Windows
Analysis Report
Lakeringernes (1).exe
Overview
General Information
Detection
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Lakeringernes (1).exe (PID: 3052 cmdline:
C:\Users\u ser\Deskto p\Lakering ernes (1). exe MD5: D70DE507CC0D22E43EBCF8B61A273EA5)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_3 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Source: | Registry value created: | Jump to behavior |
Source: | Static PE information: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: |
Source: | Static PE information: |
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: |
Source: | Process Stats: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: |
Source: | Key value queried: |
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | File written: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: |
Source: | File read: | Jump to behavior |
Source: | Code function: |
Source: | Registry value created: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Code function: |
Source: | Code function: |
Source: | File created: | Jump to dropped file |
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | RDTSC instruction interceptor: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | API call chain: | ||
Source: | API call chain: |
Source: | Code function: |
Source: | Code function: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | 1 Windows Service | 1 Access Token Manipulation | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Windows Service | 1 Access Token Manipulation | LSASS Memory | 3 File and Directory Discovery | Remote Desktop Protocol | 1 Clipboard Data | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | 13 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
77% | ReversingLabs | Win32.Trojan.NSISInject | ||
35% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1223491 | Download File | ||
100% | Avira | HEUR/AGEN.1223491 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 755081 |
Start date and time: | 2022-11-28 10:08:54 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | Lakeringernes (1).exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal68.troj.evad.winEXE@1/5@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
- Not all processes where analyzed, report is missing behavior information
C:\Users\user\AppData\Local\Temp\Distressingly\Bloods\Ultraevangelical\Graviton\Kvle\Materialiseringerne\Antenneanlgget\Custom3.ini
Download File
Process: | C:\Users\user\Desktop\Lakeringernes (1).exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5487 |
Entropy (8bit): | 4.3524133300305206 |
Encrypted: | false |
SSDEEP: | 96:hJDu0BoU1s8G9LfGOOOOOOjOOOOOOEOOOOOOBOOOOOONsOOOOOO/OOOOOOAOOOOW:mCs8GVfGOOOOOOjOOOOOOEOOOOOOBOO4 |
MD5: | 9D3C4AEBBDBCB28530EF93081611A33E |
SHA1: | 867F6A5B16638E1BFC012DFF7E63E45ADD44342E |
SHA-256: | 24EC6D9A80EF077A81018001F16E7D7EFE6DEB82B7BD120C8C5227BA65C63F07 |
SHA-512: | 4E5E2ADAE00F160EBDB322B12C33582F8397B909841E76FA634D10C3BCAF90C822DA8F9F494A29FA0EA4B558B6D44BAAEBAF737156B6E38359FB5CFC36874D2E |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Temp\Distressingly\Bloods\Ultraevangelical\Graviton\Kvle\Materialiseringerne\Antenneanlgget\Invirility.Hus
Download File
Process: | C:\Users\user\Desktop\Lakeringernes (1).exe |
File Type: | |
Category: | dropped |
Size (bytes): | 110043 |
Entropy (8bit): | 7.997895223683267 |
Encrypted: | true |
SSDEEP: | 3072:A9H6LIx1K3dZjbPe8NDqL+++gZWYS0gSMr+ZuFYPPBDz:+H6e1OLNp0Wl0gSMr+ZMYPPBDz |
MD5: | 33CB34530F93B055803F1BD957ACD90F |
SHA1: | 9E446878DBEAF553AF1E693FB2B36CE2873A0E84 |
SHA-256: | 4C6EAAB6B75A3267FB6FD26D1FF02C92C34391A32038CDCE80A09405E9EFFCBC |
SHA-512: | D752959DB8F53A2EB3E5B34D9D4268ADA64E62F9ACA892EE95590367F6C3587E39CE32EDB5A6299E1638DAA56053985A3383B4D433F65DE3A4B9CBB4B6CDE366 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Temp\Distressingly\Bloods\Ultraevangelical\histopathologist.Clo
Download File
Process: | C:\Users\user\Desktop\Lakeringernes (1).exe |
File Type: | |
Category: | dropped |
Size (bytes): | 182295 |
Entropy (8bit): | 6.675652521201867 |
Encrypted: | false |
SSDEEP: | 3072:H6TfK+T+1UeMXjFAPxIcDKYwgBN0lpwLO/KC:Oq1UeMXjFmCcDn9BNEERC |
MD5: | 70CA049DF0F109C19B8BA62DD648358B |
SHA1: | 2436AA216FC507585EAB85740593775C506C5BB0 |
SHA-256: | 8CF9DF942C53ECCF4B4F993A86D0C2B33231533B0D78261561C1C0614BCFCFBF |
SHA-512: | 85C98BD0C0078D6E876ED1B314E82C141CCC87A17B52F4E79521008D70C435CDCC9B1400120BC675556F97F336689C0761893534F9C4BC6FE94A00F261199791 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\Lakeringernes (1).exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40 |
Entropy (8bit): | 4.131687083026442 |
Encrypted: | false |
SSDEEP: | 3:pDQo7JKU2QYEJry:FQov1YEw |
MD5: | 09EFF7D465578AB16342D01B9115172C |
SHA1: | 13311B4DEBC749082CFB1A65DA02759642A9C1D7 |
SHA-256: | 1B5F1F40B8BA4A1F6C314D8C2E1F16D138A70C0D96A3010CF4EC4D44110A443F |
SHA-512: | 62F99CCB5C6E936A61279DCA2AECB61D6B1B7E3E7E750B0D4C38F10BFE3EE0CE02BC58FA2B87C6784BF60BE0A700BBF179FD8905781E6B0007DE64B8B391685F |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\Lakeringernes (1).exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11264 |
Entropy (8bit): | 5.770803561213006 |
Encrypted: | false |
SSDEEP: | 192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn |
MD5: | 2AE993A2FFEC0C137EB51C8832691BCB |
SHA1: | 98E0B37B7C14890F8A599F35678AF5E9435906E1 |
SHA-256: | 681382F3134DE5C6272A49DD13651C8C201B89C247B471191496E7335702FA59 |
SHA-512: | 2501371EB09C01746119305BA080F3B8C41E64535FF09CEE4F51322530366D0BD5322EA5290A466356598027E6CDA8AB360CAEF62DCAF560D630742E2DD9BCD9 |
Malicious: | false |
Antivirus: |
|
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.911285564125606 |
TrID: |
|
File name: | Lakeringernes (1).exe |
File size: | 271824 |
MD5: | d70de507cc0d22e43ebcf8b61a273ea5 |
SHA1: | 9818fba05573d67b834c90a3208faddea3446545 |
SHA256: | 4dbcd711f2263775f0a1083e0541a07247736ba2fdaabf000654756f8c3dae67 |
SHA512: | 7931df17ea6f9e0fb53b8158fd6f6fbdfcee2cd1aea8252815e0575e0ae993935e60ba6007635d380cb88ea80bbf6b3fb70e2846fc24a04499e84746eb9ee1a0 |
SSDEEP: | 6144:9C2z47aQORdv5crEH4N6KOIH6e1OLNp0Wl0gSMr+ZMYPPBDqN:V47AvKEH4LOI1QlMMcMmM |
TLSH: | 2944130261E540BBEB811431597BDF75F7BED604541EDA0BB7202FAB3D217928B092AF |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L....c.W.................^......... |
Icon Hash: | f89ab6b68aa686ec |
Entrypoint: | 0x4030d9 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5795638D [Mon Jul 25 00:55:41 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | b78ecf47c0a3e24a6f4af114e2d1f5de |
Signature Valid: | false |
Signature Issuer: | OU="Sinicising Mohel Cop ", E=Trolovelse@Baadeplads.Dro, O=Idealets, L=Le Lauzet-Ubaye, S=Provence-Alpes-C\xf4te d'Azur, C=FR |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 32EBC12D71851D6198230D6A1E168F70 |
Thumbprint SHA-1: | 5EB24F3DE7AD72BFA75BD170B307BC244FCC6E7C |
Thumbprint SHA-256: | 53B3B15BAA3306845DB3E5F5C435F70EC5CF893D1AEDBFC8424271734971B2CE |
Serial: | 52A9116BDA7A62BC |
Instruction |
---|
sub esp, 00000184h |
push ebx |
push esi |
push edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 00409198h |
mov dword ptr [esp+20h], ebx |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [004070A8h] |
call dword ptr [004070A4h] |
cmp ax, 00000006h |
je 00007FE784A6DC03h |
push ebx |
call 00007FE784A70B71h |
cmp eax, ebx |
je 00007FE784A6DBF9h |
push 00000C00h |
call eax |
mov esi, 00407298h |
push esi |
call 00007FE784A70AEDh |
push esi |
call dword ptr [004070A0h] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], bl |
jne 00007FE784A6DBDDh |
push ebp |
push 00000009h |
call 00007FE784A70B44h |
push 00000007h |
call 00007FE784A70B3Dh |
mov dword ptr [00423704h], eax |
call dword ptr [00407044h] |
push ebx |
call dword ptr [00407288h] |
mov dword ptr [004237B8h], eax |
push ebx |
lea eax, dword ptr [esp+38h] |
push 00000160h |
push eax |
push ebx |
push 0041ECC8h |
call dword ptr [00407174h] |
push 00409188h |
push 00422F00h |
call 00007FE784A70767h |
call dword ptr [0040709Ch] |
mov ebp, 00429000h |
push eax |
push ebp |
call 00007FE784A70755h |
push ebx |
call dword ptr [00407154h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7428 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3b000 | 0x16a8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x40698 | 0x1f38 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x298 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5c5b | 0x5e00 | False | 0.6603640292553191 | data | 6.411456379497882 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x1246 | 0x1400 | False | 0.42734375 | data | 5.005029341587408 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x1a7f8 | 0x400 | False | 0.6376953125 | data | 5.108396988130901 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x24000 | 0x17000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x3b000 | 0x16a8 | 0x1800 | False | 0.3681640625 | data | 4.643642871246492 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_BITMAP | 0x3b238 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States |
RT_ICON | 0x3b5a0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152, 256 important colors | English | United States |
RT_DIALOG | 0x3be48 | 0x144 | data | English | United States |
RT_DIALOG | 0x3bf90 | 0x13c | data | English | United States |
RT_DIALOG | 0x3c0d0 | 0x100 | data | English | United States |
RT_DIALOG | 0x3c1d0 | 0x11c | data | English | United States |
RT_DIALOG | 0x3c2f0 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x3c350 | 0x14 | data | English | United States |
RT_MANIFEST | 0x3c368 | 0x33d | XML 1.0 document, ASCII text, with very long lines (829), with no line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | SetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc |
USER32.dll | ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA |
ADVAPI32.dll | RegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA |
COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Target ID: | 0 |
Start time: | 10:09:49 |
Start date: | 28/11/2022 |
Path: | C:\Users\user\Desktop\Lakeringernes (1).exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 271824 bytes |
MD5 hash: | D70DE507CC0D22E43EBCF8B61A273EA5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |