Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
ReversingLabs: Detection: 17% |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Joe Sandbox ML: detected |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001B5293 FindFirstFileExW, |
0_2_001B5293 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001B5347 FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_001B5347 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001AB830 GetKeyboardState, |
0_2_001AB830 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001AACA0 OpenClipboard,GetClipboardData,GlobalLock,GlobalSize,VkKeyScanW,MapVirtualKeyW,GlobalUnlock,CloseClipboard, |
0_2_001AACA0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001AAA00 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalReAlloc,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_001AAA00 |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 464 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001A18D0 |
0_2_001A18D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001BA9AA |
0_2_001BA9AA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001AC4C0 |
0_2_001AC4C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001A34E0 |
0_2_001A34E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001A8E70 |
0_2_001A8E70 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: String function: 001AD900 appears 32 times |
|
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
ReversingLabs: Detection: 17% |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 464 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5640 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Command line argument: --headless |
0_2_001A18D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Command line argument: --unix |
0_2_001A18D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Command line argument: --width |
0_2_001A18D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Command line argument: --height |
0_2_001A18D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Command line argument: --signal |
0_2_001A18D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Command line argument: --server |
0_2_001A18D0 |
Source: C:\Windows\SysWOW64\WerFault.exe |
File created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERE76B.tmp |
Jump to behavior |
Source: classification engine |
Classification label: mal52.winEXE@2/4@0/1 |
Source: C:\Windows\SysWOW64\WerFault.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001B5A15 push ecx; ret |
0_2_001B5A28 |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: section name: .00cfg |
Source: SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Static PE information: section name: .voltbl |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
API coverage: 2.2 % |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001B5293 FindFirstFileExW, |
0_2_001B5293 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001B5347 FindFirstFileExW,FindNextFileW,FindClose,FindClose, |
0_2_001B5347 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001AD72C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_001AD72C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001B009E mov ecx, dword ptr fs:[00000030h] |
0_2_001B009E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001B418D mov eax, dword ptr fs:[00000030h] |
0_2_001B418D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001B258B GetProcessHeap, |
0_2_001B258B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001AD720 SetUnhandledExceptionFilter, |
0_2_001AD720 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001ADC2D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_001ADC2D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001AD72C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_001AD72C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001B37DA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_001B37DA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001AD945 cpuid |
0_2_001AD945 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16188.7094.exe |
Code function: 0_2_001AD5D2 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_001AD5D2 |