Source: SecuriteInfo.com.Trojan.Inject.11626.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: |
Binary string: D:\SourceCode\GC3.Overclocking\production_V4.2\Service\ServiceSDK\Release\ThrottlePlugin\ThrottlePlugin.pdb source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
Source: |
Binary string: D:\SourceCode\GC3.Overclocking\production_V4.2\Service\ServiceSDK\Release\ThrottlePlugin\ThrottlePlugin.pdb00 source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe |
Code function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_00405D74 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe |
Code function: 0_2_0040290B FindFirstFileW, |
0_2_0040290B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe |
Code function: 0_2_0040699E FindFirstFileW,FindClose, |
0_2_0040699E |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: user-not-tracked-symbolic.svg.0.dr |
String found in binary or memory: http://creativecommons.org/licenses/by-sa/4.0/ |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.789161040.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.0.dr |
String found in binary or memory: http://creativecommons.org/ns# |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.789161040.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.0.dr |
String found in binary or memory: http://creativecommons.org/ns#Attribution |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.789161040.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.0.dr |
String found in binary or memory: http://creativecommons.org/ns#DerivativeWorks |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.789161040.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.0.dr |
String found in binary or memory: http://creativecommons.org/ns#Distribution |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.789161040.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.0.dr |
String found in binary or memory: http://creativecommons.org/ns#Notice |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.789161040.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.0.dr |
String found in binary or memory: http://creativecommons.org/ns#Reproduction |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.789161040.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, user-not-tracked-symbolic.svg.0.dr |
String found in binary or memory: http://creativecommons.org/ns#ShareAlike |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0 |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://crl.globalsign.com/root-r3.crl0b |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://crl.globalsign.com/root.crl0G |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://ocsp.globalsign.com/rootr103 |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://ocsp2.globalsign.com/rootr306 |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0 |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
String found in binary or memory: https://www.globalsign.com/repository/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe |
Code function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_00405809 |
Source: SecuriteInfo.com.Trojan.Inject.11626.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe |
Code function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403640 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe |
Code function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403640 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe |
Code function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, |
0_2_00404AB5 |
Source: |
Binary string: D:\SourceCode\GC3.Overclocking\production_V4.2\Service\ServiceSDK\Release\ThrottlePlugin\ThrottlePlugin.pdb source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
Source: |
Binary string: D:\SourceCode\GC3.Overclocking\production_V4.2\Service\ServiceSDK\Release\ThrottlePlugin\ThrottlePlugin.pdb00 source: SecuriteInfo.com.Trojan.Inject.11626.exe, 00000000.00000002.790363953.0000000002881000.00000004.00000800.00020000.00000000.sdmp, ThrottlePlugin.dll.0.dr |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe |
Code function: 0_2_734E1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, |
0_2_734E1BFF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe |
Code function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_00405D74 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe |
Code function: 0_2_0040290B FindFirstFileW, |
0_2_0040290B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe |
Code function: 0_2_0040699E FindFirstFileW,FindClose, |
0_2_0040699E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe |
Code function: 0_2_734E1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, |
0_2_734E1BFF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.11626.exe |
Code function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403640 |