| Source: WinSockClientVault.dll |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Source: |
Binary string: G:\DEV\U4_Git\PAM_U4_Base\ArconPAMNextGen\ARCON_ASM\WinSockClientVault\obj\Release\WinSockClientVault.pdb source: WinSockClientVault.dll |
| Source: |
Binary string: G:\DEV\U4_Git\PAM_U4_Base\ArconPAMNextGen\ARCON_ASM\WinSockClientVault\obj\Release\WinSockClientVault.pdbl< source: WinSockClientVault.dll |
| Source: WinSockClientVault.dll |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| Source: C:\Windows\System32\loaddll32.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
| Source: WinSockClientVault.dll |
Static file information: TRID: Win32 Dynamic Link Library (generic) Net Framework (1011504/3) 50.14% |
| Source: classification engine |
Classification label: clean1.winDLL@6/0@0/0 |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WinSockClientVault.dll",#1 |
| Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\WinSockClientVault.dll" |
|
| Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
| Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\WinSockClientVault.dll",#1 |
|
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WinSockClientVault.dll",#1 |
|
| Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\WinSockClientVault.dll",#1 |
Jump to behavior |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WinSockClientVault.dll",#1 |
Jump to behavior |
| Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6088:120:WilError_01 |
| Source: WinSockClientVault.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
| Source: WinSockClientVault.dll |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Source: WinSockClientVault.dll |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
| Source: |
Binary string: G:\DEV\U4_Git\PAM_U4_Base\ArconPAMNextGen\ARCON_ASM\WinSockClientVault\obj\Release\WinSockClientVault.pdb source: WinSockClientVault.dll |
| Source: |
Binary string: G:\DEV\U4_Git\PAM_U4_Base\ArconPAMNextGen\ARCON_ASM\WinSockClientVault\obj\Release\WinSockClientVault.pdbl< source: WinSockClientVault.dll |
| Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
| Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
| Source: C:\Windows\System32\loaddll32.exe |
Thread delayed: delay time: 120000 |
Jump to behavior |
| Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WinSockClientVault.dll",#1 |
Jump to behavior |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet