Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
ReversingLabs: Detection: 41% |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Virustotal: Detection: 34% |
Perma Link |
Source: 3.2.zjlxnt.exe.4800000.4.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 3.2.zjlxnt.exe.400000.0.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 3.2.zjlxnt.exe.417058.1.unpack |
Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Host": "us2.smtp.mailhostbox.com", "Username": "log3@forrwel.net", "Password": "HNnNLPY3 "} |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Unpacked PE file: 3.2.zjlxnt.exe.400000.0.unpack |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Unpacked PE file: 3.2.zjlxnt.exe.4800000.4.unpack |
Source: file.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: file.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: wntdll.pdbUGP source: zjlxnt.exe, 00000001.00000003.312180098.000000001A280000.00000004.00001000.00020000.00000000.sdmp, zjlxnt.exe, 00000001.00000003.313487812.000000001A0F0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdb source: zjlxnt.exe, 00000001.00000003.312180098.000000001A280000.00000004.00001000.00020000.00000000.sdmp, zjlxnt.exe, 00000001.00000003.313487812.000000001A0F0000.00000004.00001000.00020000.00000000.sdmp |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_00405D74 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0040699E FindFirstFileW,FindClose, |
0_2_0040699E |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0040290B FindFirstFileW, |
0_2_0040290B |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 1_2_004089F8 FindFirstFileExW, |
1_2_004089F8 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_00406715 FindFirstFileExW, |
3_2_00406715 |
Source: zjlxnt.exe, 00000003.00000002.575938781.00000000023E9000.00000004.00000800.00020000.00000000.sdmp, zjlxnt.exe, 00000003.00000002.577003560.0000000005458000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: zjlxnt.exe, 00000003.00000002.575938781.00000000023E9000.00000004.00000800.00020000.00000000.sdmp, zjlxnt.exe, 00000003.00000002.577003560.0000000005458000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: zjlxnt.exe, 00000003.00000002.577003560.0000000005458000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.usertru |
Source: zjlxnt.exe, 00000003.00000002.575938781.00000000023E9000.00000004.00000800.00020000.00000000.sdmp, zjlxnt.exe, 00000003.00000002.577003560.0000000005458000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0# |
Source: zjlxnt.exe, 00000003.00000002.577003560.0000000005458000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crt.sectigo? |
Source: file.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: zjlxnt.exe, 00000003.00000002.575938781.00000000023E9000.00000004.00000800.00020000.00000000.sdmp, zjlxnt.exe, 00000003.00000002.577003560.0000000005458000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: zjlxnt.exe, 00000003.00000002.575938781.00000000023E9000.00000004.00000800.00020000.00000000.sdmp, zjlxnt.exe, 00000003.00000002.577003560.0000000005458000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.sectigo.com0A |
Source: zjlxnt.exe, 00000003.00000002.575938781.00000000023E9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://us2.smtp.mailhostbox.com |
Source: zjlxnt.exe, 00000003.00000002.575938781.00000000023E9000.00000004.00000800.00020000.00000000.sdmp, zjlxnt.exe, 00000003.00000002.577003560.0000000005458000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_00405809 |
Source: file.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403640 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00406D5F |
0_2_00406D5F |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 1_2_00410371 |
1_2_00410371 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_0040CBD1 |
3_2_0040CBD1 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_02177238 |
3_2_02177238 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_0217C2D0 |
3_2_0217C2D0 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_02177E50 |
3_2_02177E50 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_021702C2 |
3_2_021702C2 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_02177580 |
3_2_02177580 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_0521AA2B |
3_2_0521AA2B |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: String function: 004019C0 appears 42 times |
|
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: String function: 00401EE0 appears 33 times |
|
Source: file.exe |
ReversingLabs: Detection: 48% |
Source: file.exe |
Virustotal: Detection: 47% |
Source: file.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: unknown |
Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe |
|
Source: C:\Users\user\Desktop\file.exe |
Process created: C:\Users\user\AppData\Local\Temp\zjlxnt.exe "C:\Users\user\AppData\Local\Temp\zjlxnt.exe" C:\Users\user\AppData\Local\Temp\anaictjg.cte |
|
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process created: C:\Users\user\AppData\Local\Temp\zjlxnt.exe C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
|
Source: C:\Users\user\Desktop\file.exe |
Process created: C:\Users\user\AppData\Local\Temp\zjlxnt.exe "C:\Users\user\AppData\Local\Temp\zjlxnt.exe" C:\Users\user\AppData\Local\Temp\anaictjg.cte |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process created: C:\Users\user\AppData\Local\Temp\zjlxnt.exe C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403640 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: classification engine |
Classification label: mal100.troj.spyw.evad.winEXE@6/4@1/1 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, |
0_2_00404AB5 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4496:120:WilError_01 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_0040147B GetModuleHandleW,GetModuleHandleW,FindResourceW,GetModuleHandleW,LoadResource,LockResource,GetModuleHandleW,SizeofResource,FreeResource,ExitProcess, |
3_2_0040147B |
Source: file.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: wntdll.pdbUGP source: zjlxnt.exe, 00000001.00000003.312180098.000000001A280000.00000004.00001000.00020000.00000000.sdmp, zjlxnt.exe, 00000001.00000003.313487812.000000001A0F0000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdb source: zjlxnt.exe, 00000001.00000003.312180098.000000001A280000.00000004.00001000.00020000.00000000.sdmp, zjlxnt.exe, 00000001.00000003.313487812.000000001A0F0000.00000004.00001000.00020000.00000000.sdmp |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Unpacked PE file: 3.2.zjlxnt.exe.400000.0.unpack |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Unpacked PE file: 3.2.zjlxnt.exe.400000.0.unpack .text:ER;.rdata:R;.data:W; vs .text:ER;.rdata:R;.data:W;.rsrc:R; |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Unpacked PE file: 3.2.zjlxnt.exe.4800000.4.unpack |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 1_2_00410AA4 push ecx; ret |
1_2_00410AB7 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_0040D2E1 push ecx; ret |
3_2_0040D2F4 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_02171B70 push eax; iretd |
3_2_02171B79 |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 752 |
Thread sleep count: 6545 > 30 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -15679732462653109s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -100000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -99888s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -99781s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -99671s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -99562s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -99452s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -99343s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -99234s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -99123s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -99013s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -98906s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -98796s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -98687s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -98578s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -98466s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -98358s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -98250s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -98136s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -98006s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -97844s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -97723s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -97594s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -97485s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -97344s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -97204s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -97056s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -96952s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -96843s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -96735s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -96625s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe TID: 5644 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, |
0_2_00405D74 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0040699E FindFirstFileW,FindClose, |
0_2_0040699E |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0040290B FindFirstFileW, |
0_2_0040290B |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 1_2_004089F8 FindFirstFileExW, |
1_2_004089F8 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_00406715 FindFirstFileExW, |
3_2_00406715 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 100000 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 99888 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 99781 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 99671 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 99562 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 99452 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 99343 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 99234 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 99123 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 99013 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 98906 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 98796 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 98687 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 98578 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 98466 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 98358 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 98250 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 98136 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 98006 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 97844 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 97723 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 97594 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 97485 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 97344 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 97204 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 97056 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 96952 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 96843 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 96735 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 96625 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 1_2_0040636B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
1_2_0040636B |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 1_2_004018F8 SetUnhandledExceptionFilter, |
1_2_004018F8 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 1_2_0040636B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
1_2_0040636B |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 1_2_00401BF3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
1_2_00401BF3 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 1_2_00401796 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
1_2_00401796 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_00401E16 SetUnhandledExceptionFilter, |
3_2_00401E16 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_00401C83 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
3_2_00401C83 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_004060A4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
3_2_004060A4 |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 3_2_00401F2A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
3_2_00401F2A |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Code function: 1_2_0040167D GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
1_2_0040167D |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_00403640 |
Source: Yara match |
File source: 00000003.00000002.575938781.0000000002391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: zjlxnt.exe PID: 6076, type: MEMORYSTR |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\zjlxnt.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini |
Jump to behavior |
Source: Yara match |
File source: 00000003.00000002.575938781.0000000002391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: zjlxnt.exe PID: 6076, type: MEMORYSTR |
Source: Yara match |
File source: 00000003.00000002.575938781.0000000002391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: zjlxnt.exe PID: 6076, type: MEMORYSTR |