetLastError,CloseServiceHandle,EnumServicesStatusExA,GetLastError,GetLastError, 0_2_032B6FA0
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\System.Data.SQLite.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\ibaAnalyzerViewHostViewWrapper.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaPdaServerInterfaces.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaUser.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaOrbit.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\View.ibaFFT.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractor.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\View.ibaGraphManager.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaExpressions.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzer.exe Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\hdCommon.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\msvcp100.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\libiomp5md.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaRunTime64.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\msvcr100.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\mkl64_parallel.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DevExpress.Utils.v16.1.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\Plugins\View.GeoView.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\ibaShared.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\OverlayWindow.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaHdViewUtilities.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\hdCommon.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaHDOffline.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaShared.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\ibaViewUtilities.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaManagedFFT.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\SQLite.Interop.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\View.GeoView.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\ibaViewUtilities.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\View.ibaGraphManager.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaUser.Forms.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.Forms.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostViewWrapper.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\View.GeoView.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraGrid.v16.1.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\ibaUser.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaGraphManager.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\hdCore.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\hdClient.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\ibaHDOffline.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DevExpress.Sparkline.v16.1.Core.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\ibaUser.Forms.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHost.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaGraphManager.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\GMap.NET.WindowsForms.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaAnalyzerViewHostGraphManager.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\ibaSharedGui.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\View.ibaOrbit.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DotNetMagic2005.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraEditors.v16.1.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaFFT.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\View.ibaEventTable.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\SciLexer.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaAnalyzerViewHostGraphManager.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DevExpress.Printing.v16.1.Core.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\View.ibaAnalyzerViewHostGraphManager.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\hdClient.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\ibaShared.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\GMap.NET.Core.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaSharedGui.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\hdClientInterfaces.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\View.ibaEventTable.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\ibaHDOffline.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaPdaPluginInterface.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaOrbit.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DevExpress.Data.v16.1.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\hdCommon.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\View.ibaEventTable.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaDataExtractorMC.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\hdClient.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\PowerCollections.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\Plugins\View.ibaFFT.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\DevExpress.XtraPrinting.v16.1.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\de\ibaAnalyzerViewHostViewWrapper.resources.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaViewUtilities.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaLogger.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaThreadSafeNativeFFT.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\ibaViewInterfaces.dll Jump to dropped file
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Dropped PE file which has not been started: C:\Program Files\iba\ibaAnalyzer\fr\ibaSharedGui.resources.dll Jump to dropped file
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B3929AB rdtsc 15_2_1B3929AB
Contains long sleeps (>= 3 min)
Source: C:\Windows\System32\regsvr32.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032B30E0 GetOsVersion,GetModuleHandleA,GetProcAddress,GetProcAddress,GetVersionExW,GlobalFree,GlobalFree,GetProcAddress,GetModuleHandleA,GetProcAddress,GetSystemInfo,RegOpenKeyExA,RegQueryValueExA,_strstr,RegCloseKey,_strstr,RegCloseKey,_strstr,RegCloseKey,GlobalAlloc,GlobalAlloc,lstrcpynA,GlobalAlloc,wsprintfA, 0_2_032B30E0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_00405E61 FindFirstFileA,FindClose, 0_2_00405E61
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,SHELL32_IconCache_DoneExtractingIcons,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA, 0_2_0040548B
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_0040263E FindFirstFileA, 0_2_0040263E
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032D1866 FindFirstFileExW, 0_2_032D1866
Source: C:\Windows\System32\regsvr32.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe API call chain: ExitProcess graph end node
Source: C:\Windows\System32\regsvr32.exe API call chain: ExitProcess graph end node
Source: C:\Windows\System32\regsvr32.exe API call chain: ExitProcess graph end node
Source: C:\Windows\System32\regsvr32.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File Volume queried: C:\Program Files FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe File Volume queried: C:\Program Files FullSizeInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032C925B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_032C925B
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_0297C60C GetLastError,IsDebuggerPresent,OutputDebugStringW, 15_2_0297C60C
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress, 0_2_00405E88
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032B53E5 GetProcessHeap, 0_2_032B53E5
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B3929AB rdtsc 15_2_1B3929AB
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032C8252 mov eax, dword ptr fs:[00000030h] 0_2_032C8252
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032D1474 mov eax, dword ptr fs:[00000030h] 0_2_032D1474
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032D14BA mov eax, dword ptr fs:[00000030h] 0_2_032D14BA
Source: C:\Windows\System32\regsvr32.exe Memory allocated: page read and write | page guard Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032BE334 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_032BE334
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032C925B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_032C925B
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032BE719 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_032BE719
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B25BB70 SetUnhandledExceptionFilter, 15_2_1B25BB70
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B25BB40 SetUnhandledExceptionFilter, 15_2_1B25BB40
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B25DD3F RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 15_2_1B25DD3F
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B264360 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 15_2_1B264360
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B259280 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 15_2_1B259280
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B259160 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 15_2_1B259160
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B2590C0 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 15_2_1B2590C0
Source: C:\Windows\System32\regsvr32.exe Code function: 15_2_1B258680 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 15_2_1B258680
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032AC740 InterlockedCompareExchange,GetModuleFileNameA,LoadLibraryA,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CloseHandle,WaitForSingleObject,CloseHandle, 0_2_032AC740
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\regsvr32.exe Queries volume information: C:\Program Files\iba\ibaAnalyzer\ibaHdOfflineActiveX.ocx VolumeInformation Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Queries volume information: C:\Program Files\iba\ibaAnalyzer\ibaLogger.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Queries volume information: C:\Program Files\iba\ibaAnalyzer\ICSharpCode.SharpZipLib.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Queries volume information: C:\Program Files\iba\ibaAnalyzer\ibaAnalyzerViewHostActiveX.ocx VolumeInformation Jump to behavior
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 0_2_032D5395
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: GetLocaleInfoW, 0_2_032D52C2
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: EnumSystemLocalesW, 0_2_032CD1BB
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 0_2_032D51BA
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: GetLocaleInfoW, 0_2_032D5092
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: GetLocaleInfoW, 0_2_032CD76E
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: GetACP,IsValidCodePage,GetLocaleInfoW, 0_2_032D4A26
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, 0_2_032D4E3D
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: EnumSystemLocalesW, 0_2_032D4D17
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: EnumSystemLocalesW, 0_2_032D4DB2
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: EnumSystemLocalesW, 0_2_032D4CCC
Source: C:\Windows\System32\regsvr32.exe Code function: GetThreadLocale,GetLocaleInfoA,GetACP, 15_2_1B25782C
Source: C:\Windows\System32\regsvr32.exe Code function: GetLocaleInfoA, 15_2_1B269410
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032BE8FB cpuid 0_2_032BE8FB
Source: C:\Windows\System32\regsvr32.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032BB350 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z, 0_2_032BB350
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032C9A43 _free,_free,_free,GetTimeZoneInformation,_free, 0_2_032C9A43
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA, 0_2_00405B88
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032B52F0 GlobalFree,GetProcessHeap,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,LookupAccountNameA,GetLastError,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapReAlloc, 0_2_032B52F0
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032A77C0 socket,WSAGetLastError,bind,WSAGetLastError,GetTickCount,ioctlsocket,connect,ioctlsocket,select,__WSAFDIsSet,GetTickCount,GetTickCount,closesocket,WSAGetLastError,getsockname,htons,closesocket, 0_2_032A77C0
Source: C:\Users\user\Desktop\ibaAnalyzerSetup_x64_v7.3.6.exe Code function: 0_2_032A7A20 socket,bind,WSAGetLastError,Sleep,connect,Sleep,WSAGetLastError,getsockname,htons,closesocket,closesocket,WSAGetLastError, 0_2_032A7A20
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 632527 Sample: ibaAnalyzerSetup_x64_v7.3.6.exe Startdate: 23/05/2022 Architecture: WINDOWS Score: 24 6 ibaAnalyzerSetup_x64_v7.3.6.exe 122 2->6         started        file3 19 C:\Users\user\AppData\Local\...\nsSCMEx.dll, PE32 6->19 dropped 21 C:\Users\user\AppData\Local\...\UserInfo.dll, PE32 6->21 dropped 23 C:\Users\user\AppData\Local\...\System.dll, PE32 6->23 dropped 25 85 other files (none is malicious) 6->25 dropped 27 Found evasive API chain (may stop execution after checking mutex) 6->27 10 regsvr32.exe 6->10         started        12 regsvr32.exe 6->12         started        signatures4 process5 process6 14 regsvr32.exe 62 5 10->14         started        17 regsvr32.exe 12->17         started        signatures7 29 Tries to detect virtualization through RDTSC time measurements 14->29
No contacted IP infos