Source: 6Sy6PrInNl.exe |
ReversingLabs: Detection: 27% |
Source: 6Sy6PrInNl.exe |
Virustotal: Detection: 30% |
Perma Link |
Source: 6Sy6PrInNl.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: 6Sy6PrInNl.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: |
Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 6Sy6PrInNl.exe |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0098A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError, |
0_2_0098A69B |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0099C330 SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW, |
0_2_0099C330 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009AB348 FindFirstFileExA, |
0_2_009AB348 |
Source: 6Sy6PrInNl.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: <pi-ms-win-core-synch-l1-2-0.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: <pi-ms-win-core-synch-l1-2-0.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: <pi-ms-win-core-localization-l1-2-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: dxgidebug.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: <pi-ms-win-core-synch-l1-2-0.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: <pi-ms-win-core-synch-l1-2-0.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: <pi-ms-win-core-localization-l1-2-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: dxgidebug.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: <pi-ms-win-core-synch-l1-2-0.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: <pi-ms-win-core-synch-l1-2-0.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: <pi-ms-win-core-localization-l1-2-1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Section loaded: dxgidebug.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0098848E |
0_2_0098848E |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_00994088 |
0_2_00994088 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009900B7 |
0_2_009900B7 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009840FE |
0_2_009840FE |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009A51C9 |
0_2_009A51C9 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_00997153 |
0_2_00997153 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009962CA |
0_2_009962CA |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009832F7 |
0_2_009832F7 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009943BF |
0_2_009943BF |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0098C426 |
0_2_0098C426 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009AD440 |
0_2_009AD440 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0098F461 |
0_2_0098F461 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009977EF |
0_2_009977EF |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009AD8EE |
0_2_009AD8EE |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0098286B |
0_2_0098286B |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0098E9B7 |
0_2_0098E9B7 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009B19F4 |
0_2_009B19F4 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_00996CDC |
0_2_00996CDC |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_00993E0B |
0_2_00993E0B |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009A4F9A |
0_2_009A4F9A |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0098EFE2 |
0_2_0098EFE2 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: String function: 0099EC50 appears 55 times |
|
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: String function: 0099F5F0 appears 31 times |
|
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: String function: 0099EB78 appears 39 times |
|
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_00986FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW, |
0_2_00986FAA |
Source: 6Sy6PrInNl.exe |
ReversingLabs: Detection: 27% |
Source: 6Sy6PrInNl.exe |
Virustotal: Detection: 30% |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
File read: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_00986C74 GetLastError,FormatMessageW, |
0_2_00986C74 |
Source: 6Sy6PrInNl.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\6Sy6PrInNl.exe "C:\Users\user\Desktop\6Sy6PrInNl.exe" -install |
Source: unknown |
Process created: C:\Users\user\Desktop\6Sy6PrInNl.exe "C:\Users\user\Desktop\6Sy6PrInNl.exe" /install |
Source: unknown |
Process created: C:\Users\user\Desktop\6Sy6PrInNl.exe "C:\Users\user\Desktop\6Sy6PrInNl.exe" /load |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0099A6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree, |
0_2_0099A6C2 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Command line argument: sfxname |
0_2_0099DF1E |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Command line argument: sfxstime |
0_2_0099DF1E |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Command line argument: STARTDLG |
0_2_0099DF1E |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
File created: C:\Users\user\Desktop\__tmp_rar_sfx_access_check_7126781 |
Jump to behavior |
Source: classification engine |
Classification label: sus36.winEXE@3/0@0/0 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
File read: C:\Windows\win.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Automated click: OK |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: 6Sy6PrInNl.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: 6Sy6PrInNl.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: 6Sy6PrInNl.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: 6Sy6PrInNl.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: 6Sy6PrInNl.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: 6Sy6PrInNl.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: 6Sy6PrInNl.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: 6Sy6PrInNl.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 6Sy6PrInNl.exe |
Source: 6Sy6PrInNl.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: 6Sy6PrInNl.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: 6Sy6PrInNl.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: 6Sy6PrInNl.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: 6Sy6PrInNl.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0099F640 push ecx; ret |
0_2_0099F653 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0099EB78 push eax; ret |
0_2_0099EB96 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
File created: C:\Users\user\Desktop\__tmp_rar_sfx_access_check_7126781 |
Jump to behavior |
Source: 6Sy6PrInNl.exe |
Static PE information: section name: .didat |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Evasive API call chain: GetLocalTime,DecisionNodes |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0099E6A3 VirtualQuery,GetSystemInfo, |
0_2_0099E6A3 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0098A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError, |
0_2_0098A69B |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0099C330 SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW, |
0_2_0099C330 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009AB348 FindFirstFileExA, |
0_2_009AB348 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0099F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_0099F838 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009A7DEE mov eax, dword ptr fs:[00000030h] |
0_2_009A7DEE |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009AC030 GetProcessHeap, |
0_2_009AC030 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0099F9D5 SetUnhandledExceptionFilter, |
0_2_0099F9D5 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0099F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_0099F838 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0099FBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_0099FBCA |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_009A8EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_009A8EBD |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: GetLocaleInfoW,GetNumberFormatW, |
0_2_0099AF0F |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0099F654 cpuid |
0_2_0099F654 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0098B146 GetVersionExW, |
0_2_0098B146 |
Source: C:\Users\user\Desktop\6Sy6PrInNl.exe |
Code function: 0_2_0099DF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,CloseHandle, |
0_2_0099DF1E |