Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
String found in binary or memory: http://www.indyproject.org/ |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
String found in binary or memory: http://www.lmd.de |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe, 00000000.00000002.600992012.0000000015EF7000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: GetRawInputData |
|
Source: Yara match |
File source: Process Memory Space: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe PID: 3332, type: MEMORYSTR |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe, 00000000.00000000.326320767.0000000000401000.00000020.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFileName vs ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe, 00000000.00000000.327858639.0000000014089000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameFilling Golosck TFT 0x547f87790701\ vs ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Binary or memory string: OriginalFileName vs ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Static PE information: Number of sections : 11 > 10 |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
|
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288 |
|
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288 |
Jump to behavior |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Mutant created: \Sessions\1\BaseNamedObjects\84B228BD6AA820A3E3698FA255C96490A5 |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Mutant created: \Sessions\1\BaseNamedObjects\HookApi:{7DDF4ADB-4A01-4F4B-83AA-8D91C21E99D2}:3332:Lock |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
String found in binary or memory: NATS-SEFI-ADD |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
String found in binary or memory: NATS-DANO-ADD |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
String found in binary or memory: JIS_C6229-1984-b-add |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
String found in binary or memory: jp-ocr-b-add |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
String found in binary or memory: JIS_C6229-1984-hand-add |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
String found in binary or memory: jp-ocr-hand-add |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
String found in binary or memory: ISO_6937-2-add |
Source: classification engine |
Classification label: clean4.winEXE@3/0@0/0 |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL |
Jump to behavior |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Window found: window name: TEdit |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Static file information: File size 331854848 > 1048576 |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x783c00 |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x13426e00 |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Static PE information: More than 200 imports for user32.dll |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Static PE information: section name: .didata |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Window / User API: threadDelayed 916 |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Last function: Thread delayed |
Source: C:\Windows\splwow64.exe |
Last function: Thread delayed |
Source: C:\Windows\splwow64.exe |
Thread delayed: delay time: 120000 |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Thread delayed: delay time: 120000 |
Jump to behavior |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe, 00000000.00000002.600992012.0000000015EF7000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: GetProgmanWindow |
Source: ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe, 00000000.00000002.600992012.0000000015EF7000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: SetProgmanWindow |
Source: C:\Users\user\Desktop\ArchivoAdju_ntoSSAZLMAUEVNYQBKcmiizVFSGC.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |