Source: WCTBt2z7KE.exe |
ReversingLabs: Detection: 22% |
Source: WCTBt2z7KE.exe |
Virustotal: Detection: 33% |
Perma Link |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_000000014000B64C NtdllDefWindowProc_W,GetWindowLongPtrW,GetWindowTextLengthW,RtlAllocateHeap,GetWindowTextW,EnableWindow,DestroyWindow,UnregisterClassW, |
0_2_000000014000B64C |
Source: WCTBt2z7KE.exe |
Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant) |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_00000001400660A0 |
0_2_00000001400660A0 |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_000000014000B758 |
0_2_000000014000B758 |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_00000001400138E5 |
0_2_00000001400138E5 |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_00000001400154F0 |
0_2_00000001400154F0 |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_0000000140015160 |
0_2_0000000140015160 |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_0000000140015170 |
0_2_0000000140015170 |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_0000000140013175 |
0_2_0000000140013175 |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_0000000140010210 |
0_2_0000000140010210 |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_0000000140016210 |
0_2_0000000140016210 |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_000000014000EA48 |
0_2_000000014000EA48 |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_000000014001366E |
0_2_000000014001366E |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_0000000140012FDD |
0_2_0000000140012FDD |
Source: WCTBt2z7KE.exe |
ReversingLabs: Detection: 22% |
Source: WCTBt2z7KE.exe |
Virustotal: Detection: 33% |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: classification engine |
Classification label: mal60.winEXE@1/0@0/0 |
Source: WCTBt2z7KE.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_00000001400660A0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect, |
0_2_00000001400660A0 |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_3_004509C9 push ebx; retf |
0_3_004509DC |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_3_00451C49 push edi; retf |
0_3_00451C5C |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_3_00450A0A push edi; iretd |
0_3_00450A0C |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_3_00450A19 push edi; iretd |
0_3_00451ABC |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_3_00451B19 push edx; retf |
0_3_00451B2C |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_3_00451C79 push es; iretd |
0_3_00451D6C |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_3_00451B38 push edi; iretd |
0_3_00451BEC |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_3_0045093A push edi; iretd |
0_3_0045096C |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_000000014001BD3E push rbx; ret |
0_2_000000014001BD3F |
Source: initial sample |
Static PE information: section name: UPX0 |
Source: initial sample |
Static PE information: section name: UPX1 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_00000001400660A0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect, |
0_2_00000001400660A0 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_000000014000C4D0 RtlRemoveVectoredExceptionHandler,RtlAddVectoredExceptionHandler,RtlAddVectoredContinueHandler, |
0_2_000000014000C4D0 |
Source: C:\Users\user\Desktop\WCTBt2z7KE.exe |
Code function: 0_2_000000014001F888 RtlAddVectoredExceptionHandler, |
0_2_000000014001F888 |