Windows Analysis Report
1_[NOM DE BASE]-[PAGE ACTUELLE]REF-9263GN_DOC01-1 CA.jpg

Overview

General Information

Sample Name: 1_[NOM DE BASE]-[PAGE ACTUELLE]REF-9263GN_DOC01-1 CA.jpg
Analysis ID: 753424
MD5: 1323ef9f42f3b9a3faa0b80406c3ae8e
SHA1: 2b41b9f531e1944cca49f2599095251c2bb33d6b
SHA256: b854673b66dc36a8b3c719fde697bb45db3b3c3eae19608d267ad5359631105f

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Queries the volume information (name, serial number etc) of a device
Creates files inside the system directory

Classification

Source: C:\Windows\SysWOW64\mspaint.exe File created: C:\Windows\Debug\WIA Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{926749fa-2615-4987-8845-c33e65f2b957}\InProcServer32 Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: classification engine Classification label: clean1.winJPG@1/0@0/0
Source: C:\Windows\SysWOW64\mspaint.exe File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: 1_[NOM DE BASE]-[PAGE ACTUELLE]REF-9263GN_DOC01-1 CA.jpg Static file information: File size 1049884 > 1048576
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Queries volume information: C:\Users\user\Desktop\1_[NOM DE BASE]-[PAGE ACTUELLE]REF-9263GN_DOC01-1 CA.jpg VolumeInformation Jump to behavior