Source: documentos DHL.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Registry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Legendarian |
Jump to behavior |
Source: documentos DHL.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_004066F3 FindFirstFileW,FindClose, |
0_2_004066F3 |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_00405ABE CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_00405ABE |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_00402862 FindFirstFileW, |
0_2_00402862 |
Source: documentos DHL.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_00405553 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_00405553 |
Source: initial sample |
Static PE information: Filename: documentos DHL.exe |
Source: documentos DHL.exe |
Static file information: Suspicious name |
Source: documentos DHL.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_00403489 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403489 |
Source: C:\Users\user\Desktop\documentos DHL.exe |
File created: C:\Windows\resources\0409 |
Jump to behavior |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_00404D90 |
0_2_00404D90 |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_00406ABA |
0_2_00406ABA |
Source: libpixbufloader-icns.dll.0.dr |
Static PE information: Number of sections : 11 > 10 |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Process Stats: CPU usage > 98% |
Source: C:\Users\user\Desktop\documentos DHL.exe |
File read: C:\Users\user\Desktop\documentos DHL.exe |
Jump to behavior |
Source: documentos DHL.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_00403489 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403489 |
Source: C:\Users\user\Desktop\documentos DHL.exe |
File created: C:\Users\user\Zorillinae |
Jump to behavior |
Source: C:\Users\user\Desktop\documentos DHL.exe |
File created: C:\Users\user\AppData\Local\Temp\nsb9999.tmp |
Jump to behavior |
Source: C:\Users\user\Desktop\documentos DHL.exe |
File written: C:\Windows\Resources\0409\Transcriptive.ini |
Jump to behavior |
Source: classification engine |
Classification label: mal60.troj.evad.winEXE@1/5@0/0 |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_004020FE CoCreateInstance, |
0_2_004020FE |
Source: C:\Users\user\Desktop\documentos DHL.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_00404814 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, |
0_2_00404814 |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Registry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Legendarian |
Jump to behavior |
Source: documentos DHL.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: Yara match |
File source: 00000000.00000002.772378244.0000000003110000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_10002DE0 push eax; ret |
0_2_10002E0E |
Source: libpixbufloader-icns.dll.0.dr |
Static PE information: section name: .xdata |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, |
0_2_10001B18 |
Source: C:\Users\user\Desktop\documentos DHL.exe |
File created: C:\Users\user\AppData\Local\Temp\nsrCE63.tmp\System.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\documentos DHL.exe |
File created: C:\Users\user\Zorillinae\Skaalpundet\Inkbslistes\Tset\Demodulationen\Iagttagerposition\libpixbufloader-icns.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\documentos DHL.exe |
RDTSC instruction interceptor: First address: 00000000031136FD second address: 00000000031136FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBAD0C3B4E6h 0x00000004 test dl, dl 0x00000006 cmp ebx, ecx 0x00000008 jc 00007FBAD0C3B412h 0x0000000a inc ebp 0x0000000b inc ebx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Dropped PE file which has not been started: C:\Users\user\Zorillinae\Skaalpundet\Inkbslistes\Tset\Demodulationen\Iagttagerposition\libpixbufloader-icns.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_004066F3 FindFirstFileW,FindClose, |
0_2_004066F3 |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_00405ABE CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_00405ABE |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_00402862 FindFirstFileW, |
0_2_00402862 |
Source: C:\Users\user\Desktop\documentos DHL.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\documentos DHL.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, |
0_2_10001B18 |
Source: C:\Users\user\Desktop\documentos DHL.exe |
Code function: 0_2_00403489 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403489 |