Source: |
Binary string: System.Runtime.CompilerServices.VisualC.ni.pdb source: System.Runtime.CompilerServices.VisualC.dll.1.dr |
Source: |
Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll.1.dr |
Source: |
Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdbRSDS source: System.Runtime.CompilerServices.VisualC.dll.1.dr |
Source: |
Binary string: d:\build\ob\bora-18379147\bora-vmsoft\build\release-x64\svga\wddm\src\coinstaller\Win8Release\x64\bin\vm3dc003.pdb source: vm3dc003.dll.1.dr |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe |
Code function: 1_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
1_2_00405C49 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe |
Code function: 1_2_00406873 FindFirstFileW,FindClose, |
1_2_00406873 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe |
Code function: 1_2_0040290B FindFirstFileW, |
1_2_0040290B |
Source: vm3dc003.dll.1.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0 |
Source: vm3dc003.dll.1.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G |
Source: vm3dc003.dll.1.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: vm3dc003.dll.1.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: vm3dc003.dll.1.dr |
String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: vm3dc003.dll.1.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: vm3dc003.dll.1.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: vm3dc003.dll.1.dr |
String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, uninstalla.exe.1.dr |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: vm3dc003.dll.1.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: vm3dc003.dll.1.dr |
String found in binary or memory: http://ocsp.digicert.com0L |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://ocsp2.globalsign.com/rootr306 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://ocsp2.globalsign.com/rootr606 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://s2.symcb.com0 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://sv.symcd.com0& |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: vm3dc003.dll.1.dr |
String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: vm3dc003.dll.1.dr |
String found in binary or memory: http://www.vmware.com/0 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: http://www.vmware.com/0/ |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000001.00000002.897861144.000000000040A000.00000004.00000001.01000000.00000005.sdmp, vm3dc003.dll.1.dr |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: System.Runtime.CompilerServices.VisualC.dll.1.dr |
String found in binary or memory: https://github.com/dotnet/runtime |
Source: System.Runtime.CompilerServices.VisualC.dll.1.dr |
String found in binary or memory: https://github.com/dotnet/runtimeBSJB |
Source: vm3dc003.dll.1.dr |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: vm3dc003.dll.1.dr |
String found in binary or memory: https://www.globalsign.com/repository/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe |
Code function: 1_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, |
1_2_004056DE |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: uninstalla.exe.1.dr |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe |
Code function: 1_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
1_2_0040352D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe |
Code function: 1_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
1_2_0040352D |
Source: |
Binary string: System.Runtime.CompilerServices.VisualC.ni.pdb source: System.Runtime.CompilerServices.VisualC.dll.1.dr |
Source: |
Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll.1.dr |
Source: |
Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdbRSDS source: System.Runtime.CompilerServices.VisualC.dll.1.dr |
Source: |
Binary string: d:\build\ob\bora-18379147\bora-vmsoft\build\release-x64\svga\wddm\src\coinstaller\Win8Release\x64\bin\vm3dc003.pdb source: vm3dc003.dll.1.dr |
Source: vm3dc003.dll.1.dr |
Static PE information: section name: .didat |
Source: vm3dc003.dll.1.dr |
Static PE information: section name: .gehcont |
Source: vm3dc003.dll.1.dr |
Static PE information: section name: _RDATA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe |
Code function: 1_2_72D91BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, |
1_2_72D91BFF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe |
Code function: 1_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
1_2_00405C49 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe |
Code function: 1_2_00406873 FindFirstFileW,FindClose, |
1_2_00406873 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe |
Code function: 1_2_0040290B FindFirstFileW, |
1_2_0040290B |
Source: vm3dc003.dll.1.dr |
Binary or memory string: LegalCopyrightCopyright (C) 1998-2021 VMware, Inc.B |
Source: vm3dc003.dll.1.dr |
Binary or memory string: {4d36e968-e325-11ce-bfc1-08002be10318}SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}CoInstallers32SOFTWARE\Microsoft\Windows\CurrentVersion\RunVMware VM3DService ProcessRegDeleteValue failed (0x%lx). |
Source: vm3dc003.dll.1.dr |
Binary or memory string: noreply@vmware.com0 |
Source: vm3dc003.dll.1.dr |
Binary or memory string: http://www.vmware.com/0 |
Source: vm3dc003.dll.1.dr |
Binary or memory string: VMware, Inc. |
Source: vm3dc003.dll.1.dr |
Binary or memory string: dbghelp.dllSoftware\VMware, Inc.\VMware SVGADebugSearchPathBacktrace[%2d] rip=%p %s+%#x %s:%d |
Source: vm3dc003.dll.1.dr |
Binary or memory string: VMware, Inc.1!0 |
Source: vm3dc003.dll.1.dr |
Binary or memory string: %s: VMToolsRegistry Not set. |
Source: vm3dc003.dll.1.dr |
Binary or memory string: FileDescriptionVMware SVGA 3D Coinstaller: |
Source: vm3dc003.dll.1.dr |
Binary or memory string: http://www.vmware.com/0/ |
Source: vm3dc003.dll.1.dr |
Binary or memory string: Software\VMware, Inc.\VMware SVGA |
Source: vm3dc003.dll.1.dr |
Binary or memory string: VMware, Inc.1 |
Source: vm3dc003.dll.1.dr |
Binary or memory string: VMware, Inc.0 |
Source: vm3dc003.dll.1.dr |
Binary or memory string: ProductNameVMware SVGA 3D` |
Source: vm3dc003.dll.1.dr |
Binary or memory string: CompanyNameVMware, Inc.^ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe |
Code function: 1_2_72D91BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, |
1_2_72D91BFF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe |
Code function: 1_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
1_2_0040352D |