Windows
Analysis Report
dlawt.exe
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- dlawt.exe (PID: 4772 cmdline:
"C:\Users\ user\Deskt op\dlawt.e xe" MD5: CF313A27BCEBA36C7FA863BA1E935676)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
Click to jump to signature section
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: |
Source: | Code function: |
Source: | Process Stats: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: |
Source: | Key value queried: |
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: |
Source: | File read: | Jump to behavior |
Source: | Code function: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | File source: |
Source: | Code function: |
Source: | File created: | Jump to dropped file |
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | RDTSC instruction interceptor: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | API call chain: | ||
Source: | API call chain: |
Source: | Code function: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Access Token Manipulation | 1 Access Token Manipulation | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Software Packing | LSASS Memory | 2 File and Directory Discovery | Remote Desktop Protocol | 1 Clipboard Data | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | 13 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | ReversingLabs | |||
1% | Virustotal | Browse | ||
4% | Metadefender | Browse |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | ADWARE/Adware.Gen7 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 711461 |
Start date and time: | 2022-09-28 07:22:08 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | dlawt.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal52.troj.evad.winEXE@1/24@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
- Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ocsp.digicert.com, login.live.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Not all processes where analyzed, report is missing behavior information
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.890541747176257 |
Encrypted: | false |
SSDEEP: | 192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV |
MD5: | 75ED96254FBF894E42058062B4B4F0D1 |
SHA1: | 996503F1383B49021EB3427BC28D13B5BBD11977 |
SHA-256: | A632D74332B3F08F834C732A103DAFEB09A540823A2217CA7F49159755E8F1D7 |
SHA-512: | 58174896DB81D481947B8745DAFE3A02C150F3938BB4543256E8CCE1145154E016D481DF9FE68DAC6D48407C62CBE20753320EBD5FE5E84806D07CE78E0EB0C4 |
Malicious: | false |
Antivirus: | |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Algae62\plkkers\Reputation\network-cellular-4g-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 544 |
Entropy (8bit): | 4.840636545565347 |
Encrypted: | false |
SSDEEP: | 12:t4CDqsLWbjUzkTWem7+0qoLIGYJJufPm3ioprGDRl+i:t4CdLWbjUgSl8sfPAnrGDRlN |
MD5: | 6CD1ED8B1D8500C9A1480425DA4282D6 |
SHA1: | F1B935DD259BCD198784C1C2FA6516230624C43B |
SHA-256: | FAD0ECD186B6DEC11FBB094876E7381B2A097E1EF9D641527E3295132410EF44 |
SHA-512: | 6BC432608A3630136E2E8E44F69A81B9C5F9FE479DA5DD3E35A77168A66F3C41D72DC0E49FB623E74B9527CF031FBBBE447213CE4C0FDFDA4A9AB41043997701 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Arbejdskraftproblemer\CoverEdCtrl.manifest
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 983 |
Entropy (8bit): | 5.440797719362896 |
Encrypted: | false |
SSDEEP: | 24:Jdt4VIWcqHQe22Hs7uYwL1z7m91q7LY7o94Iqw1q769C77o94Iqn+:3SIJeRXm9vowwXC/own+ |
MD5: | E70ABF046645F771B84F377FE86C6150 |
SHA1: | D05C4926656D80C1E3E34441BB1AAD6531FF3949 |
SHA-256: | E0257221F542666CFBCF5E9B9F0BF43A86BFBF363682586FF18AB77C2A76D4C4 |
SHA-512: | 34501A7A7F14EF655817439CD5F8F1EB8A00A9057F5423B516D21205BFC6C5120208C19710A973FAEE4AE65454EAF0099870734F0F02AC1D54991DF5BFD0C005 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Arbejdskraftproblemer\Lakridset.bmp
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86238 |
Entropy (8bit): | 6.474378163731263 |
Encrypted: | false |
SSDEEP: | 1536:HZsCm1/4YEWvb8KSlLJY9xgt0AES8FBgih+RgS2xdW:+Cm1/VEQ8JmxgOAEfEJ6JQ |
MD5: | E74DE44364D6E680988FCDC9330819C6 |
SHA1: | 83F2BE7EC78921A46367208266BE672E013699A6 |
SHA-256: | 59713500232DE1455422E70BD5D77EC4DAFF2985A76A374DD60865A35F4C29BD |
SHA-512: | 909BD87C6EB242BAD068D7885169F614FC6CA9EC96C4A4801D806CE480CA7EA1883B6EBDFE0A75C9807FADE0021B24BC5529B6607C17C53084BA9FBA931F9B96 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Bacin\Besjlings\network-wireless-connected-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1364 |
Entropy (8bit): | 4.826941536649534 |
Encrypted: | false |
SSDEEP: | 24:t4Cf9xjMJtMCl/HBa2XtRYXI5hHTIPKeTyH2ISNdIIqqVVYSNeISNkN4AeWlGMyf:lPY/b7D5JFSs1SFSON4Ae3MQRf |
MD5: | 896D9A7F865BFDDFA0442C0B44E73F23 |
SHA1: | 6CB83C54EAADE1209F9877065C767BF1DC90B8A1 |
SHA-256: | 85500E1D92C70F203CCA0945D774CD35848120DB46C553ECF3F3D3858DDC2494 |
SHA-512: | E921924AE3041757A240CCE91E2C4455F043D9AB330B8FA8EABA21E4494427D25BE25D7CE8A6313DEE711F743EBAA0AC678D317F7AD83E0F092901D304D5ECD2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Baggesen\audio-x-generic-symbolic.symbolic.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 195 |
Entropy (8bit): | 6.350068028436895 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPl9vt3lAnsrtxBll/0xEq2j5+j61kca4OSpTC7qtl2BeKlirjjBbEqY:6v/lhPysSEq2sca4OKocrSVp |
MD5: | 79B7B2040BFDFF36BEC2D20F727DFC7E |
SHA1: | C31B14267B8B5DADC7151D82E8378D2CC5CB653A |
SHA-256: | 6B0807769D18D56DCC9AB666FC8A6F7160E9707C3BC02545EABDF16C5D4029B8 |
SHA-512: | 6E042161CF966ABB32840AD937F257CB893D513EC0E2CE663BCAB9A02B9639F8B38F359FF3C8EEDA522D76DB7F60C1068303FC66FE17742660D7E6D9C892DF26 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Baggesen\changes-prevent-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 998 |
Entropy (8bit): | 5.1868425916607555 |
Encrypted: | false |
SSDEEP: | 12:t4CP5GD09xmuPHoJdRnZopTi3b1USS0LLcXNo3F3iCydrkeYRAerAFFLAmP502Kp:t4CBGD0KvRW+Li+3FLyKbRAecFxV0/YK |
MD5: | 790B7AEF699FC380D50CFB583F09EF44 |
SHA1: | E8F31F4CC603DF24FF456271E8BEFEE8FBC588D6 |
SHA-256: | CD34406714AA8018144064852CE932016BE8FE06F1F0CEA06060B95F8E8E6D8E |
SHA-512: | C5674F4F9AE8D78AE0E239E7AE0FD156B75D21CA9D2216D2B851D3BCA8239CFD62414C2165A3BFEC71F997D9AFD08EC821D8233A745BBD756E0F908F830566B8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\dialog-information-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1626 |
Entropy (8bit): | 5.0762260088454605 |
Encrypted: | false |
SSDEEP: | 24:t4Cpl+6kKDPeexH0BqyKbRAecFxMGMZLxdOUyKbRAecFxMGM+pMc:V7lH0BqNtAecFJM3fNtAecFJMu |
MD5: | 1A31C93C41C667E8802FCC6B0DB782D3 |
SHA1: | 8436084E01D6B5D996A54D00E8AE95196865B928 |
SHA-256: | BA163884E8DBD085280F6D4FEF52AAB07A10CDC540E657B5AD16D9773FD31BBD |
SHA-512: | 7BCC9B6D0D3EE6D79A2AF8CCFA8734DF4AF5BCA6079110FA3B65FF10024A4F75C2BBCEF106086E36E4B3D293648EE4FBB23C4C49EA8EEBDBC84854DFCB4FF5EB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\drive-harddisk-solidstate-symbolic.symbolic.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 195 |
Entropy (8bit): | 6.3462536867112 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPl9vt3lAnsrtxBll/V2a02b5Ra2J6NJIMlbAytVqoL7+5KWtCYnscao:6v/lhPysma089QBbpqW7+oKs5HoE6Xjp |
MD5: | 5B6732EE14014007E6B0CAEB9AB35BAA |
SHA1: | 7F610426DD3E8560E4BFDDE6ECF8631068056B0E |
SHA-256: | 2E2BB0B7FD175718A6ED195A1C6F0D3D63AE0A23C75648BC5E8D86E6A738B839 |
SHA-512: | 8AEC8F1F1FA122EC4829D65C0135D0A50A788C26C289655520353316D2A11781FC962A71A7237067EF7EF0B08DAFE9516B7EF39681B2FC3F733CA2010112E256 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\folder-download.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 575 |
Entropy (8bit): | 6.830970971637153 |
Encrypted: | false |
SSDEEP: | 12:6v/7X0Z7HBwN1+swFIzkNqwnN14aVOX24G2uXGtIEsltGeBm65Yc:C0BqEZqQQRuXG5saexR |
MD5: | 576892D2CBC2392CDED574CF9F87E9A3 |
SHA1: | B7126CA4554CBAD5D3C76D3A4E6F4E62DB669D92 |
SHA-256: | 987E50BDB1019E60084F4BBAFCD4F942FCC7451FE40C82A7CEEB1AF56134634B |
SHA-512: | FEB9F46BBC9CD25FB6639E7B8E30BC3F3460A41D098C5CE2350B7B9134F163E7D63694D9F535944043A9B4E82885F714B2B5FC815CE41781EA9D9C4E8098C219 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\folder-drag-accept-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1077 |
Entropy (8bit): | 5.095013943036629 |
Encrypted: | false |
SSDEEP: | 24:t4tp46o5VC669yLUDgEyKbRAecFxMGMaM+uRM96Kcm:ea69yL0JNtAecFJMj86K/ |
MD5: | BDC8C62FEE436EFB83F7D75400F81F31 |
SHA1: | 43DD187F46AD9D03DBE511C86C1F23C92AC66BCD |
SHA-256: | 2C754284C11A36DCEC407452C15B7DA77D6FA815B6F6F082D2DFB990CE9EFD83 |
SHA-512: | D3AF73024B8B6657145F0B680A03ED41BE5766D70CE5FFCC0834DB71CA309B522C4C8FD61122A51E9BE3B805CCC4D8CA6A9CD74BA77C5A2464342CE5FBA81465 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\folder-visiting.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 479 |
Entropy (8bit): | 7.424417664350709 |
Encrypted: | false |
SSDEEP: | 12:6v/7MEs8+zTCS6Fm0QqVI8FoWmlsV+qmw8pXAGsaFBbHWe1:KPEb6FmpqVI8Kbqm1Hb2e1 |
MD5: | 74938AFFF1F75F97D08AEB730F2698B7 |
SHA1: | F370B7705F844460D39489E5D1F2B15FE2F2A441 |
SHA-256: | A8A2D4FCD192CE5924032EFF47738B7A730A0C4DEED8C7C7E8ECD75932E063D0 |
SHA-512: | 0EF7E50D617D98D03DEF5F405CEBA8E7BDA21683F02C08635F30C204531E3CAAC6D861CCBC214C835952536553FC2E73414AE6E400FF0201A2A5416B74A8E115 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\format-text-bold-symbolic.symbolic.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 183 |
Entropy (8bit): | 6.003110793136093 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPl9vt3lAnsrtxBllTh9zFa7Z52Dkh4FdXeqepOl/7tPAc08XIEh64Za:6v/lhPys9zFwHC1FdXeqe4/5dJYEup |
MD5: | F7DA2995933D894BDE84BCBFC78CC767 |
SHA1: | 6B5808CC30A2366D3258F79C6719EB1C5C6FFB37 |
SHA-256: | EB0C26BA06BBA9D9980D1DDEA031141E5491931B8CAC5221B69FF2593A21F398 |
SHA-512: | 58848192C7DBFFBEB6F3ACC56384089DDE9ADFAE31946AC5F66AA8593AF2A4BE411EEF06E225011B36CB9FA4EB8B3705E4D2404BCBB51C3885D8EB672E011C6B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\format-text-direction-symbolic-rtl.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1503 |
Entropy (8bit): | 5.15394138748218 |
Encrypted: | false |
SSDEEP: | 24:t4CBGMMAhONiWGzFk1wgaqV4AeW0WRjgnRcG1IoAeW0ayyKbRAecFxV0L:gMmklOV4AeIRjacYIoAeQyNtAecFu |
MD5: | 1C15A6D0FA6065F5004770EA2876B446 |
SHA1: | BFDB465A2FC2B8BA60FC9BEE5CB03D65156F1D20 |
SHA-256: | DC5A830CBB258F5B7EB5422C7059F6A0578821D9549A9603CA3C22E4749B6F80 |
SHA-512: | 02309FE57B9CA42D65FA9C4B93FCB6A003D698D0FC47EF03EEFCDA0163B7C715FC6438A3CED7164839EED3412EC40BA1CF35B88AF0A40D7774B93BE7F1879F6C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\go-previous-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 665 |
Entropy (8bit): | 4.455633152585391 |
Encrypted: | false |
SSDEEP: | 12:TMHdPnnl/nu3tlnpZo4iL+o0JWlzkmvtoWlz9vtoWlzKzmdwWlzFzmdwWlM:2dPnnxu3tlTtiL+rJPmvto0vtojzmdw6 |
MD5: | D3329B3FDCE276378BC23A2B04EFF6FA |
SHA1: | 1DF694D08D03F1C7C86AB6234507A9364EC5C4E8 |
SHA-256: | 0D26FB049E369AAD5E7ED901B3A255317A4A465008E89026FDE9F624124E2599 |
SHA-512: | 2C4624461FAC6CD5093B8B7818DA17B909A302A216364ABCDD467131EA2C49E2BDCA3E546F69030E4812439F86986F747688EA0F9732CAE053F697A8C3F08B0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\idxcaption.xsl
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2055 |
Entropy (8bit): | 5.043971370492221 |
Encrypted: | false |
SSDEEP: | 48:iKmpXgIxs4ZL4Y8PsJmbW2KCkwR2+n+PfeWBvQFUijkv:irXvuqL4xJbWrCkwR2++HvBApa |
MD5: | 36DDA7FDA9AA693064A3E03F9619EABC |
SHA1: | 23385157B7C151A28582043097325BFE9A383A33 |
SHA-256: | DF70D7483EB94C2CB50FB27B838041732154D0EA74A3885199376083D103E9E1 |
SHA-512: | C89708B401E479A983471401E9118B80753E5CAF0B2B70C2D4B492BC0AD6F5BDFF83BD1B0B2592AF12553578535132C81CA944B5932397982EF6F2D8523B60F0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\media-playback-stop-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 195 |
Entropy (8bit): | 4.922475588787923 |
Encrypted: | false |
SSDEEP: | 6:TMVBd/6o8GUYl/n7S3mc4slZRI/YF2tSKlNK+:TMHdPnnl/nu3i/YF2dlj |
MD5: | 51515176E0822E6A950F00D9D9D706C7 |
SHA1: | EAAE28C48278ACD0F21E151D7F0EEF081A0BF1C2 |
SHA-256: | 2E2C14E0596E4025CED6E6AD5E1F4234A5571133D13F21DDBA129EB0E9888D84 |
SHA-512: | 634737D9C8623D7C09A6AC5FD76CA8B2FBB2F1D808DB602F6F86A925F528BC0A0C2C075833881B870C85D34198AE2327A7DAF79256E329C243E9DAC7934C42EA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\media-playlist-repeat.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 393 |
Entropy (8bit): | 7.253224688299237 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPWjkm5nci9pR622u0WcKb36FQAYmzNPr+j3gh75lW4Y9LJkPSGzaujp:6v/7ykGP/R622uJQYmzNc3stULgSGz3 |
MD5: | 159F75D26486E9FEEDA93F57380803D0 |
SHA1: | 9CFCDF5399F93583658FABD4831BE1A77594B05D |
SHA-256: | 5E00C886D17CD45CF0B98961D9B3B8D74724F71FEB5B4B8B257903F991340289 |
SHA-512: | 477FC795A7C786EF4BF52636776A5DE983126F5E85907FB3B17E451E7E76CC3FBEF2F9A585012DDDAC74F43B0D3F0FB24A66D21E330E6725A440FB7DFE68BFA7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\mmapwarm.c
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3303 |
Entropy (8bit): | 5.0267368816625755 |
Encrypted: | false |
SSDEEP: | 96:mJC/HOLCKr1SGSU7RD5y/ArM1dE912magaMz8l4XL:mSOLCeSGS23y/ArwdE912AaMz8mXL |
MD5: | EEF073B3246F0DFEB5DFCA21FC26E751 |
SHA1: | 619609A2D26F70F5FD48B3AA8CFA70D5D3766C33 |
SHA-256: | 8F65C71523910F166045BF312572139EE37E205D004EC7DAD18F9927DDF93242 |
SHA-512: | B2D9531BFF572CC87858E95FEB6AC1BF975014E3100BB5C94D3DCD47F32F17BE4AB1ECF676F0D6B912B26EC71C4482D95805FE3B0D72367F6BA3B2C83DD5D63D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Isdkkede\Charterrejsens\phone-apple-iphone-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 247 |
Entropy (8bit): | 4.812199066635378 |
Encrypted: | false |
SSDEEP: | 6:tI9mc4slzcWER4LtmRRRHczezSms2uP2/v2dz15OfF37G+Kb0/:t4CDqLE8iuaTH2S9A0/ |
MD5: | 012B484EB1808137F586C2FB7AA4BA8B |
SHA1: | 2C806A12C553CF553FBCFEE0A838EF471E0C3C71 |
SHA-256: | 8B7E4A5DFE6BE00896C2DFA8F4B0D8FA518AD6D14863FAED6F78F8A5F3CEE227 |
SHA-512: | 4D34C17973FAEF9765B26AB7029594FBC8841297369A6BEEFBB500D699C0FCA0697EC843351F63E83A6868380117805DC9523E45BB1318D446BD18941DF6BD6A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\preferences-desktop-theme.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 768 |
Entropy (8bit): | 7.659464891968236 |
Encrypted: | false |
SSDEEP: | 12:6v/7Eu8VOALuh4OxDgp/mAH70oNchloqoO2NwGqEtuDCwjhNSZnNDqffLmVkLCn2:W8VOALuhM/m2yhl1oOGFtuFjMNOEkLC2 |
MD5: | 22BCEE5BDAEA3CE17736D209364FA9EB |
SHA1: | E55FBBE241AED99FBBD4C400DCA8F2A4DBA60484 |
SHA-256: | 9ACE40195DF0349BCE92B4C66360AD490F2BD6DD8A20286F329894311E881E58 |
SHA-512: | 20968CEABB5094E350A232FFF9D017C07C1DA986A1371B4561E2CC4BAE5AC631A7FF7EDC53CAB0E9E7E55FF626FF4C4CD071334AECCB306B4B0ED31166A26FDD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\text-x-generic.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 535 |
Entropy (8bit): | 6.729117073271159 |
Encrypted: | false |
SSDEEP: | 12:6v/7X0ZKjCVdCyzM8OYSdMA4jT7MzhgkX9Ba0u9:C0oCHMU5AmT7i29 |
MD5: | FB3685DADAC64A7FF12E32A42A21C63A |
SHA1: | 81C46DFAB337E1AB02130316299A23C561472EE5 |
SHA-256: | 99E5ADC5223AF5CDBB7BC70DA279DC9361AF8D130999F25DF7619AE8AFE546FF |
SHA-512: | 5DD0698358DDDC16E24E5719E893BDB35E2B45AF7096709190B60DA0408AF708FD66D7E0BB7D710A327168281658E6B11E391B53A5C45644A482AE7CB1F2C659 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\user-offline.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 589 |
Entropy (8bit): | 7.569592468279548 |
Encrypted: | false |
SSDEEP: | 12:6v/773gFN49te3X6GMop9P9sbgLVeMCJtgrsjztvVnSPKa0q:auQU7p9P9F8MCXg8tdntq |
MD5: | B284550BD073CA666718742CFB1FEF48 |
SHA1: | D4DB8DB0D76A3CCB04343C6304EB171014180960 |
SHA-256: | 0C53C237C34B3AF57C8D4613A95C32E6E7932D99444FB2B573233C16151B70F6 |
SHA-512: | F26A3D6D80D6983D0E26101ABDC90691D9FE9C24874BB67A0748E9120F7AE6C651F62C2E025A038FB497DA8C1558BF1E2D803BA9FDFAF9B69D82DE5D2F25D657 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\view-wrapped-symbolic.symbolic.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 208 |
Entropy (8bit): | 6.421066289233811 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPl9vt3lAnsrtxBllUxz3kooRKoNUOGIFVHR70DsyLkdFJfQWulhSzW/:6v/lhPysMfZIvHt0DHkTJfylh+fHqp |
MD5: | 05163D4844014A964497BFC51FCF417E |
SHA1: | FFAF4C7AFE0299467846B874992D634FBD4FA437 |
SHA-256: | 3EDEACF6ED0DD60A70B4D7ED1C4505932785F2E008D2FB5F0B53FB71C122676C |
SHA-512: | 43C7E5CBE38B6CA36387A0C11BA07082AB950B086379538101F741A292A18A528E7BE089DAC70A1CE0C78B3D59F85774546D357F3A7B3FF11DFDE43CE4EC939D |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.702939705302498 |
TrID: |
|
File name: | dlawt.exe |
File size: | 282224 |
MD5: | cf313a27bceba36c7fa863ba1e935676 |
SHA1: | 4ff90062880efe58e6e26ded7f166c5786e201db |
SHA256: | d4fba0fc4c7c1335a5b6be72e575a2a9a400a5fd9b0aed69389d4bba8fac7527 |
SHA512: | 2f3608b90bbec011c4b5e659029166c3b8a2c7dccd30f7ca9da00897beef920060c9767e971010997b8edd2a0196e8d7acef8f048be0e1845d29dfc948c81f63 |
SSDEEP: | 6144:ORlWobsEnfENQ+8m9+ubxlL5Y9CwTfFQ9:+X8NQ+8m9+ubxmRW9 |
TLSH: | 6854D003FB8CC85BCD2509301272EA7996B5EEB41EB54B037E5D763EAC7B2428D1A315 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....oZ.................d...*..... |
Icon Hash: | f2e1e1e1e29ce439 |
Entrypoint: | 0x403359 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5A6FED2E [Tue Jan 30 03:57:34 2018 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | b34f154ec913d2d2c435cbd644e91687 |
Signature Valid: | false |
Signature Issuer: | OU="Flyvecertifikats Marantic ", E=Gennemgaar@Ethylamime96.Ch, O=ballelssere, L=Angers, S=Pays de la Loire, C=FR |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 2F2B34B547CC3D81835478C9667E4758 |
Thumbprint SHA-1: | C5566AA56BE27344FAE7A4A69F9E003360E7BF45 |
Thumbprint SHA-256: | E5781D4CFF5055733247474BECD116042294D0C169F0F5470CD1C7467C0C12F4 |
Serial: | 3772290E2FB31093 |
Instruction |
---|
sub esp, 000002D4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+14h], ebx |
mov dword ptr [esp+10h], 0040A2E0h |
mov dword ptr [esp+1Ch], ebx |
call dword ptr [004080A8h] |
call dword ptr [004080A4h] |
and eax, BFFFFFFFh |
cmp ax, 00000006h |
mov dword ptr [0042A20Ch], eax |
je 00007FF7ED143713h |
push ebx |
call 00007FF7ED1469C5h |
cmp eax, ebx |
je 00007FF7ED143709h |
push 00000C00h |
call eax |
mov esi, 004082B0h |
push esi |
call 00007FF7ED14693Fh |
push esi |
call dword ptr [00408150h] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], 00000000h |
jne 00007FF7ED1436ECh |
push 0000000Ah |
call 00007FF7ED146998h |
push 00000008h |
call 00007FF7ED146991h |
push 00000006h |
mov dword ptr [0042A204h], eax |
call 00007FF7ED146985h |
cmp eax, ebx |
je 00007FF7ED143711h |
push 0000001Eh |
call eax |
test eax, eax |
je 00007FF7ED143709h |
or byte ptr [0042A20Fh], 00000040h |
push ebp |
call dword ptr [00408044h] |
push ebx |
call dword ptr [004082A0h] |
mov dword ptr [0042A2D8h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 000002B4h |
push eax |
push ebx |
push 004216A8h |
call dword ptr [00408188h] |
push 0040A2C8h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x84fc | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x59000 | 0x284b8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x43028 | 0x1e48 | .ndata |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x62a5 | 0x6400 | False | 0.658984375 | data | 6.431390019180314 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x138e | 0x1400 | False | 0.4509765625 | data | 5.146454805063938 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x20318 | 0x600 | False | 0.4928385416666667 | data | 3.90464114821524 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x2b000 | 0x2e000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x59000 | 0x284b8 | 0x28600 | False | 0.46781274187306504 | data | 5.678738189394348 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x59388 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States |
RT_ICON | 0x69bb0 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States |
RT_ICON | 0x73058 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | English | United States |
RT_ICON | 0x784e0 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States |
RT_ICON | 0x7c708 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States |
RT_ICON | 0x7ecb0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States |
RT_ICON | 0x7fd58 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States |
RT_ICON | 0x806e0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_DIALOG | 0x80b48 | 0xb8 | data | English | United States |
RT_DIALOG | 0x80c00 | 0x100 | data | English | United States |
RT_DIALOG | 0x80d00 | 0x11c | data | English | United States |
RT_DIALOG | 0x80e20 | 0xc4 | data | English | United States |
RT_DIALOG | 0x80ee8 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x80f48 | 0x76 | data | English | United States |
RT_VERSION | 0x80fc0 | 0x1b4 | data | English | United States |
RT_MANIFEST | 0x81178 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | SetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
USER32.dll | GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW |
ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Target ID: | 0 |
Start time: | 07:23:00 |
Start date: | 28/09/2022 |
Path: | C:\Users\user\Desktop\dlawt.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 282224 bytes |
MD5 hash: | CF313A27BCEBA36C7FA863BA1E935676 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |