Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pK6oGXjugD.exe

Overview

General Information

Sample Name:pK6oGXjugD.exe
Analysis ID:752683
MD5:0a68b271537063af4fa3c46895389b6d
SHA1:ff106ad1e92511cae026f3d1f772dc8c04d694a2
SHA256:fa3b15251b20a7b8bba32fdd02993989d28c7a4deecf1b2992e558355bc14584
Tags:exe
Infos:

Detection

Score:7
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Uses 32bit PE files
Drops files with a non-matching file extension (content does not match file extension)
Drops PE files
Tries to load missing DLLs
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Uses code obfuscation techniques (call, push, ret)
File is packed with WinRar
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to communicate with device drivers
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample searches for specific file, try point organization specific fake files to the analysis machine
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
  • System is w10x64
  • pK6oGXjugD.exe (PID: 4104 cmdline: C:\Users\user\Desktop\pK6oGXjugD.exe MD5: 0A68B271537063AF4FA3C46895389B6D)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: pK6oGXjugD.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: pK6oGXjugD.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: pK6oGXjugD.exe
Source: Binary string: vulkan-1.dll.pdb source: vulkan-1.dll.0.dr
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; source: configure.0.dr
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; source: configure.0.dr
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) source: configure.0.dr
Source: Binary string: vulkan-1.dll.pdb@ source: vulkan-1.dll.0.dr
Source: Binary string: C:\projects\node-ffi-napi\build\Release\ffi_bindings.pdb source: node.napi.uv1.node1.0.dr
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A69C91 FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00A69C91
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A7994E SendDlgItemMessageW,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00A7994E
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A87561 FindFirstFileExA,0_2_00A87561
Source: C:\Users\user\Desktop\pK6oGXjugD.exeFile opened: C:\Program Files (x86)\????????\resources\app\node_modules\electron-updater\out\differentialDownloader\DifferentialDownloader.jsJump to behavior
Source: C:\Users\user\Desktop\pK6oGXjugD.exeFile opened: C:\Program Files (x86)\????????\resources\app\node_modules\electron-updater\out\differentialDownloader\DataSplitter.jsJump to behavior
Source: C:\Users\user\Desktop\pK6oGXjugD.exeFile opened: C:\Program Files (x86)\????????\resources\app\node_modules\electron-updater\out\differentialDownloader\DifferentialDownloader.js.mapJump to behavior
Source: C:\Users\user\Desktop\pK6oGXjugD.exeFile opened: C:\Program Files (x86)\????????\resources\app\node_modules\electron-updater\out\differentialDownloaderJump to behavior
Source: C:\Users\user\Desktop\pK6oGXjugD.exeFile opened: C:\Program Files (x86)\????????\resources\app\node_modules\electron-updater\out\differentialDownloader\DataSplitter.js.mapJump to behavior
Source: C:\Users\user\Desktop\pK6oGXjugD.exeFile opened: C:\Program Files (x86)\????????\resources\app\node_modules\electron-updater\out\BaseUpdater.js.mapJump to behavior
Source: MacUpdater.js.0.drString found in binary or memory: http://127.0.0.1:$
Source: .editorconfig0.0.dr, .editorconfig1.0.dr, .editorconfig2.0.drString found in binary or memory: http://EditorConfig.org
Source: package.json24.0.drString found in binary or memory: http://allyoucanleet.com/
Source: configure.0.drString found in binary or memory: http://austingroupbugs.net/view.php?id=542
Source: clear.js.0.drString found in binary or memory: http://closure-library.googlecode.com/svn/docs/
Source: dlmalloc.c.0.drString found in binary or memory: http://creativecommons.org/licenses/publicdomain.
Source: ltmain.sh.0.drString found in binary or memory: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452
Source: compact.js.0.drString found in binary or memory: http://documentcloud.github.com/underscore/#compact
Source: index.js64.0.drString found in binary or memory: http://ecma-international.org/ecma-262/6.0/#sec-object.prototype.tostring)
Source: index.js64.0.drString found in binary or memory: http://ecma-international.org/ecma-262/6.0/#sec-patterns).
Source: da.pak.0.drString found in binary or memory: http://eksempel.dk
Source: dbcs-data.js.0.drString found in binary or memory: http://encoding.spec.whatwg.org/#big5-encoder
Source: ltmain.sh.0.drString found in binary or memory: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788
Source: ffi.h0.0.dr, ffi.h.0.drString found in binary or memory: http://gcc.gnu.org/ml/java/1999-q3/msg00138.html
Source: ffi.h0.0.dr, ffi.h.0.drString found in binary or memory: http://gcc.gnu.org/ml/java/1999-q3/msg00174.html
Source: dlmalloc.c.0.drString found in binary or memory: http://gee.cs.oswego.edu/dl/html/malloc.html
Source: README.md.0.drString found in binary or memory: http://github.com/libffi/libffi.
Source: configure.0.drString found in binary or memory: http://github.com/libffi/libffi/issues
Source: package.json3.0.drString found in binary or memory: http://github.com/node-ffi-napi/node-ffi-napi
Source: dlmalloc.c.0.drString found in binary or memory: http://hackersdelight.org/).
Source: LICENSE11.0.drString found in binary or memory: http://hdl.handle.net/1895.22/1013
Source: dbcs-data.js.0.drString found in binary or memory: http://icu-project.org/docs/papers/gb18030.html
Source: shim.js7.0.drString found in binary or memory: http://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: string.js.0.drString found in binary or memory: http://mathiasbynens.be/notes/javascript-unicode#iterating-over-symbols
Source: dbcs-data.js.0.drString found in binary or memory: http://me.abelcheung.org/articles/research/what-is-cp951/
Source: dbcs-data.js.0.drString found in binary or memory: http://moztw.org/docs/big5/
Source: shim.js13.0.drString found in binary or memory: http://norbertlindenberg.com/2012/05/ecmascript-supplementary-characters/
Source: dbcs-data.js.0.drString found in binary or memory: http://source.icu-project.org/repos/icu/data/trunk/charset/data/xml/gb-18030-2000.xml
Source: README.md.0.drString found in binary or memory: http://sourceware.org/libffi/
Source: index.js57.0.drString found in binary or memory: http://stackoverflow.com/a/6155063/376773
Source: js-yaml.mjs.0.dr, exception.js.0.drString found in binary or memory: http://stackoverflow.com/questions/8458984
Source: index.js64.0.drString found in binary or memory: http://underscorejs.org/LICENSE
Source: is.js.0.drString found in binary or memory: http://wiki.ecmascript.org/doku.php?id=harmony:egal
Source: shim.js11.0.drString found in binary or memory: http://www.2ality.com/2014/01/efficient-string-repeat.html
Source: LICENSE11.0.drString found in binary or memory: http://www.cnri.reston.va.us)
Source: texinfo.tex.0.drString found in binary or memory: http://www.ctan.org/tex-archive/fonts/eurosym.
Source: LICENSE11.0.drString found in binary or memory: http://www.cwi.nl)
Source: ltmain.sh.0.drString found in binary or memory: http://www.gnu.org/gethelp/
Source: ltmain.sh.0.dr, bhaible.exp.0.dr, libtool.m4.0.drString found in binary or memory: http://www.gnu.org/licenses/
Source: ltmain.sh.0.drString found in binary or memory: http://www.gnu.org/software/libtool/
Source: dbcs-data.js.0.drString found in binary or memory: http://www.haible.de/bruno/charsets/conversion-tables/Big5.html
Source: dbcs-data.js.0.drString found in binary or memory: http://www.khngai.com/chinese/charmap/tblgbk.php?page=0
Source: dlmalloc.c.0.drString found in binary or memory: http://www.malloc.de).
Source: package.json10.0.dr, package.json25.0.drString found in binary or memory: http://www.medikoo.com/)
Source: texinfo.tex.0.drString found in binary or memory: http://www.ntg.nl/pipermail/ntg-pdftex/2004-July/000654.html
Source: dbcs-data.js.0.drString found in binary or memory: http://www.ogcio.gov.hk/en/business/tech_promotion/ccli/terms/doc/2003cmp_2008.txt
Source: dbcs-data.js.0.drString found in binary or memory: http://www.ogcio.gov.hk/tc/business/tech_promotion/ccli/terms/doc/hkscs-2008-big5-iso.txt
Source: LICENSE11.0.drString found in binary or memory: http://www.opensource.org
Source: LICENSE11.0.drString found in binary or memory: http://www.pythonlabs.com/logos.html
Source: dbcs-data.js.0.drString found in binary or memory: http://www.unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/OTHER/BIG5.TXT)
Source: dbcs-data.js.0.drString found in binary or memory: http://www.unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP950.TXT
Source: dlmalloc.c.0.drString found in binary or memory: http://www.unix.org).
Source: dlmalloc.c.0.drString found in binary or memory: http://www.usenix.org/events/lisa03/tech/robertson.html
Source: js-yaml.mjs.0.drString found in binary or memory: http://www.yaml.org/spec/1.2/spec.html#id2799784
Source: dbcs-data.js.0.drString found in binary or memory: http://www8.plala.or.jp/tkubota1/unicode-symbols-map2.html
Source: default.js.0.drString found in binary or memory: http://yaml.org/type/)
Source: sr.pak.0.dr, ko.pak.0.drString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/entry?template=Safety
Source: dbcs-data.js.0.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=162431
Source: dbcs-data.js.0.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=310299
Source: dbcs-data.js.0.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=912470#c31
Source: README.md.0.drString found in binary or memory: https://ci.appveyor.com/api/projects/status/8lko9vagbx4w2kxq?svg=true)
Source: README.md.0.drString found in binary or memory: https://ci.appveyor.com/project/atgreen/libffi)
Source: texinfo.tex.0.drString found in binary or memory: https://ctan.org/texarchive/macros/texinfo/texinfo/doc/epsf.tex.
Source: includes.md.0.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/includes)
Source: BintrayProvider.js.0.drString found in binary or memory: https://dl.bintray.com/$
Source: da.pak.0.drString found in binary or memory: https://eksempel.dk.Brug
Source: dbcs-data.js.0.drString found in binary or memory: https://encoding.spec.whatwg.org/#index-big5-pointer)
Source: dbcs-data.js.0.drString found in binary or memory: https://encoding.spec.whatwg.org/#index-big5-pointer:
Source: texinfo.tex.0.drString found in binary or memory: https://ftp.gnu.org/gnu/texinfo
Source: texinfo.tex.0.drString found in binary or memory: https://ftp.gnu.org/gnu/texinfo/
Source: texinfo.tex.0.drString found in binary or memory: https://ftpmirror.gnu.org/texinfo/
Source: node.js0.0.drString found in binary or memory: https://git.io/debug_fd)
Source: index.js62.0.drString found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Javascript-source-file-encodings
Source: index.js62.0.drString found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Use-Buffers-when-decoding
Source: http.js0.0.drString found in binary or memory: https://github.com/axios/axios/issues/69
Source: package.json11.0.dr, package.json0.0.drString found in binary or memory: https://github.com/electron-userland/electron-builder
Source: package.json0.0.drString found in binary or memory: https://github.com/electron-userland/electron-builder).
Source: package.json11.0.dr, package.json0.0.drString found in binary or memory: https://github.com/electron-userland/electron-builder.git
Source: AppUpdater.js.0.drString found in binary or memory: https://github.com/electron-userland/electron-builder/issues/1105
Source: AppUpdater.js.0.drString found in binary or memory: https://github.com/electron-userland/electron-builder/issues/1150#issuecomment-436891159
Source: AppImageUpdater.js.0.drString found in binary or memory: https://github.com/electron-userland/electron-builder/issues/2964
Source: AppUpdater.js.0.drString found in binary or memory: https://github.com/electron-userland/electron-builder/issues/3021
Source: AppUpdater.js.0.drString found in binary or memory: https://github.com/electron-userland/electron-builder/pull/3111#issuecomment-405030797
Source: AppUpdater.js.0.drString found in binary or memory: https://github.com/electron-userland/electron-builder/pull/3111#issuecomment-405033227
Source: MacUpdater.js.0.drString found in binary or memory: https://github.com/electron-userland/electron-builder/pull/5524
Source: electronHttpExecutor.js.0.drString found in binary or memory: https://github.com/electron/electron/issues/11505
Source: AppAdapter.js.0.drString found in binary or memory: https://github.com/electron/electron/issues/1404#issuecomment-194391247
Source: package.json8.0.drString found in binary or memory: https://github.com/isaacs/node-graceful-fs#readme
Source: package.json8.0.drString found in binary or memory: https://github.com/isaacs/node-graceful-fs.git
Source: polyfills.js.0.drString found in binary or memory: https://github.com/isaacs/node-graceful-fs/issues/4
Source: node.js0.0.drString found in binary or memory: https://github.com/joyent/node/issues/1726
Source: copy.js.0.drString found in binary or memory: https://github.com/jprichardson/node-fs-extra/issues/269
Source: package.json24.0.drString found in binary or memory: https://github.com/lodash/lodash.git
Source: package.json12.0.drString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: shim.js13.0.drString found in binary or memory: https://github.com/mathiasbynens/String.fromCodePoint/blob/master
Source: shim.js7.0.drString found in binary or memory: https://github.com/mathiasbynens/String.prototype.codePointAt
Source: shim.js11.0.drString found in binary or memory: https://github.com/mathiasbynens/String.prototype.repeat/blob/4a4b567def/repeat.js
Source: AppUpdater.js.0.drString found in binary or memory: https://github.com/megahertz/electron-log)
Source: package.json7.0.drString found in binary or memory: https://github.com/node-ffi-napi/get-symbol-from-current-process-h#readme
Source: js-yaml.mjs.0.drString found in binary or memory: https://github.com/nodeca/js-yaml
Source: package.json2.0.drString found in binary or memory: https://github.com/nodejs/node-addon-api
Source: index.js16.0.drString found in binary or memory: https://github.com/nodejs/node/blob/master/lib/internal/url.js
Source: index.js16.0.drString found in binary or memory: https://github.com/nodejs/node/issues/22066
Source: package.json1.0.drString found in binary or memory: https://github.com/npm/node-semver#readme
Source: package.json1.0.drString found in binary or memory: https://github.com/npm/node-semver.git
Source: shim.js19.0.drString found in binary or memory: https://github.com/paulmillr/es6-shim/
Source: argparse.js.0.drString found in binary or memory: https://github.com/python/cpython/blob/v3.9.0rc1/Lib/argparse.py
Source: global-this.md.0.drString found in binary or memory: https://github.com/tc39/proposal-global)
Source: missing.0.drString found in binary or memory: https://github.com/westes/flex
Source: AppUpdater.js.0.drString found in binary or memory: https://github.com/winstonjs/winston)
Source: package.json21.0.drString found in binary or memory: https://github.com/zeit/ms#readme
Source: package.json21.0.drString found in binary or memory: https://github.com/zeit/ms.git
Source: dependabot.yml.0.drString found in binary or memory: https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updat
Source: index.js64.0.drString found in binary or memory: https://jquery.org/
Source: configure.0.drString found in binary or memory: https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html
Source: configure.0.drString found in binary or memory: https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html
Source: texinfo.tex.0.drString found in binary or memory: https://lists.gnu.org/archive/html/bug-texinfo/2019-08/msg00031.html
Source: index.js64.0.dr, package.json24.0.drString found in binary or memory: https://lodash.com/
Source: index.js64.0.drString found in binary or memory: https://lodash.com/)
Source: package.json24.0.drString found in binary or memory: https://lodash.com/icon.svg
Source: index.js64.0.drString found in binary or memory: https://lodash.com/license
Source: js-yaml.mjs.0.drString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: copy.js.0.drString found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: AppImageUpdater.js.0.drString found in binary or memory: https://stackoverflow.com/a/1712051/1910191
Source: ro.pak.0.dr, da.pak.0.dr, nb.pak.0.dr, fa.pak.0.dr, hr.pak.0.dr, hu.pak.0.dr, pt-BR.pak.0.dr, sk.pak.0.dr, bn.pak.0.dr, pt-PT.pak.0.dr, fil.pak.0.dr, ca.pak.0.dr, de.pak.0.dr, pl.pak.0.dr, en-GB.pak.0.dr, sr.pak.0.dr, ko.pak.0.drString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: es.pak.0.drString found in binary or memory: https://support.google.com/chrome/answer/6098869?hl=es
Source: README.md.0.drString found in binary or memory: https://travis-ci.org/libffi/libffi)
Source: README.md.0.drString found in binary or memory: https://travis-ci.org/libffi/libffi.svg?branch=master)
Source: code-of-conduct.md.0.drString found in binary or memory: https://www.contributor-covenant.org
Source: code-of-conduct.md.0.drString found in binary or memory: https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
Source: ax_gcc_x86_cpuid.m4.0.dr, ax_compiler_vendor.m4.0.dr, ax_enable_builddir.m4.0.dr, missing.0.dr, texinfo.tex.0.dr, alignof.h.0.dr, ax_cc_maxopt.m4.0.drString found in binary or memory: https://www.gnu.org/licenses/
Source: missing.0.drString found in binary or memory: https://www.gnu.org/software
Source: ax_cc_maxopt.m4.0.drString found in binary or memory: https://www.gnu.org/software/autoconf-archive/ax_cc_maxopt.html
Source: ax_compiler_vendor.m4.0.drString found in binary or memory: https://www.gnu.org/software/autoconf-archive/ax_compiler_vendor.html
Source: ax_enable_builddir.m4.0.drString found in binary or memory: https://www.gnu.org/software/autoconf-archive/ax_enable_builddir.html
Source: ax_gcc_x86_cpuid.m4.0.drString found in binary or memory: https://www.gnu.org/software/autoconf-archive/ax_gcc_x86_cpuid.html
Source: ax_require_defined.m4.0.drString found in binary or memory: https://www.gnu.org/software/autoconf-archive/ax_require_defined.html
Source: configure.0.drString found in binary or memory: https://www.gnu.org/software/coreutils/
Source: texinfo.tex.0.drString found in binary or memory: https://www.gnu.org/software/texinfo.
Source: texinfo.tex.0.drString found in binary or memory: https://www.gnu.org/software/texinfo/
Source: missing.0.drString found in binary or memory: https://www.perl.org/
Source: LICENSE11.0.drString found in binary or memory: https://www.python.org/psf/)
Source: pK6oGXjugD.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\pK6oGXjugD.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\Desktop\pK6oGXjugD.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\Desktop\pK6oGXjugD.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\Desktop\pK6oGXjugD.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\Desktop\pK6oGXjugD.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
Source: C:\Users\user\Desktop\pK6oGXjugD.exeSection loaded: dxgidebug.dllJump to behavior
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A67E200_2_00A67E20
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A6263E0_2_00A6263E
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A630870_2_00A63087
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A7E88E0_2_00A7E88E
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A7E0240_2_00A7E024
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A8E0640_2_00A8E064
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A750710_2_00A75071
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A6D1BC0_2_00A6D1BC
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A821680_2_00A82168
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A75AA10_2_00A75AA1
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A6E2E10_2_00A6E2E1
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A89ADE0_2_00A89ADE
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A722070_2_00A72207
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A754900_2_00A75490
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A6B4F70_2_00A6B4F7
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A6DC240_2_00A6DC24
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A7DC0C0_2_00A7DC0C
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A7246B0_2_00A7246B
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A65C440_2_00A65C44
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A7E4590_2_00A7E459
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A63D4C0_2_00A63D4C
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A706C50_2_00A706C5
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A896300_2_00A89630
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A746580_2_00A74658
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A6D7BA0_2_00A6D7BA
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A727950_2_00A72795
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A7D7100_2_00A7D710
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: String function: 00A7CB60 appears 31 times
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: String function: 00A7C240 appears 52 times
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: String function: 00A7C16C appears 34 times
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCode function: 0_2_00A66BC9: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00A66BC9
Source: C:\Users\user\Desktop\pK6oGXjugD.exeFile read: C:\Users\user\Desktop\pK6oGXjugD.exeJump to behavior
Source: pK6oGXjugD.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\pK6oGXjugD.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\pK6oGXjugD.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\pK6oGXjugD.exeFile created: C:\Program Files (x86)\????????Jump to behavior
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCommand line argument: sfxname0_2_00A7B52F
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCommand line argument: sfxstime0_2_00A7B52F
Source: C:\Users\user\Desktop\pK6oGXjugD.exeCommand line argument: STARTDLG0_2_00A7B52F
Source: README.md.0.drBinary or memory string: aarch64/Ffi_staticLib.sln
Source: pK6oGXjugD.exeString found in binary or memory: resources\app\node_modules\ffi-napi\node_modules\node-addon-api\common.gypi
Source: pK6oGXjugD.exeString found in binary or memory: 3K resources\app\node_modules\ffi-napi\node_modules\node-addon-api\common.gypi
Source: pK6oGXjugD.exeString found in binary or memory: resources\app\node_modules\ffi-napi\node_modules\node-addon-api\except.gypiUP
Source: pK6oGXjugD.exeString found in binary or memory: 3K resources\app\node_modules\ffi-napi\node_modules\node-addon-api\except.gypiUP
Source: pK6oGXjugD.exeString found in binary or memory: resources\app\node_modules\ffi-napi\node_modules\node-addon-api\index.js
Source: pK6oGXjugD.exeString found in binary or memory: 3H resources\app\node_modules\ffi-napi\node_modules\node-addon-api\index.js
Source: pK6oGXjugD.exeString found in binary or memory: resources\app\node_modules\ffi-napi\node_modules\node-addon-api\LICENSE.md
Source: pK6oGXjugD.exeString found in binary or memory: 3J resources\app\node_modules\ffi-napi\node_modules\node-addon-api\LICENSE.md
Source: pK6oGXjugD.exeString found in binary or memory: resources\app\node_modules\ffi-napi\node_modules\node-addon-api\napi-inl.deprecated.h
Source: pK6oGXjugD.exeString found in binary or memory: 3U resources\app\node_modules\ffi-napi\node_modules\node-addon-api\napi-inl.deprecated.h
Source: pK6oGXjugD.exeString found in binary or memory: resources\app\node_modules\ffi-napi\node_modules\node-addon-api\napi-inl.h
Source: pK6oGXjugD.exeString found in binary or memory: 3J resources\app\node_modules\ffi-napi\node_modules\node-addon-api\napi-inl.h
Source: pK6oGXjugD.exeString found in binary or memory: resources\app\node_modules\ffi-napi\node_modules\node-addon-api\napi.h
Source: pK6oGXjugD.exeString found in binary or memory: 3F resources\app\node_modules\ffi-napi\node_modules\node-addon-api\napi.h
Source: pK6oGXjugD.exeString found in binary or memory: resources\app\node_modules\ffi-napi\node_modules\node-addon-api\node_api.gyp
Source: pK6oGXjugD.exeString found in binary or memory: 3L resources\app\node_modules\ffi-napi\node_modules\node-addon-api\node_api.gyp
Source: pK6oGXjugD.exeString found in binary or memory: resources\app\node_modules\ffi-napi\node_modules\node-addon-api\noexcept.gypi
Source: pK6oGXjugD.exeString found in binary or memory: 3M resources\app\node_modules\ffi-napi\node_modules\node-addon-api\noexcept.gypi
Source: pK6oGXjugD.exeString found in binary or memory: resources\app\node_modules\ffi-napi\node_modules\node-addon-api\nothing.c
Source: pK6oGXjugD.exe