Windows Analysis Report
IdeaShare Key.exe

Overview

General Information

Sample Name: IdeaShare Key.exe
Analysis ID: 876178
MD5: e6d42ac433331124c62460cfcced76a1
SHA1: ea9fc583c7bd2054a8d51e61d6b1cbeee800d344
SHA256: 5faa9cd735d499eb4fbcb08a252d53020629a7418c9b6c30b00c5d2d7cc7fe25
Infos:

Detection

Score: 9
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Compliance

Score: 16
Range: 0 - 100

Signatures

Creates a DirectInput object (often for capturing keystrokes)
EXE planting / hijacking vulnerabilities found
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to dynamically determine API calls
Found large amount of non-executed APIs
Contains functionality to query network adapater information
Contains functionality for read data from the clipboard

Classification

Source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY-----
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\IdeaShare Key.exe EXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Jump to behavior
DLL planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: WINMM.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: WTSAPI32.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: VERSION.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: NETAPI32.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: WININET.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: USERENV.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: MPR.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: IPHLPAPI.DLL Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: d3d11.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: MSVCP140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: SHFOLDER.DLL Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: d3d10warp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: WINMMBASE.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: NETUTILS.DLL Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: SRVCLI.DLL Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: WindowsCodecs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: DNSAPI.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: UxTheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: VCRUNTIME140.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dll Jump to behavior

Compliance
barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\IdeaShare Key.exe EXE: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Jump to behavior
Uses 32bit PE files
Source: IdeaShare Key.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: WINMM.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: WTSAPI32.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: VERSION.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: NETAPI32.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: WININET.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: USERENV.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: MPR.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: IPHLPAPI.DLL Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: d3d11.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: MSVCP140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: SHFOLDER.DLL Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: d3d10warp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: WINMMBASE.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: NETUTILS.DLL Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: SRVCLI.DLL Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: WindowsCodecs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: DNSAPI.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: UxTheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe DLL: VCRUNTIME140.dll Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe DLL: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dll Jump to behavior
Source: IdeaShare Key.exe Static PE information: certificate valid
Source: Binary string: D:\code\IdeaShareWindowsApp\2021-9-16\AirPresence\desktop\Windows\IdeaShareKeyForm\IdeaShareKey\bin\Release\IdeaShareKey.pdb source: IdeaShare Key.exe, 00000000.00000003.350799274.0000000002941000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000000.358493347.00000000011DD000.00000002.00000001.01000000.00000005.sdmp, IdeaShareKeyForm.exe.0.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.362084835.000000006C191000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbQ source: IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.362084835.000000006C191000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\code\IdeaShareWindowsApp\2021-9-16\AirPresence\desktop\Windows\IdeaShareKeyForm\IdeaShareKey\bin\Release\IdeaShareKey.pdb,,& source: IdeaShare Key.exe, 00000000.00000003.350799274.0000000002941000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000000.358493347.00000000011DD000.00000002.00000001.01000000.00000005.sdmp, IdeaShareKeyForm.exe.0.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.363086921.000000006C5E4000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\IdeaShareRelease\IdeaShare\third-party\qtsingleapplication\release\QtSingleApp.pdb source: IdeaShare Key.exe, 00000000.00000003.357958578.0000000002924000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.365942375.000000006CCA6000.00000002.00000001.01000000.00000006.sdmp, QtSingleApp.dll.0.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.365228156.000000006CAF4000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361417174.000000006B847000.00000002.00000001.01000000.0000000B.sdmp, qwindows.dll.0.dr
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_004062F9 FindFirstFileW,FindClose, 0_2_004062F9
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_00402E3C FindFirstFileW, 0_2_00402E3C
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_00406CAF DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, 0_2_00406CAF
Source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: d04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)
Source: IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: k04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)
Source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: http://bugreports.qt.io/
Source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: http://bugreports.qt.io/_q_receiveReplyMicrosoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogi
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.dr String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.dr String found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.dr String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: IdeaShare Key.exe String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.dr String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.dr String found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.dr String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.dr String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.dr String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.dr String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.363086921.000000006C5E4000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.363086921.000000006C5E4000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: http://www.color.org)
Source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: http://www.phreedom.org/md5)
Source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmp String found in binary or memory: http://www.phreedom.org/md5)08:27
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShare Key.exe, 00000000.00000002.358893585.0000000000420000.00000004.00000001.01000000.00000003.sdmp, IdeaShare Key.exe, 00000000.00000003.350799274.0000000002970000.00000004.00000020.00020000.00000000.sdmp, qwindows.dll.0.dr, IdeaShareKeyForm.exe.0.dr String found in binary or memory: https://www.globalsign.com/repository/0
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_00407277 InternetConnectA,HttpOpenRequestA,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle, 0_2_00407277
Creates a DirectInput object (often for capturing keystrokes)
Source: IdeaShare Key.exe, 00000000.00000002.359007472.000000000083A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Contains functionality to retrieve information about pressed keystrokes
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_004044E9 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 0_2_004044E9
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_004050FE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_004050FE
Uses 32bit PE files
Source: IdeaShare Key.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Sample file is different than original file name gathered from version info
Source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameQt5Widgets.dll( vs IdeaShare Key.exe
Source: IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameQt5Gui.dll( vs IdeaShare Key.exe
Source: IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameQt5Core.dll( vs IdeaShare Key.exe
Source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameQt5Network.dll( vs IdeaShare Key.exe
Source: IdeaShare Key.exe, 00000000.00000003.350799274.0000000002935000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: //VALUE "OriginalFilename", "IdeaShareKeyForm.exe" vs IdeaShare Key.exe
Source: IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqwindows.dll( vs IdeaShare Key.exe
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_004038A8 EntryPoint,GetTickCount,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,GetTickCount,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx, 0_2_004038A8
Detected potential crypto function
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_00407E74 0_2_00407E74
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_00406EE6 0_2_00406EE6
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_004049B5 0_2_004049B5
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: String function: 004062C7 appears 57 times
Source: C:\Users\user\Desktop\IdeaShare Key.exe File read: C:\Users\user\Desktop\IdeaShare Key.exe Jump to behavior
Source: IdeaShare Key.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\IdeaShare Key.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\IdeaShare Key.exe C:\Users\user\Desktop\IdeaShare Key.exe
Source: C:\Users\user\Desktop\IdeaShare Key.exe Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe
Source: C:\Users\user\Desktop\IdeaShare Key.exe Process created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Mutant created: \Sessions\1\BaseNamedObjects\QtLockedFile mutex c:/users/user/appdata/local/ideasharekey/qtsingleapp-ideash-193a-1-lockfile
Source: C:\Users\user\Desktop\IdeaShare Key.exe File created: C:\Users\user\AppData\Local\IdeaShareKey Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe File created: C:\Users\user\AppData\Local\Temp\nsk3518.tmp Jump to behavior
Source: classification engine Classification label: clean9.winEXE@3/8@0/0
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_0040250B CoCreateInstance, 0_2_0040250B
Source: C:\Users\user\Desktop\IdeaShare Key.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_004044E9 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 0_2_004044E9
Source: IdeaShare Key.exe Static file information: File size 6338072 > 1048576
Source: IdeaShare Key.exe Static PE information: certificate valid
Source: Binary string: D:\code\IdeaShareWindowsApp\2021-9-16\AirPresence\desktop\Windows\IdeaShareKeyForm\IdeaShareKey\bin\Release\IdeaShareKey.pdb source: IdeaShare Key.exe, 00000000.00000003.350799274.0000000002941000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000000.358493347.00000000011DD000.00000002.00000001.01000000.00000005.sdmp, IdeaShareKeyForm.exe.0.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.362084835.000000006C191000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbQ source: IdeaShare Key.exe, 00000000.00000003.352289765.000000000370F000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.362084835.000000006C191000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\code\IdeaShareWindowsApp\2021-9-16\AirPresence\desktop\Windows\IdeaShareKeyForm\IdeaShareKey\bin\Release\IdeaShareKey.pdb,,& source: IdeaShare Key.exe, 00000000.00000003.350799274.0000000002941000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000000.358493347.00000000011DD000.00000002.00000001.01000000.00000005.sdmp, IdeaShareKeyForm.exe.0.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: IdeaShare Key.exe, 00000000.00000003.355179944.0000000002922000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361582478.000000006BCCE000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.363086921.000000006C5E4000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\IdeaShareRelease\IdeaShare\third-party\qtsingleapplication\release\QtSingleApp.pdb source: IdeaShare Key.exe, 00000000.00000003.357958578.0000000002924000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.365942375.000000006CCA6000.00000002.00000001.01000000.00000006.sdmp, QtSingleApp.dll.0.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: IdeaShare Key.exe, 00000000.00000003.356718724.0000000002925000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.365228156.000000006CAF4000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: IdeaShare Key.exe, 00000000.00000002.359109194.0000000002929000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.361417174.000000006B847000.00000002.00000001.01000000.0000000B.sdmp, qwindows.dll.0.dr
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Code function: 1_2_011C100A push ecx; ret 1_2_011CBD99
PE file contains sections with non-standard names
Source: IdeaShareKeyForm.exe.0.dr Static PE information: section name: .00cfg
Source: qwindows.dll.0.dr Static PE information: section name: .qtmetad
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_00406320 GetModuleHandleA,LoadLibraryA,GetProcAddress, 0_2_00406320
Drops PE files
Source: C:\Users\user\Desktop\IdeaShare Key.exe File created: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShare Key.exe File created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dll Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShare Key.exe File created: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShare Key.exe File created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dll Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShare Key.exe File created: C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dll Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShare Key.exe File created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dll Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShare Key.exe File created: C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dll Jump to dropped file
Source: C:\Users\user\Desktop\IdeaShare Key.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe API coverage: 7.8 %
Contains functionality to query network adapater information
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: wsprintfA,lstrcatA,GetAdaptersInfo,GetAdaptersInfo,StrStrIA, 0_2_004076C5
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_004077D3 lstrcatA,GetSystemInfo,GlobalMemoryStatusEx,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,QueryPerformanceFrequency,wsprintfA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,wsprintfA, 0_2_004077D3
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_004062F9 FindFirstFileW,FindClose, 0_2_004062F9
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_00402E3C FindFirstFileW, 0_2_00402E3C
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_00406CAF DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, 0_2_00406CAF
Source: IdeaShare Key.exe Binary or memory string: %d,%d,%d,%d,%d,%dkernel32.dllGetProductInfovmware%u,%u,%uc:\%d,%d,%d,%u~MHzHARDWARE\DESCRIPTION\System\CentralProcessor\0\%u,%u,%u,%u,%s
Source: IdeaShare Key.exe Binary or memory string: vmware
Source: IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: .?AVQEmulationPaintEngine@@L
Source: IdeaShareKeyForm.exe, 00000001.00000002.363356725.000000006C7F5000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: cl.?AVQEmulationPaintEngine@@L
Source: IdeaShare Key.exe Binary or memory string: vmCih
Source: IdeaShare Key.exe, 00000000.00000003.354243430.0000000002921000.00000004.00000020.00020000.00000000.sdmp, IdeaShareKeyForm.exe, 00000001.00000002.363356725.000000006C7F5000.00000008.00000001.01000000.00000008.sdmp Binary or memory string: .?AVQEmulationPaintEngine@@
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Code function: 1_2_011CBAD4 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_011CBAD4
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_00406320 GetModuleHandleA,LoadLibraryA,GetProcAddress, 0_2_00406320
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Code function: 1_2_011CB2B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 1_2_011CB2B7
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Code function: 1_2_011CBAD4 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_011CBAD4
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Code function: 1_2_011C1415 SetUnhandledExceptionFilter, 1_2_011C1415
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Queries volume information: C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll VolumeInformation Jump to behavior
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Code function: 1_2_011CB8C5 cpuid 1_2_011CB8C5
Source: C:\Users\user\Desktop\IdeaShare Key.exe Code function: 0_2_00406820 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW, 0_2_00406820
Source: C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKeyForm.exe Code function: 1_2_011CBE0B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 1_2_011CBE0B
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 876178 Sample: IdeaShare Key.exe Startdate: 26/05/2023 Architecture: WINDOWS Score: 9 5 IdeaShare Key.exe 19 2->5         started        file3 10 C:\Users\user\AppData\Local\...\qwindows.dll, PE32 5->10 dropped 12 C:\Users\user\AppData\...\QtSingleApp.dll, PE32 5->12 dropped 14 C:\Users\user\AppData\...\Qt5Widgets.dll, PE32 5->14 dropped 16 4 other files (none is malicious) 5->16 dropped 8 IdeaShareKeyForm.exe 1 5->8         started        process4
No contacted IP infos