Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
ReversingLabs: Detection: 17% |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Joe Sandbox ML: detected |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BD5293 FindFirstFileExW, |
0_2_00BD5293 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BD5347 FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_00BD5347 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BCB830 GetKeyboardState, |
0_2_00BCB830 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BCACA0 OpenClipboard,GetClipboardData,GlobalLock,GlobalSize,VkKeyScanW,MapVirtualKeyW,GlobalUnlock,CloseClipboard, |
0_2_00BCACA0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BCAA00 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalReAlloc,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_00BCAA00 |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 464 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BC18D0 |
0_2_00BC18D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BDA9AA |
0_2_00BDA9AA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BC34E0 |
0_2_00BC34E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BCC4C0 |
0_2_00BCC4C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BC8E70 |
0_2_00BC8E70 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: String function: 00BCD900 appears 32 times |
|
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
ReversingLabs: Detection: 17% |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 464 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6116 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Command line argument: --headless |
0_2_00BC18D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Command line argument: --unix |
0_2_00BC18D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Command line argument: --width |
0_2_00BC18D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Command line argument: --height |
0_2_00BC18D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Command line argument: --signal |
0_2_00BC18D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Command line argument: --server |
0_2_00BC18D0 |
Source: C:\Windows\SysWOW64\WerFault.exe |
File created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F7B.tmp |
Jump to behavior |
Source: classification engine |
Classification label: mal52.winEXE@2/4@0/0 |
Source: C:\Windows\SysWOW64\WerFault.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BD5A15 push ecx; ret |
0_2_00BD5A28 |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: section name: .00cfg |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: section name: .voltbl |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
API coverage: 2.0 % |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BD5293 FindFirstFileExW, |
0_2_00BD5293 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BD5347 FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_00BD5347 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BD37DA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00BD37DA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BD009E mov ecx, dword ptr fs:[00000030h] |
0_2_00BD009E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BD418D mov eax, dword ptr fs:[00000030h] |
0_2_00BD418D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BD258B GetProcessHeap, |
0_2_00BD258B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BCD720 SetUnhandledExceptionFilter, |
0_2_00BCD720 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BCDC2D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00BCDC2D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BD37DA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00BD37DA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BCD72C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00BCD72C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BCD945 cpuid |
0_2_00BCD945 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_00BCD5D2 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00BCD5D2 |