Source: nvbbzu.dll |
Virustotal: Detection: 48% |
Perma Link |
Source: nvbbzu.dll |
Metadefender: Detection: 28% |
Perma Link |
Source: nvbbzu.dll |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL |
Source: |
Binary string: xP+=_.pdbd? source: nvbbzu.dll |
Source: |
Binary string: xP+=_.pdb source: nvbbzu.dll |
Source: Initial file |
Signature Results: Dridex dropper behavior |
|
Source: nvbbzu.dll |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00931000 NtCreateThreadEx, |
1_2_00931000 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04A41000 NtCreateThreadEx, |
4_2_04A41000 |
Source: nvbbzu.dll |
Binary or memory string: OriginalFilenameciide4.dll( vs nvbbzu.dll |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00864210 |
1_2_00864210 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00863FA4 |
1_2_00863FA4 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00861000 |
1_2_00861000 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_0086110C |
1_2_0086110C |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00863AF4 |
1_2_00863AF4 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_008620F0 |
1_2_008620F0 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00864A1C |
1_2_00864A1C |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00864D98 |
1_2_00864D98 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00932990 |
1_2_00932990 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00933190 |
1_2_00933190 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00931000 |
1_2_00931000 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00931A37 |
1_2_00931A37 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00933A20 |
1_2_00933A20 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00932D90 |
1_2_00932D90 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00933C90 |
1_2_00933C90 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00933EB0 |
1_2_00933EB0 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_009315D0 |
1_2_009315D0 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_009342D0 |
1_2_009342D0 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_00931350 |
1_2_00931350 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04974210 |
4_2_04974210 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04973AF4 |
4_2_04973AF4 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_049720F0 |
4_2_049720F0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04974A1C |
4_2_04974A1C |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04974D98 |
4_2_04974D98 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04973FA4 |
4_2_04973FA4 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04971000 |
4_2_04971000 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04A42990 |
4_2_04A42990 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04A43190 |
4_2_04A43190 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04A43A20 |
4_2_04A43A20 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04A41A37 |
4_2_04A41A37 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04A41000 |
4_2_04A41000 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04A43EB0 |
4_2_04A43EB0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04A42D90 |
4_2_04A42D90 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04A43C90 |
4_2_04A43C90 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04A415D0 |
4_2_04A415D0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04A442D0 |
4_2_04A442D0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_04A41350 |
4_2_04A41350 |
Source: nvbbzu.dll |
Static PE information: Section: .CRT0 ZLIB complexity 0.9951186852952454 |
Source: nvbbzu.dll |
Static PE information: Section: .crt1 ZLIB complexity 0.9950722536426381 |
Source: nvbbzu.dll |
Virustotal: Detection: 48% |
Source: nvbbzu.dll |
Metadefender: Detection: 28% |
Source: nvbbzu.dll |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Windows\System32\loaddll32.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: classification engine |
Classification label: mal64.bank.evad.winDLL@5/0@0/0 |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\nvbbzu.dll",#1 |
Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\nvbbzu.dll" |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\nvbbzu.dll",#1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\nvbbzu.dll",#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\nvbbzu.dll",#1 |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\nvbbzu.dll",#1 |
Jump to behavior |
Source: nvbbzu.dll |
Static file information: File size 1511424 > 1048576 |
Source: |
Binary string: xP+=_.pdbd? source: nvbbzu.dll |
Source: |
Binary string: xP+=_.pdb source: nvbbzu.dll |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 1_2_008641F4 push esi; mov dword ptr [esp], ecx |
1_2_008641F6 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 4_2_049741F4 push esi; mov dword ptr [esp], ecx |
4_2_049741F6 |
Source: nvbbzu.dll |
Static PE information: section name: .CRT0 |
Source: nvbbzu.dll |
Static PE information: section name: .crt1 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Section loaded: \KnownDlls32\testapp.exe |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Section loaded: \KnownDlls32\testapp.exe |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\loaddll32.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\nvbbzu.dll",#1 |
Jump to behavior |