Source: null.exe |
Virustotal: Detection: 58% |
Perma Link |
Source: null.exe |
ReversingLabs: Detection: 65% |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A59F0 WSAStartup,GetComputerNameA,gethostbyname,htonl,GetModuleFileNameA,LocalAlloc,CryptAcquireContextW,CryptImportKey,CryptSetKeyParam,CryptSetKeyParam,CryptSetKeyParam,Sleep,CryptEncrypt,CryptEncrypt,CryptDecrypt,LocalFree,GetLastError,LocalFree,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,LocalFree,CryptDestroyKey,CryptReleaseContext,WSACleanup, |
1_2_00007FF7A43A59F0 |
Source: null.exe |
Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A1590 FindFirstFileA,GetLastError,FileTimeToLocalFileTime,FileTimeToSystemTime,FindNextFileA,FindClose, |
1_2_00007FF7A43A1590 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A21A0 FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA, |
1_2_00007FF7A43A21A0 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A2470 FindFirstFileA,GetLastError,DeleteFileA,GetLastError,FindClose,GetLastError, |
1_2_00007FF7A43A2470 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A3030 SystemTimeToFileTime,LocalFileTimeToFileTime,FindFirstFileA,GetLastError,CreateFileA,SetFileTime,CloseHandle,FindClose, |
1_2_00007FF7A43A3030 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A2CE0 FindFirstFileA,GetLastError,CopyFileA,CreateFileA,SetFileTime,CloseHandle,DeleteFileA,GetLastError,MoveFileA,CreateFileA,SetFileTime,CloseHandle,FindClose,GetLastError, |
1_2_00007FF7A43A2CE0 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A2AA0 FindFirstFileA,GetLastError,FindClose,CopyFileA,CreateFileA,SetFileTime,CloseHandle,GetLastError,SHCreateDirectoryExA,GetLastError, |
1_2_00007FF7A43A2AA0 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
DNS traffic detected: queries for: t1.hinitial.com |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A5000 LocalAlloc,recvfrom,Sleep,htons,htons,htons,LocalReAlloc,recvfrom,LocalAlloc,LocalFree,LocalFree,GetLastError,LocalFree, |
1_2_00007FF7A43A5000 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A59F0 WSAStartup,GetComputerNameA,gethostbyname,htonl,GetModuleFileNameA,LocalAlloc,CryptAcquireContextW,CryptImportKey,CryptSetKeyParam,CryptSetKeyParam,CryptSetKeyParam,Sleep,CryptEncrypt,CryptEncrypt,CryptDecrypt,LocalFree,GetLastError,LocalFree,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,LocalFree,CryptDestroyKey,CryptReleaseContext,WSACleanup, |
1_2_00007FF7A43A59F0 |
Source: C:\Users\user\Desktop\null.exe |
Section loaded: edgegdi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\null.exe |
Section loaded: edgegdi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\null.exe |
Section loaded: edgegdi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43AC778 |
1_2_00007FF7A43AC778 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A1590 |
1_2_00007FF7A43A1590 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A59F0 |
1_2_00007FF7A43A59F0 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A9A5C |
1_2_00007FF7A43A9A5C |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A5270 |
1_2_00007FF7A43A5270 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A4880 |
1_2_00007FF7A43A4880 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A3290 |
1_2_00007FF7A43A3290 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43AA418 |
1_2_00007FF7A43AA418 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A6430 |
1_2_00007FF7A43A6430 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A8AFC |
1_2_00007FF7A43A8AFC |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43AB8D0 |
1_2_00007FF7A43AB8D0 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A4880 CreateEventW,CreateEventW,CreateEventW,RegisterServiceCtrlHandlerA,GetModuleFileNameW,CoInitialize,SetServiceStatus,Sleep,TerminateProcess,CloseHandle,SetServiceStatus,SetServiceStatus,Sleep,TerminateProcess,CloseHandle,SetServiceStatus,GetCurrentProcess,OpenProcessToken,DuplicateTokenEx,WTSGetActiveConsoleSessionId,SetTokenInformation,CreateEnvironmentBlock,CreateProcessAsUserW,CloseHandle,CloseHandle,WaitForMultipleObjects,CloseHandle,Sleep,DestroyEnvironmentBlock,CloseHandle,Sleep, |
1_2_00007FF7A43A4880 |
Source: null.exe |
Virustotal: Detection: 58% |
Source: null.exe |
ReversingLabs: Detection: 65% |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A6040 StartServiceCtrlDispatcherA, |
1_2_00007FF7A43A6040 |
Source: null.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\null.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A6040 StartServiceCtrlDispatcherA, |
1_2_00007FF7A43A6040 |
Source: unknown |
Process created: C:\Users\user\Desktop\null.exe "C:\Users\user\Desktop\null.exe" |
|
Source: unknown |
Process created: C:\Users\user\Desktop\null.exe C:\Users\user\Desktop\null.exe |
|
Source: C:\Users\user\Desktop\null.exe |
Process created: C:\Users\user\Desktop\null.exe -a |
|
Source: C:\Users\user\Desktop\null.exe |
Process created: C:\Users\user\Desktop\null.exe -a |
Jump to behavior |
Source: classification engine |
Classification label: mal56.winEXE@4/0@1/1 |
Source: null.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: null.exe |
Static PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A42B0 GetModuleFileNameA,LoadLibraryA,GetProcAddress,FreeLibrary,GetProcAddress,FreeLibrary,GetProcAddress,FreeLibrary,GetProcAddress,FreeLibrary,GetProcAddress,FreeLibrary,OpenSCManagerA,FreeLibrary,FreeLibrary,GetLastError,FreeLibrary, |
1_2_00007FF7A43A42B0 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A6040 StartServiceCtrlDispatcherA, |
1_2_00007FF7A43A6040 |
Source: C:\Users\user\Desktop\null.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\null.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\null.exe TID: 8396 |
Thread sleep count: 99 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\null.exe TID: 8396 |
Thread sleep time: -99000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\null.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\null.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\null.exe |
Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess |
Source: C:\Users\user\Desktop\null.exe |
API coverage: 8.4 % |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A1590 FindFirstFileA,GetLastError,FileTimeToLocalFileTime,FileTimeToSystemTime,FindNextFileA,FindClose, |
1_2_00007FF7A43A1590 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A21A0 FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA, |
1_2_00007FF7A43A21A0 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A2470 FindFirstFileA,GetLastError,DeleteFileA,GetLastError,FindClose,GetLastError, |
1_2_00007FF7A43A2470 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A3030 SystemTimeToFileTime,LocalFileTimeToFileTime,FindFirstFileA,GetLastError,CreateFileA,SetFileTime,CloseHandle,FindClose, |
1_2_00007FF7A43A3030 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A2CE0 FindFirstFileA,GetLastError,CopyFileA,CreateFileA,SetFileTime,CloseHandle,DeleteFileA,GetLastError,MoveFileA,CreateFileA,SetFileTime,CloseHandle,FindClose,GetLastError, |
1_2_00007FF7A43A2CE0 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A2AA0 FindFirstFileA,GetLastError,FindClose,CopyFileA,CreateFileA,SetFileTime,CloseHandle,GetLastError,SHCreateDirectoryExA,GetLastError, |
1_2_00007FF7A43A2AA0 |
Source: C:\Users\user\Desktop\null.exe |
API call chain: ExitProcess graph end node |
Source: null.exe, 00000003.00000002.9452503817.0000000000FF9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A6160 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
1_2_00007FF7A43A6160 |
Source: C:\Users\user\Desktop\null.exe |
Process created: C:\Users\user\Desktop\null.exe -a |
Jump to behavior |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A42B0 GetModuleFileNameA,LoadLibraryA,GetProcAddress,FreeLibrary,GetProcAddress,FreeLibrary,GetProcAddress,FreeLibrary,GetProcAddress,FreeLibrary,GetProcAddress,FreeLibrary,OpenSCManagerA,FreeLibrary,FreeLibrary,GetLastError,FreeLibrary, |
1_2_00007FF7A43A42B0 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A6160 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
1_2_00007FF7A43A6160 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43A8548 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
1_2_00007FF7A43A8548 |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43AD3D4 SetUnhandledExceptionFilter, |
1_2_00007FF7A43AD3D4 |
Source: C:\Users\user\Desktop\null.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Jump to behavior |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43AB48C HeapCreate,GetVersion,HeapSetInformation, |
1_2_00007FF7A43AB48C |
Source: C:\Users\user\Desktop\null.exe |
Code function: 1_2_00007FF7A43ADD48 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, |
1_2_00007FF7A43ADD48 |